A Santa Monica man was arrested Friday for allegedly hacking the website of a challenger to eventual Rep. Katie Hill in the months leading up to the 2018 congressional primary.
Arthur Jan Dam, 32, whose wife, Kelsey O’Hara, worked as a fundraiser for Hill, is accused of coordinating cyberattacks against Democratic challenger Bryan Caforio.
Dam was charged Wednesday with one federal count of intentionally damaging and attempting to damage a protected computer, according to the U.S. Attorney’s Office. At his initial court appearance Friday, a judge granted a $25,000 bond and ordered Dam to return March 9 for arraignment.
Dam allegedly staged four cyberattacks in April and May of 2018 that took down Caforio’s campaign website for 21 hours. Prosecutors did not name the candidate, but Caforio confirmed to KNX Newsradio that his campaign was the target of the attacks.
“I’m absolutely shocked and saddened to learn today that Katie Hill’s campaign associates hacked my campaign in order to help her advance through the primary,” Caforio told KNX. “This should serve as a somber reminder that Russia is not the only threat to our democracy. There are bad actors on all sides who will do anything for their own personal gain, and we need to come together as Americans to defend our country and hold everyone responsible accountable.”
According to an affidavit filed in Los Angeles federal court, the then-candidate “reported suffering losses, including website downtime, a reduction in campaign donations and time spent by campaign staff and others conducting critical incident response.”
Caforio further reported spending $27,000 to $30,000 to respond to the attacks, and believes the attacks contributed to his loss in the primary election in June 2018.
The FBI has not uncovered any evidence that Hill or Dam’s wife orchestrated or were involved in the series of cyberattacks, federal prosecutors said. Hill won the general election in the 25th District. She later resigned after the online publication of explicit photos and allegations that she had an inappropriate relationship with a staff member.
Dam surrendered to FBI agents at the U.S. Courthouse in downtown Los Angeles. If convicted of intentionally damaging and attempting to damage a protected computer, Dam would face up to 10 years in federal prison.
“Law enforcement at all levels has pledged to ensure the integrity of every election,” said U.S. Attorney Nick Hanna. “We will not tolerate interference with computer systems associated with candidates or voting. Cases like this demonstrate our commitment to preserving our democratic system.”
The investigation found that the cyberattacks all originated from one Amazon Web Services account, which Dam controlled, and the four attacks corresponded to logins into that AWS account from either Dam’s home or his workplace. Furthermore, Dam had conducted “extensive research” on the candidate and cyberattacks, the complaint alleges.
The arrest “shows the FBI’s commitment to hold accountable anyone who interferes with an American’s right to vote or who deprives a candidate the right to compete fairly in an election,” said Paul Delacourt, the assistant director in charge of the FBI’s Los Angeles Field Office.
“As part of our mission to defend the democratic process, the FBI is equipped with the expertise to respond to allegations of election interference; whether by fraud, intimidation or — as in this case — cyber intrusions,” he said.
Distributed denial-of-service (DDoS) attacks are typically accomplished by flooding the targeted computer with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. After the third cyberattack, the victim increased cybersecurity measures and retained a website security company, but that was not enough to prevent a final disruption to the campaign’s website just one week before the primary election, authorities said.