California Democrat Hans Keirstead says he was aggressively targeted by cyberattacks that sought to obtain information and money during his bid to unseat GOP Rep. Dana Rohrabacher and that the FBI is investigating the hacks.
"There was a very sophisticated and very highly coordinated attack on both my campaign digital services, but also my company," Keirstead, the executive of a biomedical research firm, told NBC News on Thursday. "They went for the duration of my campaign, and both of them stopped when I lost the primary."
Rohrabacher, a strong supporter of President Donald Trump who is known as a staunch defender of Moscow's interests, was warned by the FBI in 2012 that Russian spies were seeking to recruit him.
"They call me Putin's best friend. I'm not Putin's best friend," Rohrabacher told ABC News in 2017. "I'm a patriotic American who knows that it would be really good for America to cooperate with Russia. I could care less whether it's good for Russia."
Keirstead said he hired two cybersecurity firms — one for his campaign and one for his company — but neither could identify the source of the hack. The FBI has an open investigation, Keirstead said, but have not offered him any "firm conclusions."
The FBI declined to comment.
Keirstead said he believes it could be Russian intelligence agencies because of their efforts to influence the 2016 campaign and the fact that the hacks ended when he lost the primary in June.
"People deserve to know that hacking into politics is not over. It didn't end in 2016 with Trump and Clinton. It's very active; it's a very robust operation that’s happening now."
The cyberattacks and FBI investigation were first reported by Rolling Stone.
Keirstead came in third in California's nonpartisan top-two "jungle" primary, losing by just 125 votes to another Democrat, Harley Rouda. Keirstead said he does not believe the hack affected the outcome of the race, and he endorsed Rouda.
The hack comes as U.S. intelligence agencies warn of the growing and serious threat cyberattacks, particularly from Russia, post to the U.S.
The hacks on Keirstead's campaign and company began in August 2017 with a spear-phishing attack on his email. Spear-phishing attacks are a common technique in which hackers send fake email to try to trick recipients into allowing access to email.
Keirstead said he changed his passwords promptly; the hacks later advanced to brute-force attacks on his campaign website, and eventually other attacks where hackers impersonated him and sought to obtain money and passwords from his staff.
"It really does look real. It doesn't say something from Russia dot com," he said. "It really does look like Hans from Hans for California."
In one instance, an email that purported to be from the candidate asked an assistant to transfer hundreds of thousands of dollars to another account. It was so convincing, Keirstead said, that his assistant called the bank, but was unable to complete the transfer without Keirstead.
Robert Johnston, the expert who first investigated the 2016 election hack on the Democratic National Committee and now the CEO of Adlumin, a cybersecurity firm, has not reviewed Keirstead's hack, but told NBC News that the spear-phishing and brute-force attacks follow a pattern used by Russian military intelligence. The efforts to steal money, however, are more commonly seen in criminal attacks.
"I'd say it's more likely Russian activity, just because of the other events that are around it, but I don’t have any of the forensic data so it’s impossible for me to tell," Johnston said.
Sophisticated criminals seeking financial gain would start with mimicry emails, not spear-phishing and brute-force attacks, Johnston said, and he noted that Sen. Claire McCaskill, D-Mo., was the victim of cyberattacks around the same time by Russian hackers.
Microsoft said they'd detected and helped block attempts to hack three congressional campaigns, too, declining to detail which ones. The president has downplayed Russian interference in his effort to discredit the special counsel’s investigation into ties between Russia and the Trump campaign.