DNC Now Says 'Hacking Attempt' Was Just a Phishing Test [Updated]

Illustration for article titled DNC Now Says 'Hacking Attempt' Was Just a Phishing Test [Updated]
Photo: AP

A widely reported hacking attempt on the main voter file of the Democratic National Party turns out to have been a security test, the DNC says.


The test had been authorized by the Michigan Democratic Party (MDP) and was conducted with the help of outside security staff, according to MDP Chairman Brandon Dillon.

“We have taken heightened steps to fortify our cybersecurity—especially as the Trump Administration refuses to crack down on foreign interference in our elections,” Dillon said. “In an abundance of caution, our digital partners ran tests that followed extensive training. Despite our misstep and the alarms that were set off, it’s most important that all of the security systems in place worked.”

“Cybersecurity experts agree this kind of testing is critical to protecting an organization’s infrastructure, and we will continue to work with our partners, including the DNC, to protect our systems and our democracy,” he said.

Citing a matter of internal security, an MDP spokesperson declined to confirm the name of the outside firm contracted to perform the test, which stirred panic at the Democratic National Headquarters and prompted calls to the FBI.

However, DigiDems, a California-based Democratic group founded this year, confirmed to Gizmodo that it ran the test on the Michigan state party’s behalf.

“DigiDems works with campaigns to hire tech staffers who, alongside using tech tools to help get candidates elected, help train their colleagues on the necessary security measures to keep those campaigns safe,” said Alicia Rockmore, DigiDem’s co-executive director. “As part of that training, we ran tests on the Michigan state party campaign’s internal security measures which tripped an external alarm.”


Added Rockmore: “Despite our misstep and the alarms that were set off, it’s important that all the security systems in place worked. Protecting campaigns has never been more necessary. We will continue to work with campaigns, and closely with the DNC, committees and state parties, to set up and test these defenses.”


The fake site created by DigiDems was reportedly a exact copy of the login page for VoteBuilder, the platform used by Democratic candidates to track potential voters and conduct field organizing activities. Because the platform is actually owned by NGP VAN, a private company, use of its name and logo in an unauthorized phishing test may raise legal concerns.

Reversing course on its prior hacking claims, DNC Chief Security Officer Bob Lord acknowledged late Wednesday evening that the purported attack was a “simulated phishing test on VoteBuilder,” which was not authorized by the DNC.


Simulated phishing attacks are perhaps not the worst idea for the Democrats, whose network was infiltrated more than two years ago by Russian hackers, leading to the release of thousands of internal emails—and potentially costing them the White House. At least one Kremlin-directed attack was reportedly successful because the hackers managed to phish the credentials of an employee at the Democratic Congressional Campaign Committee.

In this case, however, the fake login page was detected too quickly by an outside company—before it could be used to test anyone.


The California-based security firm Lookout told Gizmodo on Wednesday that its phishing AI discovered the page as soon as it went live. Lookout then alerted DigitalOcean, the cloud service provider hosting the fake page, which in turn called the DNC.

While this incident may not have been malicious, it comes just days after Microsoft disclosed it had seized control of six internet domains, two of which mimicked major conservative groups, which the company attributed to Stronium, the Russian hacking group U.S. intelligence claims is responsible for the 2016 DNC attack.


Earlier this month, the nation’s top national security officials warned that U.S. Cyber Command and various intelligence agencies are tracking a wide range of foreign cyber adversaries attempting to undermine the 2018 midterm elections.

“Our purpose here today is simply to tell the American people we acknowledge the threat, it is real, it is continuing,” said Director of National Intelligence Dan Coats. “And we are doing everything we can to have a legitimate election that the American people can have trust in.”


Update, 11:40am: Added confirmation from the Michigan Democratic Party.

Update, 3:15pm: Added confirmation from DigiDems.

This is a developing story.


Senior Reporter, Privacy & Security


Good for them. Part of a good pentest strategy includes testing response procedures, and sometimes that means simulating a red alert-type situation.