DownsizeDC.org
June 23, 2013
How DownsizeDC.org Was Attacked by Hackers
By Jim Babka

A special report to Downsize DC Donors

We told you in May we were "attacked" by hackers. Those words conjure many thoughts, some misleading. We want to provide more details here...

THURSDAY, APRIL 18

Our Internet service provider updated our mail server. This is usually a routine procedure with no complications. This was one of those “not” times. Various internal emails stopped arriving. Four days later on...

MONDAY, APRIL 22

We realized we weren't getting email notices of credit card contributions and attempts. We asked our mail server manager to fix this. But . . .

He had broken his ribs and collarbone in a motorcycle accident the day before! Surgery was scheduled. I could hear the pain in his voice as we talked on the phone. Our email problem seemed like a low priority, in comparison. But...

If we had been getting our email notices we would've observed what started to happen around 5 PM on...

WEDNESDAY, APRIL 24

Fraudulent contributions were made through our online form.

They continued until...

FRIDAY, APRIL 26

My phone started ringing that morning. Angry people were calling because their cards had been charged by our account. These were complete strangers, NOT DC Downsizers.

Those calls didn't stop until about two weeks ago. Some days there would be seven or eight of them. In total...

  • There were more than 4,300 attempts to use our system to make fraudulent charges
  • Nearly 1,500 attempts were "successful"
  • Leading to a whopping $52,000 in false charges!

We blocked all of this from continuing as soon as we realized it was happening. By the close of business that Friday we provided our credit card merchant account with a list of all the false transactions, so they could be reversed.

I wish that was the end of the story, but we also had to . . .

  • Close our checking account
  • Change to a new merchant account company
  • Create a new online contribution gateway
  • MANUALLY transfer a few hundred monthly pledge records to the new merchant account company

Our entire staff was involved in this. Even me. This caused us to neglect other important functions like...

  • Media interviews
  • New action items
  • Programming for the new Zero Aggression website

This amounted to five weeks of stalled progress and frustration. Still, we’ve emerged more secure than before.

We got calls from two supporters who are web security specialists when they heard about the attack. They helped us do a security test. We passed. In addition, we’ve also added . . .

  • Extra measures to protect ourselves against this specific type of attack
  • Systems to protect against special circumstances and broken collar bones.

It’s important to realize that...

Your personal account information was in no danger at any time.

This was NOT that kind of attack.

Neither do we have any vulnerabilities that would threaten your account in any way.

We were simply the victim of a robo-attack that used our system to make fraudulent credit card charges.

This was NOT done for the gain of the attacker, but simply to harm us, making us waste time and money reversing all the false charges. Which brings us to . . .

A remaining SERIOUS problem

When we transferred our monthly pledges to the new merchant account not all of our data entry was accepted by the new system, even after double-checking. The result?

Our pledge income, UPON WHICH WE RELY, is down 38%.  

That spells big trouble, unless those who have monthly pledges with us can take immediate action to help us fix the problem. If you’re a monthly pledger, please do this . . .

  1. Check your credit card statement.
  2. If your card was not charged in May or June, then you're part of that nearly 40% loss. And we'd like to ask you to please, as quickly as possible, restart your pledge.
  3. You can do so using our new EXTRA-SECURE contribution form.

But not everyone receiving this message will read it. Not everyone who does will follow-through to renew, even if they mean to do it later. That's just the way life works. So...

Now would be a great time to increase your monthly pledge of support, if you possibly can.  

You can (quickly and easily) increase your monthly pledge using the Downsize DC pledge management tool (you must be logged-in).

Jim Babka
President
DownsizeDC.org, Inc.

Filed under Progress Reports
Blog commenting is currently under construction. In the meantime, you can send an email if there's something you'd like to tell us.

What Can We Do For You?

We can help you downsize the federal government, if you want that. All you have to do is join. It's free! In return...

We'll give you an army.

We're recruiting a huge army of supporters to work for what you want.

We'll give you influence.

The Downsize DC Army will exert relentless, resistance-numbing pressure on Congress.

We'll make your voice heard.

We'll use our growing army to make your beliefs heard by everyone, everywhere, every day.

We'll give you winning strategies.

Ideas like our "Read the Bills Act" and the "One Subject at a Time Act" will give you the leverage to win the public debate, control Congress, and Downsize DC!

We'll give you powerful tools.

  • Your free membership includes a subscription to our free email newsletter, the Consent Chronicle, which national talk show host Jerry Hughes calls by far the best newsletter he receives.
  • You'll be able to use our Educate the Powerful SystemSM to pressure Congress. It's easy. All it takes is a few mouse clicks and keyboard strokes. You can do it in your bathrobe while you're drinking your morning coffee, or during a break at work.
  • You'll also gain access to our 16-page strategy document, "The Downsize DC Vision." You'll learn about important insights like "ignoring an axiom," and powerful strategies like "picking off the herd." One reader called this document "the unified field theory" of political change.

To gain these benefits, just enter your email address in the box below and hit Subscribe!

Subscribe to the Consent Chronicle
Enter your email address twice: