The revelation that Sen. Lindsey Graham’s phone was targeted by hackers has triggered fears of a potentially wider cyber campaign aimed at Congress.
After the South Carolina Republican disclosed receiving a message from an alleged hacker impersonating Democratic Majority Leader Sen. Charles E. Schumer, word spread that other lawmakers received similar messages.
The alleged hacking effort directed at Mr. Graham does not appear to have targeted a computer network on Capitol Hill, according to a Senate official.
“Like other parts of the government, the Senate is subject to cyber hacking attempts every day from a broad variety of malicious and sometimes highly sophisticated actors: criminals, hacktivists and nation-states,” the Senate official said. “That said, it is worth noting that this cyber hacking attempt was directed at a device not on the Senate network.”
Mr. Graham said last week his phone was in the hands of the FBI, and the senator’s spokeswoman Taylor Reidy said the Senate’s sergeant-at-arms was investigating. The FBI declined to answer questions.
While the attempted breach of the senator’s phone did not appear aimed at the Senate’s network, it is on the radar of cybersecurity officials tasked with protecting Congress.
The Senate’s Sergeant at Arms Office reportedly sent an advisory to Senate offices about the scamming scheme last week — before Mr. Graham publicly disclosed the hacking effort. Other senators received messages from tricksters in April posing as Mr. Schumer and White House officials, according to Politico.
Tailoring a hacking campaign to lawmakers’ personal devices may not be as difficult as it once was, as hackers may have lawmakers’ personal contact information.
House and Senate lawmakers learned last year that hackers may have gotten access to their personal data through a breach of DC Health Link, a Washington health insurance marketplace. A sample of the stolen data, reviewed by the Associated Press at the time, included phone numbers, emails, Social Security numbers and addresses.
A hacker claiming responsibility for the DC Health Link breach told CyberScoop that the hacker was motivated by “Russian patriotism” and focused on U.S. politicians.
Russian-aligned hackers are far from the only ones aiming at lawmakers. Last year, Rep. Don Bacon thanked the FBI for alerting him to China-linked cyberattackers targeting his personal and campaign emails.
The Nebraska Republican later told The Washington Times that he believed he was the only federal lawmaker hacked in that effort.
Investigators pursuing the new scheme aimed at Mr. Graham have not publicly identified suspects or the hackers’ motivation.
Mr. Graham’s late adoption of new technology may shrink the number of ways he is potentially vulnerable to cyberattackers, but it has not stopped his tech troubles.
In 2015, Mr. Graham told NBC he had never sent an email, as controversy swirled surrounding former Secretary of State Hillary Clinton’s use of a private email server. A few months later as he campaigned for the GOP presidential nomination, rival candidate Donald Trump read Mr. Graham’s phone number aloud during a speech and encouraged people to call the senator.
People called often, prompting Mr. Graham to reportedly hand his phone over to former Sen. Kelly Ayotte’s children, who took turns answering the calls.
Mr. Graham then made a video showing how to destroy a cellphone featuring him using a blender, a sword and lighting the phone on fire.
Rather than blenders, fire, and swords, however, cybersecurity professionals typically recommend multifactor authentication and keeping devices’ software updated as best practices for guarding against hackers.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.