Democrats’ ‘hacker’ identified as test run by tech company
Michigan party officials hired firm to test data security.
A would-be hacking attempt into the national Democratic Party’s massive voter file wasn’t that at all.
It turns out to be the work of a technology company hired by Michigan Democrats, all in the name of testing how secure the party can keep information on tens of millions of Americans.
“This was an unauthorized test, not an attack,” Bob Lord, the Democratic National Committee’s chief security officer, said Thursday.
That finding, discovered after national party officials already had contacted federal law enforcement fearing a malicious hacking attempt, marks an odd and potentially embarrassing twist to the party’s data-security efforts two years after Russians penetrated DNC computers and released internal communications during the 2016 presidential election.
The chairman of the Michigan Democratic Party, Brandon Dillon, did not respond to a request for comment.
Lord, who is attending the party’s summer meetings this week in Chicago, said the episode shows “we could do a better job.” But he also framed the whiplash storyline as evidence the party has improved its overall cybersecurity since 2016, even as it depended on outsiders this time to flag what looked like a threat.
“This is a demonstration that the DNC is plugged into the security community in a way we weren’t before,” Lord said.
Lord says he was notified by two companies — the web security firm Lookout and the web cloud hosting service DigitalOcean — in the wee hours Tuesday morning about a live website that appeared to mimic logins for the DNC’s web-based VoteBuilder program that houses information on voters across the country. The DNC grants state parties access to various portions of the database so the parties and Democratic candidates can use it — and enhance it — as part of campaigns.
Lookout is a firm that scours the internet identifying potential threats. DigitalOcean hosted the account of the suspected hacker.
Working with NPG VAN, the DNC’s contractor for VoteBuilder, Lord said the group agreed collectively that what it was seeing was a nearly complete phishing attempt that would be used to lure Democratic officials with access to VoteBuilder to give up their passwords.
It’s a common phishing exercise, similar to what Hillary Clinton’s campaign chairman, John Podesta, fell for, ultimately leading to Wikileaks unveiling his emails in the months before Clinton’s loss to Donald Trump.
“The website was live, obviously, but the phishing attempt was not yet operational,” Lord said.
DigitalOcean suspended the account. DNC contacted authorities. The FBI has declined comment.
Further investigation identified the account holder as a web contractor that had been hired by the Michigan Democrats.
Lord did not identify the firm.