FBI Makes Arrest in DDoS Attack on Candidate's WebsiteCongressional Candidate Targeted in 2018, Authorities Say
The FBI has arrested a suspect who’s charged in connection with waging distributed denial-of-service attacks against the campaign website of an unsuccessful 2018 Democratic candidate for the U.S. House in California.
The FBI’s criminal complaint in the case claims that Arthur Jan Dam, who lives in California, conducted four DDoS attacks between April 20, 2018, and May 29, 2018, against the campaign website of an unnamed Democratic primary candidate for the U.S. House of Representatives in California who ultimately lost.
The candidate targeted is believed to be Bryan Caforio, who narrowly lost to former Rep. Katie Hill, D-Calif., in the 2018 Democratic primary election in California's 25th congressional district, according to news reports. Dam’s wife was Hill’s fundraiser during the campaign and later her district director, the news site The Hill reports.
Hill was elected to the House of Representatives in November 2018 but resigned from the post in November 2019 after the House ethics committee investigated her for allegedly having an inappropriate relationship with a congressional staffer.
The FBI arrested Dam on charges of "intentionally damaging and attempting to damage a protected computer." The cyberattacks caused the victim's website to be down for about 21 hours during the campaign, with one of the attacks taking place during a live political debate, according to the complaint.
As a result of the cybersecurity incident, the victim reported spending between $27,000 and $30,000 to restore systems and saw a reduction in campaign donations, according to the FBI.
AWS used for DDoS
The DDoS attacks originated from an Amazon Web Services account that was used by Dam, the complaint says. The FBI says it found that Dam had conducted "extensive research" on the victim as well as on various types of cyberattacks, including DDoS attacks and DNS amplification attacks.
Web-hosting service SiteGround, which hosted the victim's website, informed the campaign about observed DDoS activity, according to the complaint. SiteGround told the victim that the high levels of activity could be either due to a malicious DDoS attack or due to the "Slashdot effect," which is when a popular website links to a smaller site, hence directing large amounts of traffic to the smaller website.
In the May log file, the FBI found that 17 IP addresses had accessed or attempted to access the victim's website more than 10,000 times over the span of two hours, according to the FBI’s complaint.
The FBI investigated 61 of the IP addresses involved in the DDoS attack and found that they all were tied to AWS, the filing said, adding that AWS identified 46 of those IP addresses to a single account. Furthermore, the AWS account linked to the attacks was billed to "Arthur Dam" and the phone number linked to the account is tied to the company where Dam works, the FBI states.
With the 2020 U.S. presidential election fast approaching, federal agencies are on the lookout for any kind of interference in the election. Earlier this month, the FBI warned that attackers were trying to disrupt one state's voter registration website with a DDoS attack (see: FBI Reportedly Says DDoS Attack Targeted Voter Registration)