Skip to main content

DNC Mistakenly Contacted FBI over Hack When It Was Just a Drill

 

The Democratic National Committee (DNC) has reversed course and now says the alleged hacking attempt against their voter database was actually just a security test initiated by a state branch of the Democratic Party itself.

On Wednesday, Law&Crime reported that the DNC had reached out to the FBI about the apparent cyber intrusion. The FBI’s national press office declined to comment on the story.

According to the DNC’s original version of the tale, the group’s cloud service provider and an independent security research firm–that is, a firm not contracted by or affiliated with the DNC–caught wind of a fake login page which appeared to have been created in order to obtain usernames and passwords. Those credentials could have then been used to access the Democratic Party’s voter database.

This page appeared to have been designed in such a way that it accurately mimed the national party’s basic access portal. This portal leads to a service known as VoteBuilder–a store of data and user interface which is relied upon by Democratic Party officials and campaigns throughout the country.

The hacking technique alleged is known as “phishing” and the DNC’s chief security officer, Bob Lord, speculated that authenticated users could have been tricked into inputting their valid credentials by way of email or other digital communication.

Could have, that is, if the incident had actually been a hack at all.

As it turns out, the fake login page was created by the Michigan Democratic Party as one component of a security test.

According to the Washington Post, the faux page was actually created–and the overall test was conducted–by “white hat” hackers who had volunteered to test the system’s security. Those hackers were brought on board by the Michigan Democratic Party–which simply failed to alert national or cybersecurity officials about their work.

“We, along with the partners who reported the site, now believe it was built by a third party as part of a simulated phishing test on VoteBuilder,” Lord said. “The test, which mimicked several attributes of actual attacks on the Democratic party’s voter file, was not authorized by the DNC, VoteBuilder nor any of our vendors.”

[image via George Frey/Getty Images]

Follow Colin Kalmbacher on Twitter: @colinkalmbacher

Tags:

Follow Law&Crime: