Arthur Jan Dam faces 10 years in federal prison
By Sam Catanzaro
A Santa Monica man has been arrested by the FBI for allegedly hacking former Rep. Katie Hill’s rival’s website to help her win the election.
On Friday, FBI agents arrested Santa Monica resident Arthur Jan Dam, 32, on federal charges stemming from a series of distributed denial-of-service – or DDoS – attacks on a website for a candidate who was campaigning for a California congressional seat.
Dam was taken into custody Friday morning pursuant to a criminal complaint filed that charges him with one count of intentionally damaging and attempting to damage a protected computer.
If convicted as charged, Dam faces 10 years in federal prison.
Federal authorities accuse Dam of coordinating four DDoS attacks against a candidate’s website. Buzzfeed News and other outlets have reported that the victim was Bryan Caforio, who was running against Katie Hill.
Dam allegedly staged four cyberattacks in April and May of 2018 that took down the candidate’s website for a total of 21 hours.
“The victim reported suffering losses, including website downtime, a reduction in campaign donations, and time spent by campaign staff and others conducting critical incident response,” according to the affidavit in support of the criminal complaint. The victim further reported spending $27,000 to $30,000 to respond to the attacks, and the candidate believes the attacks contributed to the loss in the primary election in June 2018.
One of the attacks, which took place on April 28, 2018, occurred just before the start of a live political debate featuring the victim and two opponents. The attack shut down the victim’s website for the duration of the debate.
The final attack on May 29 took place one week prior to the June, 5 election.
“Law enforcement at all levels has pledged to ensure the integrity of every election,” said United States Attorney Nick Hanna. “We will not tolerate interference with computer systems associated with candidates or voting. Cases like this demonstrate our commitment to preserving our democratic system.”
The investigation outlined in the affidavit found that the cyberattacks all originated from one Amazon Web Services (AWS) account, which Dam controlled, and the four attacks corresponded to logins into that AWS account from either Dam’s residence or his workplace. Furthermore, Dam had conducted “extensive research” on both the victim and cyberattacks, the complaint alleges.
DDoS attacks typically are accomplished by flooding the targeted computer with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. After the third cyberattack, the victim increased cybersecurity measures and retained a website security company, but that was not enough to prevent a final disruption to the campaign’s website just one week before the primary election.
Dam was married to a woman who was employed by another candidate – and the eventual winner – in the congressional race, according to the complaint. The FBI has not uncovered any evidence that the winning candidate or Dam’s wife orchestrated or were involved in the series of cyberattacks.