Honda’s past campaign suspected Khanna was phishing their emails

Rep. Mike Honda and Ro Khanna will face each
other in a rematch this November.

CONGRESS | 17TH DISTRICT |
ELECTION 2016 |
Rep. Mike Honda’s previous congressional campaign believed Ro Khanna may have been trying to gain access to their emails, according to a 2013 campaign memo. The technique, called “spear phishing,” is often used to dupe users into handing over access to their email accounts.

Featuring the subject line, “Phishing E-Mails from Ro Khanna,” then-Honda political director Lamar Heystek suspected he and his staff were being spear phished by Khanna’s personal email. The mass email, sent Jan. 31, 2013, also suggested campaign staffers follow his lead and change their passwords. A screenshot of the suspected email list shows Khanna’s personal email and asks whether or not Khanna is their friend. The email then asks users to click yes or no.

Honda’s campaign, at the very least, suspected Khanna was
phishing their emails, according to this January 2013 memo.

The query is a hallmark of spear phishing that often attempts to put targets at ease, for example, by using a name familiar to the person, in order to continue their interaction with the malware. If a user clicks either yes or no, the phishing site can then pursue their entire contacts list with similar bait.

The possibility or even the suspicion in 2013 that Khanna’s team was using unorthodox cyber techniques should receive renewed scrutiny following a lawsuit filed by Honda’s campaign Sept. 22 against Khanna and his campaign manager for, among other allegations, repeatedly accessing a Dropbox account that contained confidential donor information belonging to the Honda campaign. Honda campaign manager Michael Beckendorf called the alleged incident a “modern-day Watergate.”

The timeline is consistent with the lawsuit that alleges Brian Parvizshahi, Khanna’s campaign manager began accessing information from the account starting in early 2013. Parvizshahi first gained access while serving as a summer intern in 2012 for the fundraising consultant used by the Honda campaign. However, according to the lawsuit, the firm never revoked Parvizshahi’s password and it is alleged log-in information shows he periodically gained access to the account from February 2013 to June 2015. Parvizshahi resigned Sept. 22.

Khanna, following a town hall in Fremont just hours the Honda lawsuit was announced, denied his campaign engaged in so-called “spear-phishing” techniques during the 2014 congressional election cycle. Khanna, himself, could have unknowingly put his own email contacts at risk by interacting with a separate spear-phishing attempt, provided someone on the Honda campaign was on his list of contacts.

However, there could be another strange twist in this increasingly sordid congressional race. Khanna’s campaign chair Steve Spinner, one of the most influential bundlers in all of Democratic Party politics, unveiled with great fanfare a software program called RevUp, which essentially acts in a similar way to the spear-phishing model, asking users to allow their email contacts to be mined as potential future donors.

The program described in Bloomberg Businessweek earlier this year, aims to revolutionize the painstaking, much-disliked process candidates must go through for tracking down potential campaign contributors and asking for their donations. The main difference is that RevUp obtains access to email contacts in a transparent manner.

RevUp’s algorithm, however, is highly invasive and drills down into the potential donor’s personal history—using a host of public and private records—to discern with purported high accuracy whether they are likely donors. RevUp’s pitch is this: Less time is spent identifying contributors along with a higher success rate for extracting campaign donations. Khanna acknowledges his campaign currently uses RevUp.

Furthermore, the use of RevUp in tandem with Parvizshahi’s alleged access to confidential Honda fundraising data, if proven it indeed occurred, could shed new light on just how valuable those records may have become, allowing Khanna’s campaign a straight-line road map to possible donors.

Honda’s campaign, meanwhile, has been reticent in responding to questions about Heystek’s phishing email to staffers in 2013, along with Spinner’s potential involvement. One reason may be that Honda, long a loyal Democratic Party stalwart, doesn’t want to be viewed as criticizing a significant cash cow like Spinner, who has strong personal ties to President Obama and Hillary Clinton. Spinner’s influence is unrivaled after raising tens of millions of dollars for the national party over the years. For instance, a day before the Honda lawsuit was announced late last month, Spinner held a fundraiser at his Atherton home for Democratic vice presidential nominee Tim Kaine. costing participants up to $33,400 a person.

Advertisements