Martha Robertson, the Emily’s List backed and high priority DCCC candidate in the upstate NY-23 swing district, made an inflammatory fundraising pitch on September 30 that “GOP ops” had been “caught” trying to take down her website on the last day of the fundraising Quarter.

To counter this alleged GOP attempt to take down her website, Robertson urged recipients of her blast email at 6:28 p.m. to go to her fundraising page to donate, or to at least to call a number to donate by telephone.

… our web manager just caught GOP ops trying to shut down my website! I cannot believe it!

They know we have less than 6 hours left to our major deadline at midnight! I need your help to fight back. Please click on the link below to help me reach our goal. We are just $6,520 short.

Legal Insurrection broke the story.  We were suspicious and pushed for proof from the Robertson campaign, but were met with a stone wall of silence for the past 10 days.  The local media then picked up on the story, but still silence from Robertson.

Finally, local media went to a Democratic Party county fundraiser last night at which Robertson was supposed to speak, but Robertson was a no show.

Instead, her campaign sent out Nate Shinagawa, her campaign Chair, to speak with reporters.  Shinagawa did not claim to have proof that “GOP ops” were behind her alleged website problems, much less that such “GOP ops” had been “caught” as her fundraising solicitation claimed.

Instead, Shinagawa simply said there were 9 SQL injections attacks detected by the web host just after 3 p.m. on September 30 and that none of the attacks had any impact on the website.

This raises the question why the campaign would send out an email three hours after the alleged attacks claiming “GOP ops” had been “caught” when there was no such evidence and the attacks caused no problems:

Via WETM in Elmira, NY:

Robertson Campaign Chairman Nate Shinagawa spoke with WETM-TV outside a Democratic Committee Fundraiser in Corning Friday night. Robertson herself was expected to speak at the event, but Shinagawa said she was travelling following the fundraising period that ended September 30th.

It was with the end of that fundraising period where the current situation began. According to Shinagawa, on September 30th, just before 4:00 p.m., the Robertson campaign was alerted by their web master that there had been nine SQL injection attacks on the campaign’s website between 2:42  p.m. and 3:01 p.m. Shinagawa said the attack seemed to be manual instead of automated, and called it “interesting” that it happened on a final fundraising day. He did not, however, say the attack was carried out by GOP operatives….

The campaign then sent an e-mail to supporters, claiming the attack was the work of “GOP ops”, asking supporters to donate, and including a telephone number for them to call if they had any issues with the website. In the e-mail the campaign wrote, “Our web manager just caught GOP ops trying to shut down my website! I cannot believe it! They know we have less than 6 hours left to our major deadline at midnight! I need your help to fight back.”  ….

When asked about the charge from Congressman Tom Reed’s campaign that she return the money raised from the e-mail, Shinagawa said the campaign had no plans to do so.

Shinagawa had not responded to numerous requests from Legal Insurrection for an explanation, but did email us the link last night to the WETM story.

I also have emailed Shinagawa this morning seeking the logs he apparently provided to television media, because his explanation of the SQL injection attack seems highly exaggerated, according to Legal Insurrection’s website consultant, Andy LoCascio, who has a great deal of experience in website security issues:

While it certainly would be possible that an SQL injection could stop all or part of a website from functioning, it is easy to detect and fix. The IP addresses in the server log can be traced back to the source of the attack. For such an attack to be effective, the site would need to be poorly configured or maintained. These attacks and similar attempts to hack into sites are routine. A review of the entire server log would find dozens of attempts to access the content. If someone really wanted to take the site down, they would have arranged for a DDOS (distributed denial of service) attack. This really appears to be an opportune use of a common server issue.

It’s fair to assume that if the Robertson campaign had proof that the GOP was behind the alleged hacking, Shinagawa would have presented it.

We will continue to pursue this story until the Robertson campaign comes clean and either presents proof the GOP was behind the alleged hack attempt, or admits it made the accusation of GOP involvement without any evidence.


Donations tax deductible
to the full extent allowed by law.