Ransomware hits TV search engine popular among political campaigns

One of this year's first hacks to affect the 2020 US presidential election happened Thursday. TVEyes, a broadcast television search engine used by political campaigns to monitor opponents and track ads, said Friday it was hit with a ransomware attack.

In a tweet, TVEyes wrote that its core server and engineering workstations were targeted by a ransomware attack, causing an outage for the service. 

"We are rebuilding the system and expect to have TVEyes back online soon, but do not have an exact ETA," the company said in the tweet. "We appreciate your patience and will provide updates as they are available." 

TVEyes' CEO David Ives said Friday afternoon that it had just restored its servers using company backups, and that the attack didn't appear to be an attempt to steal data on political candidates.

"All the engineers have been working on this since early yesterday morning, and there's no evidence that data was downloaded," Ives said in an interview. "It appears it was purely an attack to make money." 

He didn't specify how much the ransom was for, or what type of ransomware it was.

Ransomware attacks happen when hackers install malware that encrypts files, essentially locking people out of their devices until they pay for the decryption key. These kinds of attacks have devastated cities throughout 2019, and they've hit businesses hard too. In a high-profile example, a ransomware attack in 2017 caused more than $300 million in damages for shipping giant Maersk. 

TVEyes is just one of the latest victims of ransomware, but the hack raises bigger concerns considering that many political campaigns -- from candidates running for president to local representatives -- are its customers. The service is also used by companies like Airbnb, Grubhub, JPMorgan Chase, as well as organizations like the Make-a-Wish Foundation and the United Nations.  

The 2020 US presidential election is less than 10 months away, and government officials, as well as campaigns, have been on high alert for cyberattacks. And most likely, every high-profile campaign running for president is using TVEyes.

"TVEyes has become an incredibly important tool for political campaigns, especially in this age when information is relayed and consumed in real time," said Dan Bayens, co-founder of political media buying and tracking firm Medium Buying. 

The heightened level of concern comes after Russian hackers interfered with the presidential election in 2016, infiltrating the Democratic National Committee's servers and running disinformation campaigns using the stolen materials. 

In 2018, White House officials warned that nation-state hackers would aim to disrupt the US elections again. The attack on TVEyes isn't a direct hack on any political campaign, but it does give hackers potential access to the company's customer data. 

"The most personal data that can be downloaded from the database is an email address," Ives said.

The company is a search engine tool for broadcast television, which campaign managers and press secretaries use for a handful of reasons. Beyond just monitoring when political ads are running, campaign managers can use it to get alerts on political opponents' ads and when they appear on television, as TVEyes explains in its marketing material for campaign managers.

Among TVEyes' political customers are presidential hopeful Joe Biden's campaign, as well as that of Sen. Brian Schatz, a Democrat from Hawaii, and the Democratic National Committee. 

"Beyond the tweets, we have not received any information from TVEyes about this," Schatz's spokesperson said.

Biden's campaign didn't respond to requests for comment. 

Outside of the data security concerns, the outage also affected campaigns' abilities to manage their operations, with several political staffers complaining about the downtime on Thursday and Friday.  

On Thursday, TVEyes was originally telling customers that the problem was a technical issue, but by Friday announced that it was affected by a hack. 

There's a concern that if hackers were able to get past TVEyes' cybersecurity defenses, it's possible that they would also have access to customer data, including email addresses belonging to politicians running for president and other offices. 

Ives said the company's engineers have not seen any evidence of the hackers downloading its data, and that it doesn't store sensitive information like credit card numbers and passwords.

Several ransomware operators have stolen data from their victims before encrypting files, according to Jake Williams, founder of the security firm Rendition Infosec. His firm has also seen ransomware often used as a distraction for a data theft attack. He noted that anything the hackers could encrypt for ransomware, they could also steal.

"Obviously, campaign data can be sold or used for political advantage," Williams said. "Unfortunately, we don't know enough specifics here to understand the threat group responsible."