NextGen Climate, a group out to raise awareness on climate change issues during the 2016 election, noticed issues with their automated calling program Monday. When the team started working in the morning, they noticed the program used to monitor voter calls was cut out for hours in the afternoon.
“It was slower in the morning, and then went down for hours at a time,” NextGen’s Suzanne Henkels said, according to The Verge. The tool continued to suffer from intermittent downtime throughout the rest of the day. Though the campaign was able to make some calls throughout the weekend, it was able to reach remaining voters by texting. The attack caused a big headache before the eve of Election Day.
The distribution was caused because of a DDoS Attack, which used the same Mirari bonnet vulnerability that shut down part of the internet a few weeks ago. “I am a tech specialist who currently has access to a slightly weakened version of the Mirari bonnet,” a 4chan user who goes by “Sparky” wrote on the site’s board. He also said he took out Clinton’s phone lines in Nevada.
“List targets here that if taken out could harm Clinton’s chances of winning and I will pounce on them like a wild animal,” the post said. “Not sleeping until after this election is over.”
The election day DDoS attack wasn’t focused on NextGen specifically. According to the Verge the Utah call center provider TCN, which is used by groups like MoveOn for automated calling, has around 2000 clients.
Late Tuesday afternoon TCN confirmed to The Verge the outage was "fairly sophisticated in nature," and "the primary impacts were a slow site and few brief periods of unavailability."
The call center isn’t the only victim of the Mirari botnet DDoS attack - Clinton and Trump’s sites were hit with attacks Tuesday morning.
The security firm Flashpoint reported multiple Mirari-powered attacks against both sites, which weren’t strong enough to take the sites offline. The Mirai botnet has been “fractured into smaller, competing bonnets,” which makes it difficult to repeat attacks like the one we saw back in October, according to the firm.