After Fuse released its secret recording, a hacker with a Russian IP tried to break into its website

After Fuse released its secret recording, a hacker with a Russian IP tried to break into its website
Craig Winzer illustration
To be sure, this illustration may not accurately represent the precise identity of the hacker or hackers who attempted to break into the Fuse Washington site after the Rachel Maddow Show aired a secret audio recording during the Cathy McMorris Rodgers fundraiser.

What happened after liberal advocacy organization Fuse Washington sent an audio recording — secretly taken during a Cathy McMorris Rodgers fundraiser — to the Rachel Maddow Show?

Somebody repeatedly tried to break into Fuse's administrative site from a Russian IP address.

The Rachel Maddow Show episode aired the secret recording of Republican House Intelligence Committee Chair Devin Nunes speaking to McMorris Rodgers about the Trump-Russia investigation on the evening of Aug. 8. A few hours later, during the wee hours of the morning in Washington state, Fuse's website was hit with six different unsuccessful break-in attempts.

“Quite a coincidence that our first ever Russian intrusion attempt was within a few hours of the first time we did a Russia story,” Fuse spokesman Collin Jergens says.

The first intrusion attempt came at 2:44 am in Washington state, but just after noon in St. Petersburg, Russia. The intrusions stopped at about 10 am in Washington state and 8 pm in Russia.

"We have two-step authentication on our email," Jergens says. "Our technology folks were getting 4 am text messages saying 'someone is trying to reset your password.'"

If the would-be hackers had managed to successfully log in, they wouldn't have necessarily been able to access Fuse's internal emails to discover, say, who had secretly recorded the Devin Nunes speech. But they still could have done a ton of damage.

"They could go in and control the whole site," says Rumeal Lovell, Fuse’s technology manager. "Create articles. Delete articles. Change text. It would be pretty disastrous."

Initially, Fuse remained relatively quiet about the apparent hacking attempt.

"We were freaked out about it enough that we didn’t want to bring more attention to it,” Jergens says. "That week after the Maddow thing was pretty wild.”

click to enlarge After Fuse released its secret recording, a hacker with a Russian IP tried to break into its website (2)
Screenshot courtesy of Fuse Washington
A succession of login attempts from a Russian IP address. All times are GMT.

Jergens says Lovell even temporarily took down the page featuring Fuse staff and board members were to make it harder for individual staff members to be targeted.

To be absolutely clear: A break-in attempt originating from a Russian-based IP address doesn't necessarily mean the break-in attempt was Russian. It's not difficult for a competent hacker to, at least on the surface level, hide where they're from.

At times, Lovell says, there have been other login attempts from other IP addresses. Some are simply from random bots, combing the internet, looking for security holes.

But this was the first time a login attempt came from Russia. The login attempts emanated from IP addresses associated with the Petersburg Internet Network, an internet service provider (or ISP) on the banks of the Neva River in Russia.

Former Washington Post security reporter Brian Krebs says the Petersburg Internet Network has a "less-than-stellar reputation for online badness."

Doug Madory, director of internet analysis at Oracle Dyn, calls the ISP "perhaps the leading contender for being named the Mos Eisley of the internet," referencing the famously wretched hive of scum and villainy.

Mother Jones refers to them as a "service provider with a reputation for hosting nefarious actors."

In fact, as Mother Jones reported, when a hacker got access to the Trump Organization's domain's registration account in 2013, it created "shadow subdomains" hosted on the Petersburg Internet Network.

click to enlarge After Fuse released its secret recording, a hacker with a Russian IP tried to break into its website (3)
Google Maps
The headquarters of the Petersburg Internet Network, where the log-in attempts came from.

The hacking attempt of Fuse from a Russian IP is particularly ironic, considering that the Devin Nunes recording was about the Russian collusion investigation.

Nunes stressed the crucial role the House had in protecting Donald Trump from special counsel Robert Mueller.

"This puts us in such a tough spot. If [Attorney General Jeff] Sessions won’t unrecuse and Mueller won’t clear the president, we’re the only ones, which is really the danger,” Nunes said in the recording. “I mean, we have to keep all these seats. We have to keep the majority. If we do not keep the majority, all of this goes away."

Both on the recording and publicly, Nunes has advocated for impeaching Deputy Attorney General Rod Rosenstein, who assumed oversight of the Russia investigation after Sessions recused himself. 

Nunes and other House conservatives have argued that there needs to be a separate, second investigation into the Russia investigation and that Rosenstein has been slow or unwilling to provide certain documents they've requested.

McMorris Rodgers says she supports the Russia investigation, though, so far, she's been dismissive of the results. She has also suggested that Congress should consider impeachment if Rosenstein doesn't "fully comply with appropriate congressional oversight.”