In a targeted cyber intrusion, the Heritage Foundation, a prominent conservative think tank, fell victim to a data breach orchestrated by SiegedSec, a well-known cybercrime group.
Motivation Behind the Attack
SiegedSec, self-described as “gay furry hackers,” claimed responsibility for the breach, citing their opposition to the Heritage Foundation’s Project 2025. This initiative aims to provide President Donald Trump with a set of policy proposals for immediate implementation should he win the upcoming election. The group views these policies as leaning towards a more conservative agenda for the White House.
The compromised data, spanning from 2007 to November 2022, includes content from Heritage Foundation blogs and The Daily Signal, a media outlet associated with the foundation. According to SiegedSec, the stolen data encompasses sensitive information such as “full names, email addresses, passwords, and usernames” of individuals linked to Heritage, including those holding U.S. government email addresses. They assert that the disclosure of this data aims to tarnish Heritage’s reputation and dissuade influential figures from affiliating with the organization.
Response from Heritage Foundation
A spokesperson for the Heritage Foundation refuted SiegedSec’s claims, asserting that the organization was not hacked. Instead, they clarified that an external group stumbled upon a two-year-old archive of The Daily Signal website hosted on a contractor’s public-facing platform. The compromised information, the spokesperson emphasized, was limited to usernames, names, email addresses, and partially obscured password data of both contributors and commenters, alongside IP addresses. The spokesperson firmly denied any breach of Heritage’s internal systems, dismissing the incident as an exaggeration propagated by what they termed “criminal provocateurs.”
Additional Claims and Campaigns
SiegedSec also declared possession of more than 200 gigabytes of additional data, deemed largely irrelevant, which they pledged not to release. This action forms part of their broader “OpTransRights” campaign, previously targeting governmental websites and data in states deliberating or enacting legislation perceived as anti-abortion or anti-transgender.
This breach marks the second reported cyber incident involving the Heritage Foundation this year. In a separate incident in April, the organization temporarily shut down its network following an alleged breach by a state-backed hacking group. The foundation’s president, Kevin Roberts, recently drew attention by likening current conservative movements to a “second American Revolution,” envisioning a non-violent evolution if met with acceptance from opposing factions.
Emerging in April 2022 on the messaging platform Telegram, SiegedSec has targeted various high-profile entities, including NATO portals, the municipal government of Fort Worth, and enterprises involved in offshore energy infrastructure oversight. These activities highlight an emerging trend of politically motivated cyberattacks aimed at shaping public discourse and influencing policy outcomes.
The cyberattack on the Heritage Foundation underscores the persistent threat faced by political institutions in today’s digital landscape. As groups like SiegedSec exploit vulnerabilities for ideological ends, the imperative for robust cybersecurity measures intensifies. The Heritage Foundation’s response to this breach and its aftermath will undoubtedly attract scrutiny as stakeholders navigate the evolving dynamics of cybersecurity and political activism.