Photo: AP
A widely reported hacking attempt on the main voter file of the Democratic National Party turns out to have been a security test, the DNC says.
The test had been authorized by a state party and was conducted with the help of outside security staff, according to a source with knowledge of the matter. Gizmodo is working to confirm the details.
The apparent test, designed to mimic a phishing attack, set off alarms at the Democratic National Headquarters, which on Tuesday alerted the FBI. The party went public on Wednesday, claiming they were targeted for a malicious attack.
The fake site was reportedly a precise copy of the login page for VoteBuilder, the platform used by Democratic candidates to track potential voters and conduct field organizing activities. Because the platform is actually owned by NGP VAN, a private company, use of its name and logo in an unauthorized phishing test may raise legal concerns.
DNC Chief Security Officer Bob Lord reversed course by late Wednesday evening, saying the Democrats now believe the purported attack was a “simulated phishing test on VoteBuilder,” which was not authorized by the DNC.
However, simulated phishing attacks are perhaps not the worst idea for the Democrats, whose network was infiltrated more than two years ago by Russian hackers, leading to the release of thousands of internal emails—and potentially costing them the White House. At least one Kremlin-directed attack was reportedly successful because the hackers managed to phish the credentials of an employee at the Democratic Congressional Campaign Committee.
In this case, however, the fake login page was detected by an outside company, apparently before it could be used to test anyone. The California-based security firm Lookout told Gizmodo on Wednesday that its phishing AI discovered the page as soon as it went live. The company then alerted DigitalOcean, the cloud service provider hosting the fake page.
While this incident may not have been malicious, it came just days after Microsoft disclosed it had seized control of six internet domains, two of which mimicked major conservative groups, which the company attributed to Stronium, the Russian hacking group U.S. intelligence claims is responsible for the 2016 DNC attack.
Earlier this month, the nation’s top national security officials warned that U.S. Cyber Command and various intelligence agencies are tracking a wide range of foreign cyber adversaries attempting to undermine the 2018 midterm elections.
“Our purpose here today is simply to tell the American people we acknowledge the threat, it is real, it is continuing,” said Director of National Intelligence Dan Coats. “And we are doing everything we can to have a legitimate election that the American people can have trust in.”
This is a developing story.