Trump’s Campaign Site Defaced While Being Protected by Cloudflare: Who’s to Blame?

I have been writing for some time on how the CDN industry has been evolving to focus more on value-add services, with security being a major focus area. As Q3 2020 earnings reporting is currently underway, we have begun to hear from the public CDN companies on just how important security has become to their businesses. Despite this growth, or maybe in part because of it, it remains incredibly challenging for businesses to parse through all of the vendor assertions when making decisions around cloud security solutions. When a high-profile site is compromised, IT leaders can be even more confused about what defenses are useful, and which vendors they should partner with.

For example, just yesterday, CNN reported that Donald Trump’s campaign website had been defaced. Cloudflare Radar highlights that election sites are being actively targeted by attackers, so it is clear that there has been an increase in attack activity that could result in a compromise. What is not immediately obvious is the source of the defacement. Specifically, it is possible that attackers circumvented a web application firewall (WAF), or it could be that either credentials were leaked or a phishing scheme allowed an attacker to access the content management system.

The DNS history for donaldjtrump.com shows that Cloudflare has been hosting the site for the past 5 years, and a domain lookup confirms that Cloudflare continues to be the host. Cloudflare did not immediately comment on the topic to the press, but this would not be the first time the company’s products were compromised (if that was the root cause in this case), or that they made mistakes that led to a customer being hacked. So in an election cycle as fraught as this one, it will be interesting to hear how the company speaks to this incident. It will be more interesting to then watch how the market reacts, especially if Cloudflare stays silent. Cloudflare reports Q3 earnings on Friday October 30th November 5th and I’ll update this post if they comment.