Cyber Attack Targets Digital Campaigns as Election Day Approaches

7 mins read

The ongoing attack has hindered — but not stopped — the efforts of digital activists on the left.

DemCast USA, a 501(c)4 non-profit activist organization highly focused on the 2020 election, has been the subject of persistent cyber-attacks by an unknown entity (or entities) for the last five weeks.

“We were expecting to be a cyber warfare target because of the nature of our work. But we didn’t expect this level of sophistication,” said DemCast’s Executive Director, Nick Knudsen.

The attacks began on September 24 and have been targeted at DemCast’s “social media blasts” — toolkits that help everyday social media users post strategic “pro-blue” messaging about Democratic candidates in swing states ahead of the 2020 election.

“Somebody out there knows the kind of digital impact we’re having and has invested some major resources in sabotaging our efforts,” said Knudsen. “Interestingly, DemCast doesn’t focus on the presidential election. The campaigns they’re attacking are all focused on down-ballot races in swing states. This suggests a shift — or at least a broadening — in cyber warfare strategy since 2016.”

The DDoS Attack

A DDoS or “Distributed Denial of Service” attack is meant to overwhelm an entity’s web servers with a constant barrage of access attempts. With so much fraudulent traffic, legitimate users can’t get in.

“If you think about our social toolkits as existing inside a big house, these attackers are effectively blocking people from entering. They do this by sending thousands of robots at a time through the front door. There is simply no room for legitimate users to pass through,” explained Knudsen.

The attacks have been responsive and specifically timed, occurring immediately after DemCast personnel publicly announce social media blasts on Twitter, which suggests that the attackers are closely watching the accounts of DemCast staff.

A “launch” tweet for the DemCast Pennsylvania campaign. The attack on September 24 started immediately after this tweet was sent.

DemCast’s social media campaigns are hosted by Speechifai, a company that specializes in this work. According to the DDoS incident report produced by Speechifai:

“The estimated number of malicious requests has been between 100,000 and 300,000 — from rotating IP addresses. Complexity-wise, these attacks are clearly not something an average attacker would be able to launch. The resources, knowledge and execution make it highly likely that this is the work of an organized, highly skilled group.”

Amazon Web Services DDoS security was insufficient to stave off the attacks. Even after Speechifai upgraded to Cloudflare security, the attackers adapted. From the incident report:

“We decided to switch to the Cloudflare DDoS protection system as an immediate safeguard against these malicious actions. The attacks on DemCast campaigns continued, progressively growing in scale. Cloudflare’s ‘Under Attack’ successfully safeguarded against the attacks by displaying a Javascript challenge for every single user.

“However, on September 26, the attackers found a breach in this protection too. The malicious requests were now initiated from headless browsers running on virtual machines, thereby bypassing the Javascript challenge.

“For the next few days, we iteratively worked to find the right solution to this new challenge. DemCast’s campaigns were almost constantly under attack. When we calibrated our response to successfully withstand the attacks, they changed strategy once again: Using a twitter crawler, they targeted every link they found under the domain.”

In the end, although the attackers were successful in disrupting DemCast’s social media toolkits over a period of two weeks, due to Speechifai’s efforts, the attacks (which continue to this day) are no longer hindering access to their platform.

Why DemCast?

Why are these sophisticated attackers going after DemCast USA, an organization founded in August of 2019 that has spent less than $250,000 during this election cycle?

DemCast leadership believes COVID-19 had something to do with it. During a pandemic, when in-person activism is largely off the table, DemCast offers a gateway to organic digital connectivity for activist groups, individuals and candidates.

“Activists aren’t knocking on doors this cycle because of COVID,” explains Knudsen. “What we’re facilitating is effectively digital door knocking — enabling everyday social media users to share information about candidates and voting with their friends, family and followers on social.”

According to Lori Coleman, DemCast’s Director of Digital Strategy, since DemCast’s launch, their volunteers and campaigns have “garnered over 35 billion social media impressions for pro-blue content — all through organic sharing. We’re new on the scene, but we’ve made an outsized impact.

DemCast has been very public about the success of their campaigns, possibly drawing interest from their attackers.

“It can cost you $7 to purchase 1,000 impressions on a major social platform if you’re paying for it. We’ve had 35,000,000,000 — a value of $245 million. We’ve spent less than $20,000 on paid social media promotion so far. This is all organic activity.

“It’s not a surprise they want to shut us down. There are a lot of people around the world with very deep pockets who care a great deal about the outcome of the 2020 US election,” said Coleman.

“Digital is still the ugly stepchild in activism and political circles,” Knudsen added. “It’s very difficult to get major donors to invest in these strategies.

“Ironically, our foes understand the value of what we’re doing even more than those on our side. That’s because the right wants to own the digital space, and we’re not letting them take it.”

NOTE: Press inquiries about this attack can be directed to

DemCast is an advocacy-based 501(c)4 nonprofit. We have made the decision to build a media site free of outside influence. There are no ads. We do not get paid for clicks. If you appreciate our content, please consider a small monthly donation.

Logan Bell is a freelance writer and activist from Texas. Following a career in education, Logan began writing independently about politics from his home in Austin. He has focused his reporting on elections, cyber security, and voting.

1 Comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Previous Story

Today's Hot Phonebank

Next Story


Latest from 2020

%d bloggers like this: