The Democratic National Committee (DNC) claims it reached out to the FBI on Tuesday after apparently detecting a large-scale attempt to hack into the group’s voter database. It was not immediately clear if the alleged hacker was trying to gather or alter information.
CNN’s Donie O’Sullivan reports that the DNC was apprised of the attempt during the wee wee hours of Tuesday morning by their cloud service provider and a security research firm. Apparently, a fake login page was created in order to obtain usernames and passwords. Those credentials would then have been used to access the Democratic Party’s voter database, according to CNN’s anonymous source within the DNC.
The fake login page was allegedly designed in a way that mimicked the national party’s basic access page–the one used by Democratic Party officials and campaigns throughout the United States. With the proper credentials, the basic access page directs users to the VoteBuilder service, a campaign tool created by the NGP VAN company.
VoteBuilder both hosts the voter database files and acts as a user interface so the data can be easily accessed. According to NGP VAN, “The gold standard in political campaign technology, VoteBuilder is built & scaled to manage the largest and most sophisticated organizing campaigns in history.” Law&Crime can confirm that most Democratic Party and Democrat-aligned candidates use NGP VAN’s voter database services almost exclusively.
According to CNN, the faux page was originally discovered on late Monday by Lookout, a cybersecurity firm based in San Francisco. Lookout isn’t contracted out by the DNC, but shared their findings with the group after they discovered the suspicious behavior. Lookout’s Vice President of Security Intelligence, Mike Murray, theorized that links to the fake access page were probably sent via email to Democrats in an attempted “spearfishing operation.”
Murray said, noting the similarities between the true and false pages, “It was very convincing. It would have been a very effective attack.”
In comments to CNN, the DNC’s chief security officer, Bob Lord, took the opportunity to opine on the White House’s response to cybercrime. He said:
These threats are serious and that’s why it’s critical that we all work together, but we can’t do this alone. We need the administration to take more aggressive steps to protect our voting systems. It is their responsibility to protect our democracy from these types of attacks.
Law&Crime reached out to the FBI National Press Office for comment or clarification on this story. In an emailed response, they said, “The FBI does not have a comment.”
[image via PAUL J. RICHARDS/AFP/Getty Images]
Follow Colin Kalmbacher on Twitter: @colinkalmbacher
Editor’s note: this article has been amended to include a response from the FBI.