House District 32 Democratic candidate Ryan Morales said Friday morning his campaign website and a couple of other servers he runs were hacked overnight and early evidence suggests the hacker may have been from Russia.
Morales could only speculate why hackers, and potentially Russian hackers, might target a longshot Democratic candidate in an obscure Florida House District race. But the message he comes away with is that political hacking is going to new levels, local races.
Morales is taking on Republican state Rep. Anthony Sabatini in a district that covers much of Lake County. Republicans have an eight-point voter registration advantage and Democrats haven’t come even that close in more than a decade.
“We know there was supposed to be federal government funding for this very purpose, to stop this. Nothing has been done. The President hasn’t done anything about this. And it’s going to continue to happen,” Morales said. “I probably caught somebody’s attention, and they wanted to come down on me. But this won’t be the last.”
He contacted the FBI.
Just last week Morales was featured in a highly-read feature story about his candidacy.
Morales said he woke up Friday morning to numerous email, some warning him that it looked as if he was hacked, and some coming from odd locations, showing interest in his campaign. His official campaign website was down.
As he looked deeper he found someone had somehow authorized himself as administrator, “which is impossible, because my security doesn’t allow for that.”
The hacker used that power to make changes in the back-end coding, including blocking out Morales himself. When he checked further, he saw at least one other website he manages also was hacked.
Morales’ campaign website is hosted by WP Engine, which Morales said he selected because of its high-security capabilities and reputation. He said he uses the security WP Engine provides.
“I was very impressed they were able to get through. They were trying really hard,” Morales said.
He contacted WP Engine and the company’s security team is investigating the hack as a high priority, doing forensics on where it came from, seeking the hole in the security, and working on a patch, he said.
Morales said he also contacted the Florida Democratic Party for guidance.
“I’m actually here still cleaning up the mess,” he said.
The hacker who registered himself as administrator was traced to an email address of firstname.lastname@example.org, he said. Yandex is a Russia-based internet company, though its services are sold worldwide, so a hacker need not be Russian to use a Yandex account.
There also was a second entity who entered, and appeared to access his servers, Morales said.
“We actually caught him while he was doing what he did. I actually caught him while he was midway through doing something on one of my servers,” he said. “I guess they were targeting me, which is odd.”
Morales is confident none of his contributors’, team members’, or supporters’ personal data was accessed or compromised.
He said his site does not have any direct connections with the Florida Democratic Party or other entities that could have allowed hackers to use his site merely as a stepping-stone portal to breach someplace else.
However, as happened when Russian hackers got into the Democratic National Committee servers in 2016, such stepping-stone hacks can develop over time. The DNC was entered after Russian hackers first breached a restaurant across the street from the DNC headquarters, and then waited for DNC staffers to order lunch online.
“Thankfully, we back things up on a daily basis here so we were able to revert,” Morales said. “But you know, we don’t want to just revert. We want to make sure everything is clear, so there are no more holes.”