FBI agents this morning arrested a Santa Monica man on federal charges stemming from a series of distributed denial-of-service – or DDoS – attacks on a website for a candidate who was campaigning for a California congressional seat.
Arthur Jan Dam, 32, was taken into custody this morning pursuant to a criminal complaint filed Wednesday that charges him with one count of intentionally damaging and attempting to damage a protected computer.
Dam allegedly staged four cyberattacks in April and May of 2018 that took down the candidate’s website for a total of 21 hours. “The victim reported suffering losses, including website downtime, a reduction in campaign donations, and time spent by campaign staff and others conducting critical incident response,” according to the affidavit in support of the criminal complaint. The victim further reported spending $27,000 to $30,000 to respond to the attacks, and the candidate believes the attacks contributed to the loss in the primary election in June 2018.
“Law enforcement at all levels has pledged to ensure the integrity of every election,” said United States Attorney Nick Hanna. “We will not tolerate interference with computer systems associated with candidates or voting. Cases like this demonstrate our commitment to preserving our democratic system.”
“Today’s arrest shows the FBI’s commitment to hold accountable anyone who interferes with an American’s right to vote or who deprives a candidate the right to compete fairly in an election,” said Paul Delacourt, the Assistant Director in Charge of the FBI’s Los Angeles Field Office. “As part of our mission to defend the democratic process, the FBI is equipped with the expertise to respond to allegations of election interference; whether by fraud, intimidation or – as in this case – cyber intrusions.”
The investigation outlined in the affidavit found that the cyberattacks all originated from one Amazon Web Services (AWS) account, which Dam controlled, and the four attacks corresponded to logins into that AWS account from either Dam’s residence or his workplace. Furthermore, Dam had conducted “extensive research” on both the victim and cyberattacks, the complaint alleges.
DDoS attacks typically are accomplished by flooding the targeted computer with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. After the third cyberattack, the victim increased cybersecurity measures and retained a website security company, but that was not enough to prevent a final disruption to the campaign’s website just one week before the primary election.
Dam was married to a woman who was employed by another candidate – and the eventual winner – in the congressional race, according to the complaint. The FBI has not uncovered any evidence that the winning candidate or Dam’s wife orchestrated or were involved in the series of cyberattacks.
Dam was arrested this morning after surrendering to FBI agents at the United States Courthouse in downtown Los Angeles. Dam is expected to make his initial court appearance this afternoon.
A criminal complaint contains allegations that a defendant has committed a crime. Every defendant is presumed innocent until and unless proven guilty beyond a reasonable doubt.
If he were to be convicted of the charge of intentionally damaging and attempting to damage a protected computer, Dam would face a statutory maximum sentence of 10 years in federal prison.
The FBI investigated this case.
This matter is being prosecuted by Assistant United States Attorneys Cameron L. Schroeder and Joseph B. Woodring of the Cyber and Intellectual Property Crimes Section.
Submitted by Thom Mrozek, Director of Media Relations