On Tuesday August 21, the Democratic National Committee (DNC) reported that it had been hacked, with the US media quick to point the finger at Russia. But just one day later, the incident turned out to be a security test initiated by the Michigan Democratic Party to simulate a so-called phishing attack against the DNC.
The test involved the creation of a fake login page designed to look like the access page Democratic Party officials across the country use to log in to a service called Votebuilder, which hosts a database containing years of voter information. Phishing is a common attack method designed to trick people into handing over usernames and passwords that can later be used to access a real site.
While it is not unusual for companies and organizations to conduct tests to evaluate potential risks from phishing attacks of this nature, they are usually conducted in a way that obscures the infrastructure used in the test to prevent a third party discovering it and assuming it is a real attack. It is also best practice to inform those responsible for an organization’s security that a test is taking place. Neither the DNC, NGP Van, who provide the Votebuilder service, or the cloud provider where the page was hosted, were informed of the tests in this case.
The page was initially discovered by a San Francisco-based cybersecurity firm, Lookout. The company alerted both the DNC and cloud hosting company DigitalOcean where the page was hosted on Tuesday August 21. DigitalOcean removed the page as soon as they were alerted by Lookout.
Mike Murray, Lookout’s vice president of security intelligence, told reporters Lookout had probably found the site within 30 minutes of its being put online—before anyone would have logged on to it—and that it was changing rapidly, as if the hackers were building it as Lookout was discovering it.
Murray also said there was no way to tell who was behind the attack. “That kind of analysis and attribution takes time,” he told the Washington Post .
Josh Feinblum, chief security officer at DigitalOcean, said, “We see no evidence that any sensitive data was stolen and our initial investigation indicates that we were able to address this threat prior to the attack being launched.”
Without a shred of evidence, the Democrats and their supporters in the news media seized on the supposed hacking attempt to bolster claims of Russian meddling in the 2016 elections and of ongoing threats to this year’s midterm elections.
Bob Lord, chief security officer for the Democratic National Committee said the attack was “further proof that there are constant threats as we head into midterm elections, and we must remain vigilant in order to prevent future attacks.”
The New York Times responded with its usual scaremongering hysteria, reminding its readers “When the Democratic National Committee was hacked in 2016 during the presidential campaign, the incident was traced to Russia.” Citing “two officials” briefed on the latest incident, the Times claimed the attempt “was aggressive” and that “hackers also may have sent emails to people within the national committee to try to trick them into using the fake page.”
The Times continued, “The combination of this attack on the committee, continued influence operations by Russia and others using social media, and efforts to breach think tanks underscores that the cyber age has changed elections forever. So many systems are vulnerable to manipulation, from the voter-registration systems in the 50 states to the inner workings of the parties, that the opportunities for foreign and domestic manipulation are many.”
A Wall Street Journal article on August 22, written prior to reports of the testing, cited an email from a Democratic official saying, “We believe that this was the beginning of a sophisticated attempt to hack into our voter file and we are treating it as such.” The Journal adds, “Such phishing attempts have been routine for over a decade against political campaigns and affiliated organizations. But this incident comes amid repeated warnings from senior U.S. intelligence officials that Russia is intent on interfering in the 2018 midterm elections.”
Democratic representative for New York, Carolyn B. Maloney tweeted August 22, “This hacking attempt comes just weeks after @HouseGOP voted AGAINST funding for voting protections. Our intel community warned us about this, and now its (sic) happening. This isn’t “fake news” - its a REAL attack on our democracy. We need to act.”
As quickly became clear, there was no attack. Even as the true nature of the incident was revealed, it was used to further propagate claims of Russian interference. In a follow-up statement, Lord said, “There are constant attempts to hack the DNC and our Democratic infrastructure, and while we are extremely relieved that this wasn’t an attempted intrusion by a foreign adversary, this incident is further proof that we need to continue to be vigilant in light of potential attacks.”
Brandon Dillon, chairman of the Michigan Democratic Party, said the test was a “misstep” but it was part of efforts to improve cybersecurity “especially as the Trump administration refuses to crack down on foreign interference in our elections.”
A breakdown of communication between the Michigan Democrats and the National Committee and incompetence in carrying out a test without following best practices is now presented as “proof” of potential cyberattacks and the need for Trump to crack down on “foreign interference” in elections.
The incident once again sheds light on the utterly unsubstantiated claims by the Democratic Party that it was the victim of a Russian hacking attack during the 2016 election, which Democratic officials claimed was the alleged source of incriminating emails released by WikiLeaks.
In that case, not a shred of convincing evidence was presented showing that the Russian government was in fact behind the release of the emails. But the campaign initiated in the wake of the alleged 2016 hacking attempt was used by the media and Democratic Party officials to whip up an atmosphere of anti-Russian hysteria, used to justify a sweeping crackdown on freedom of expression on the Internet.