US Democrats call in Feds: There's something phishy going on with our voter database

Um, yeah, it was an anti-phishing security test

Updated The Democratic National Committee (DNC) has called in the FBI after uncovering an apparent attack against its internal voter database system.

CNN reported that the DNC learned of the attempted phishing attack from cloud service provider DigitalOcean via Lookout, a mobile security firm that detected the malfeasance.

Miscreants had set up a counterfeit website in an attempt to hoodwink DNC staffers into handing over login credentials. This fake website was spam-vertised using bogus emails.

The counterfeit website was designed to mimic Votebuilder, an internal service used by Democratic Party officials and campaigns across the US.

DigitalOcean removed the dodgy website as soon as it was alerted by Lookout.

DNC chief security officer Bob Lord, a former Yahoo! executive, reportedly briefed members about the attempted hack at a meeting of the Association of State Democratic Committees in Chicago on Wednesday. Lord called on the Trump administration to "take more aggressive steps to protect our voting systems".

This comes days after Microsoft said it had spotted bogus versions of conservative think tanks. The fake sites were likely set up as part of a so-called watering hole attack, ultimately aimed at either planting malware or harvesting the login credentials of visitors.

Microsoft also revealed that two current American senators may have been targeted by the same online attackers, as previously reported.

The operation, which targeted conservative think tanks and Republican senators that advocate tougher policies against Russia, has been blamed on APT28, elsewhere identified as a unit of Russian military intelligence (GRU).

APT28 has also been blamed for the hack-and-leak operation against the DNC and high-profile Clinton aides in the run-up to the 2016 US presidential election.

The latest instances of cyber malfeasance come three months ahead of the 2018 US midterm elections. It offers evidence of Russia's continued efforts to destabilise US institutions, a charge consistently denied by the Kremlin itself and only grudgingly supported by the Trump administration. ®

Update

False alarm. Turns out that what the DNC thought was an attempted hack of its voter database was actually an anti-phishing security test run by officials in Michigan, unbeknown to the national organisation.

"The test, which mimicked several attributes of actual attacks on the Democratic party's voter file, was not authorized by the DNC, VoteBuilder nor any of our vendors," Lord told The Wall Street Journal.




Biting the hand that feeds IT © 1998–2018