Update, August 23: An alleged hacking attempt on the main voter file of the Democratic National Party turns out to have been a security test, according to a source familiar with the matter. The source indicated that the test had been authorized by a state party with the help of outside security staff. Gizmodo is working to confirm those details.
The original story is below.
Earlier this week, someone attempted to infiltrate the system housing the Democratic Party’s voter file using a fake login page, Democratic officials and a leading cloud service provider told Gizmodo on Wednesday.
The Democratic National Committee (DNC) was notified on Tuesday of an effort to collect the usernames and passwords of Democratic officials using a fake login page. The fake page was created in an apparent attempt to infiltrate VoteBuilder, the DNC’s main voter file system.
VoteBuilder is one of the primary systems Democratic candidates use to track potential voters for both fundraising and field organizing activities nationwide. The platform is operated by NGP VAN, a private company.
DigitalOcean, the cloud service provider, said it notified the DNC after being made aware of the threat early Tuesday morning. The threat was first detected by Lookout, a San Francisco-based security company, on Monday night.
Lookout’s chief strategy officer, Aaron Cockerill, told Gizmodo by phone the fake site was detected Monday evening by an AI system the company has had in development for the past 6-to-8 months. The system is designed, he said, to detect phishing sites as they go live, as opposed to after bad actors are able to use them to target people. With virtually thousands of triggers, however, it’s not immediately clear what specifically set off Lookout’s detection system.
The DNC is not a Lookout client, added Cockerill. “We’re really happy to be able to do the right thing,” he said.
The DNC contacted law enforcement immediately after it was alerted to the threat, said a Democratic official, who added there’s no indication so far that Votebuilder or any other system has been compromised. Lookout also believes, though has yet to confirm, that the fake site was detected before it could be used to trick anyone.
DigitalOcean’s chief security officer, Josh Feinblum, said in an email that the company was “continuing to partner with the DNC and appropriate law enforcement agencies on this issue.”
DNC Chief Security Officer Bob Lord characterized the incident as “further proof that there are constant threats as we head into midterm elections,” adding: “we must remain vigilant in order to prevent future attacks.”
Word of the attempt on the DNC comes one day after Microsoft disclosed that it had seized control of six internet domains allegedly created used by Russian hackers, two of which mimicked major conservative organizations, including the International Republican Institute.
Lord also called on the Trump administration to take “more aggressive steps” to protect voting systems. “These threats are serious,” he said, “and that’s why it’s critical that we all work together...”
More than two years ago at the height of the 2016 election, hackers gained access to the DNC network using credentials stolen from an employee of the Democratic Congressional Campaign Committee. Within months, more than two dozen computers were compromised and thousands of emails were stolen.
The stolen emails, which the hackers shared with WikiLeaks that summer, upended the Democratic Party, eventually leading to the resignation of DNC chairwoman Debbie Wasserman Schultz.
In January 2017, U.S. intelligence assessed with high confidence that the hackers were acting on behalf of the Russian government, which had displayed a clear preference for then-candidate Donald Trump in the election.
Update, 3:00pm: Added additional context provided by Lookout Chief Strategy Officer Aaron Cockerill.