DNC Cyberattack Was Not More Russian Hackers, Just a Simulated Phishing Test

A suspected cyberattack at the U.S. Democratic National Committee (DNC) this week was not a real hack but a simulated test designed to appraise its network.

Bob Lord, the organization's chief security officer (CSO), confirmed a previous alert—which originated from an external cybersecurity company called Lookout—was a false alarm.

Officials contacted the FBI Wednesday, after researchers claimed to have found a phishing website designed to look like the login page for a database called VoteBuilder. The news led to fears that staff login credentials were at risk, which could result in another major data leak.

"We, along with the partners who reported the site, now believe it was built by a third party as part of a simulated phishing test on VoteBuilder," Lord stated. "The test, which mimicked…attributes of actual attacks on the Democratic party's voter fil­e, was not authorized by the DNC, VoteBuilder nor any of our vendors. The party took the necessary precautions to ensure that sensitive data critical to candidates and state parties across the country was not compromised."

Democratic National Committee
The headquarters of the Democratic National Committee (DNC) is seen in Washington, DC, August 22, 2018, after reports indicated that the DNC notified the FBI of an attempt by hackers to infiltrate the organization's voter database. SAUL LOEB/AFP/Getty Images

Phishing tests are increasingly common in large organizations. They are used to test if adequate cybersecurity protections are in place—and judge how many people are likely to be duped.

In this instance, Lord said the DNC was not aware of the test. "There are constant attempts to hack the DNC and our Democratic infrastructure, and while we are extremely relieved that this wasn't an attempted intrusion by a foreign adversary this incident is further proof that we need to continue to be vigilant in light of potential attacks," the former Yahoo expert said this week.

Mike Murray, security intelligence at cyber firm Lookout, tweeted Wednesday: "You don't know that they're false until you've showed up to investigate. All [of] the folks who pulled together on this were amazing, and had this been a real attack, would have stopped something terrible."

Journalist Michael Kan reported that the test was ordered by the Michigan Democratic Party.

I appreciate various parts of the security ecosystem coming together quickly to tackle this matter. Lots of super dedicated pros like @mmurray and @TheCustos and their teams who reached out to us and worked round the clock with me! https://t.co/94xNvcu2vP

— Bob Lord (@boblord) August 23, 2018

In 2016, the DNC computer networks were infiltrated by hackers with alleged links to Russia. Thousands of party emails were later leaked online by whistleblowing outfit WikiLeaks. Experts discovered that at least two Kremlin-linked units had successfully breached the organization's sensitive machines. The hackers were codenamed "Fancy Bear" and "Cosy Bear."

The effort was allegedly part of a long-running plot to sow discord in the political system. U.S. intelligence has said the aim was two-fold: Elect Donald Trump and damage Hillary Clinton.

Julian Assange, the founder of WikiLeaks, denied that his source was the Russian state.

Earlier this week, Microsoft said it had spotted attempts by one of the same units that hacked the DNC to target American think tanks. They were thwarted. Back in July, it emerged that staffers working for three democratic midterm candidates had been hit with new phishing attempts.

Hillary Clinton
Former Democratic presidential nominee Hillary Clinton (L) and former President Bill Clinton arrive on the West Front of the U.S. Capitol in Washington, D.C., U.S., January 20, 2017. U.S. intelligence believes Russia engaged in a campaign to damage Clinton's chances at becoming president. REUTERS/Win McNamee/Pool