DNC calls FBI after appearing to thwart hack of its voter database
Update: The Democratic National Committee said late Wednesday that what it had earlier feared was the beginning of a sophisticated attempt to hack into its voter database, was, in fact, an unauthorized “simulated phishing test.” Read the updated story here.
The Democratic National Committee contacted the FBI on Tuesday after it detected what it believes was the beginning of a sophisticated attempt to hack into its voter database, a Democratic source tells CNN.
The DNC was alerted in the early hours of Tuesday morning by a cloud service provider and a security research firm that a fake login page had been created in an attempt to gather usernames and passwords that would allow access to the party’s database, the source said.
The DNC and the two companies involved in detecting the operation say they believe they thwarted a potential attack.
The fraudulent page was designed to look like the access page Democratic Party officials and campaigns across the country use to log into a service called Votebuilder, which hosts the database, the source said, adding the DNC believed it was designed to trick people into handing over their login details.
The source said the DNC is investigating who may have been responsible for the attempted attack, but that it has no reason to believe its voter file was accessed or altered.
The page was initially discovered late Monday by Lookout, a San Francisco-based cybersecurity firm. The company doesn’t work for the DNC but alerted the party to its findings, Mike Murray, the company’s vice president of security intelligence, told CNN on Wednesday.
Murray said that a link to the page could have been sent to Democrats by email or through other online platforms in a spearphishing operation.
“It was very convincing,” Murray said, adding that if a person were to see the real login page and the fake login page side-by-side, it would be difficult to tell them apart. “It would have been a very effective attack,” he said.
The fraudulent page was hosted on a cloud computing platform called DigitalOcean, which took action to remove the page as soon as it was alerted by Lookout, the cloud company said.
“We see no evidence that any sensitive data was stolen and our initial investigation indicates that we were able to address this threat prior to the attack being launched,” Josh Feinblum, chief security officer at DigitalOcean, said in a statement.
The DNC’s chief security officer Bob Lord, a former Yahoo! executive, briefed Democrats on the attempted attack at a meeting of the Association of State Democratic Committees in Chicago on Wednesday.
“These threats are serious and that’s why it’s critical that we all work together, but we can’t do this alone. We need the (Trump) administration to take more aggressive steps to protect our voting systems. It is their responsibility to protect our democracy from these types of attacks,” Lord said in a statement to CNN.
CNN has reached out to the FBI for comment.
Early Tuesday morning, Microsoft announced that parts of an operation linked to Russian military intelligence targeting the US Senate and conservative think tanks that advocated for tougher policies against Russia were thwarted last week.
That disclosure, coming less than three months ahead of the 2018 midterms, demonstrated Russia’s continued efforts to destabilize US institutions. The news also places additional pressure on President Donald Trump to take action, even though he downplayed Russia’s involvement as recently as Monday.