What are the strategies the anonymous hacktivists may use to try to engineer a Trump takedown?

Countdown to April 1st. That’s the day a video claims Anonymous hackers will launch a new offensive on Donald Trump.

“This is not a warning,” a man in a mask says, his voice altered. “This is declaration of total war.”

Will the new #OpTrump actually happen? There is debate over the operation in social media, even among those who claim to adhere to Anonymous principles.

But if it does happen, cybersecurity experts say Anonymous will likely follow a few basic strategies.

One is spearfishing people close to the presidential candidate to try to get access to user names and passwords, said communications consultant Shannon Sistrunk.

“Anything that can help them gain access to any of his campaign staff as well,” Sistrunk told Archer News. 

“Anons will target his staff,” said Dave Lewis of Liquidmatrix Security Digest. “Primarily, they’d go after non-technical people. They’ll social engineer to get whatever information they can in addition to scanning any system they can find.”

“Dear Donald Trump”

The man in the Anonymous video addresses Trump directly.

“We have been watching you for a long time and what we see is deeply disturbing,” he says.

“Your inconsistent and hateful campaign has not only shocked the United States of America,” the video continues. “You have shocked the entire planet with your appalling actions and ideas. You say what your current audience wants to hear but in reality you don’t stand for anything except for your personal greed and power.”

One of the first calls to action in the video is to shut down Trump websites. The account posting the video says the focus is Trumpchicago.com on April 1st. A post on Ghostbin also lists others sites, including Donaldjtrump.com, and Trump support sites like Citizensfortrump.com.

Site down

Hackers may do a distributed denial of service attack, or DDoS, to temporarily shut down the sites, said Sistrunk, flooding the sites with fake traffic.

Anonymous shut down the Trump Tower website in December for about an hour with a denial of service attack, reported The Atlantic. An Anonymous video talked about Trump’s plan to keep Muslims out of the U.S.

“This policy is going to have a huge impact. This is what ISIS wants,” the video said, according to the article. “The more Muslims feel sad, the more ISIS feel that they can recruit them.” 

In January, a group called the New World Hackers temporarily shut down Trump’s official campaign website with DDoS attacks, reported the International Business Times.

Site defaced

Anonymous may take over Trump’s sites and deface them or change the message, said Sistrunk. That would also be temporary.

“Until his people can gain control back. They’d have to go through the site host to have the password changed,” said Sistrunk. “Because if they take it and change the password the staff won’t know the new one.”

A group of Anonymous hacktivists called Telecomix Canada took over the Trump.com site in August and posted a tribute to Daily Show host Jon Stewart, reported The Daily Dot. 

“Mr Stewart, we at @TelecomixCanada would like to take this opportunity to thank you for the many happy years of quality journalism and entertainment you and your team have undertaken at Comedy Central,” the tribute read, according to the article.

“We are writing you today via Mr Trump’s website because, seeming, [sic] the only way to get anyone to pay attention any more is to grease a Presidential candidate’s website,” it said.

The new #OpTrump could also go for social media accounts, said Andrew Mazurek, a Toronto-based cybersecurity professional.

“Imagine his twitter account hacked,” Mazurek posited.

Expose

The second call for action in the new #OpTrump video is to find and reveal Trump secrets.

“Research and expose what he doesn’t want the public to know,” the video says.

What might hackers target?

“Their target will be any correspondence that shows he’s not who he purports to be,” said Sistrunk. “Anything that will show he’s lying or manipulating the electorate.”

“His taxes/returns would be a good target since he won’t release them,” she added.

What could they show?

“Trump has yet to disclose his tax returns despite an increasing drumbeat for him to do so, and many have argued that he’s worth far, far less than he claims,” said buzz site UPROXX.

“Please remember, I am the ONLY candidate who is self-funding his campaign. Kasich, Rubio and Cruz are all bought and paid for by lobbyists!” tweeted Trump this week.

“That’s the last thing Trump wants out there, as a key part of his appeal is the idea that he doesn’t have to accept money from, and thus won’t find himself beholden to, GOP donors,” said UPROXX.

The site also suggested that a document dump from the lawsuit Trump is facing over Trump University might reveal some unsavory activity or information.

