What the Democratic National Committee this week thought was an attempted hack of its valuable voter file turned out to be a security test organized by a state party, unbeknownst to the national organization.
The committee on Tuesday alerted the FBI to a fake online portal it thought had been set up as an elaborate attempt to trick DNC staff into giving up their log-in credentials – through a hacker technique known as “phishing” – as a way to gain access to the party’s VoteBuilder database.
On Thursday morning, DNC Chief Security Officer Bob Lord reversed course. “We, along with the partners who reported the [fake] site, now believe it was built by a third party as part of a simulated phishing test on VoteBuilder,” he said in a statement.
“The test, which mimicked several attributes of actual attacks on the Democratic Party’s voter file, was not authorized by the DNC, VoteBuilder nor any of our vendors,” he said.
“The party took the necessary precautions to ensure that sensitive data critical to candidates and state parties across the country was not compromised,” Lord added. “There are constant attempts to hack the DNC and our Democratic infrastructure, and while we are extremely relieved that this wasn’t an attempted intrusion by a foreign adversary, this incident is further proof that we need to continue to be vigilant in light of potential attacks.”
(c) 2018, The Washington Post · Ellen Nakashima