A hacker changed Trump’s voice mail greeting and obtained some of his voice mail messages, Gawker reported this month. 

No effect?

The video’s third call for action focuses on a wider cause.

“We need to you to dismantle his campaign and sabotage his brand,” the man with the mask says.

Trump has joked that he will get support no matter what he does.

“I could stand in the middle of Fifth Avenue and shoot somebody, and I wouldn’t lose any voters, OK?” Trump said at a rally in January, according to ABC News.

That may be one of Anonymous’ biggest challenges, said Sistrunk.

“I’m honestly not sure what, if anything, could harm his support right now,” she explained. “He’s been caught in lies, had schemes exposed. It’s hard to change the mind of a Trump supporter at this point.”

The website PolitiFact says Trump makes false statements significantly more often than the other presidential candidates, and awarded him PolitiFact’s 2015 Lie of the Year.

Politico reported that it reviewed almost five hours of Trump’s speeches, press conferences and rallies, and said that the candidate made untrue statements about once every five minutes.

“If they got something that really damaging or something showing him openly mocking his supporters or the presidency, or that he’s still a big liberal supporter and that he’s just running Republican to manipulate that voting block, maybe. That might hurt him,” Sistrunk said.

Hackers might turn to an area that could cause more damage, said Mazurek.

“How about his hotels and businesses? Hit the money supply,” he said.

Getting in

Determined hackers will be able to carry out some sort of attack, said Lewis.

“They’ll likely find a way in, as it wasn’t too long ago that the Trump hotel in Las Vegas was compromised,” he told Archer News.

Sources at multiple banks said there was a “pattern of fraudulent debit and credit card charges to accounts that had all been used at Trump hotels,” reported Krebs on Security in July.

Months later, the Trump Hotel Collection website provided information on the incident, saying that malware attacked computers hosting front desk and card payment terminals at Trump hotels for more than a year, stealing people’s card info. It affected Trump properties from Las Vegas to New York, from Toronto to Waikiki.

“We believe that the malware may have accessed payment card information in real-time as it was being inputted into our systems,” the site said.

The Trump Hotel Collection site said the company removed the malware, strengthened its systems, and offered people affected a year of fraud resolution and identity protection services.

“Seems that Trump security came up short, as they were dealt a small hand,” said Lewis.

Security

Neither Trump’s national campaign nor a public relations group for his hotels responded to Archer News’ requests for information for this story.

However, reports say Trump has at least some cybersecurity defenses in place.

The Trump campaign uses a content delivery network, or CDN, to protect its domain, according to Rene Paap with A10 Networks, according to Dark Reading.

The content delivery network can absorb a sudden surge in traffic, such as in a DDoS.

“For Anonymous to break through this is going to be difficult, as the CDN anticipates DDoS attacks,” said Paap in the article.

Will the “war” succeed?

There is popular support for both sides of this “war.”

“It’d be pretty amazing and awesome if #Anonymous somehow saved our entire country (and the world) from the possibility of Trump being Prez,” said one tweet.

“Oh thank god. This madman needs to be stopped. #OpTrump,” said another tweet.

“Word!!! Trump will thump #Anonymous like he did #LittleMarco,” wrote a Trump supporter.

“Criminals #Anonymous goes negative on #Trump2016 Time for some smart bombs up their ass,” tweeted another.

Anonymous

Some claim Anonymous has had success in previous operations, while others decry the outcomes as petty.

There is even disagreement among people who say they are part of the Anonymous movement.

“The ‘War on Trump’ video is the most cringeworthy video within Anonymous, and all for briefly taking down a website no one cares about?” said a tweet from the @YourAnonNews account.

“Cant speak 4 others but intention was bring attention to Fascism of #Trump and his infiltration of #Anonymous done,” wrote @AnonymousJobsUS.

A website linked to Anonymous explains that there is no central organization or leadership, but instead a movement of people with similar ideas.

“The one thing we all have in common is that we’re pissed-off with the current state of our nations and the world,” the site says.

And so the countdown to April Fool’s Day is on, for both sides of the war—and for observers—to see what Anonymous means when it says #ExpectUs.