Attempted Hacking of Voter Database Was a False Alarm, Democratic Party Says

WASHINGTON — The suspected hacking attempt of the Democratic National Committee’s voter database this week was a false alarm and the unusual activity that raised concern was merely a test, party officials said Thursday.

The blunder was caused by a lack of communication between the national committee and one of its state branches, the officials said. The Michigan Democratic Party had hired hackers to simulate an attack known as phishing, but did not inform the national committee.

The Michigan Democratic Party’s test had attributes similar to an actual hacking, said Bob Lord, the national committee’s chief security officer. When the Democratic National Committee was contacted by cybersecurity experts earlier this week about the activity, it notified the FBI out of fears that it was another Russian attempt to penetrate the committee, as Moscow did during the 2016 presidential campaign.

The jolts of panic caused by what turned out to be an intraparty action underscored the fear of another major breach of the party’s systems just weeks before the midterm elections, even as computer security has been prioritized and shored up since 2016. U.S. intelligence officials have said there continue to be real threats from Russia to interfere in U.S. elections.

“There are constant attempts to hack the DNC and our Democratic infrastructure, and while we are extremely relieved that this wasn’t an attempted intrusion by a foreign adversary, this incident is further proof that we need to continue to be vigilant in light of potential attacks,” Lord said in a statement.

Brandon Dillon, chairman of the Michigan Democratic Party, called the situation a “misstep” and said it was part of efforts to improve cybersecurity defenses “especially as the Trump administration refuses to crack down on foreign interference in our elections. In an abundance of caution, our digital partners ran tests that followed extensive training.”

In 2016, Russian state-backed operatives penetrated the Democratic National Committee using a phishing campaign, in which hackers create website login pages that appear to be legitimate to trick unsuspecting users into giving up their usernames and passwords. Hackers can then use the stolen credentials to log in to systems like email or voter registration databases.

Now campaigns often test their employees with phishing simulations like the one conducted by the Michigan party, in which it had third parties set up a fake page that mimicked the party’s login page for its voter-registration website.

That page was detected late Monday by cybersecurity firm Lookout, which informed the Democratic National Committee. The fake page appeared to be aimed at hacking the Democratic National Committee’s Votebuilder database, which Lord has referred to as “the party’s most sensitive information.”

The database is a particular prize for hackers because it contains personal details on Democratic voters that could be used to unlock other information, including personal email accounts and computer files. Its successful penetration could have set off other hacking in a domino effect, cybersecurity experts said.

“Phishing attacks to get credentials or install malware are the ammunition that’s currently being used to attack our election systems,” said Joseph Lorenzo Hall, an election security expert and the chief technologist of the Center for Democracy and Technology.

In an interview, Lord said that the fake page did not contain any educational features — leading the Democratic National Committee to believe it was an actual hacking attempt rather than a test. “It very closely mimicked the infrastructure you’d see actual hackers using,” he said. “At the time that it was detected by outside parties, it did not exhibit any of the characteristics of a training system.”

The committee’s incident response plan requires it to notify law enforcement in the event of a hacking attempt. “It’s important for me to make sure that when we believe that we are the victim of a criminal act, that we take appropriate action and involve law enforcement,” Lord said.

Mike Murray, head of security intelligence at Lookout, said it was essential that the activity was caught, even if it was benign.

“You don’t know that it’s a false alarm until you show up with the ladders and the fire trucks and the hoses,” he said. “Our goal is to detect bad people doing bad things, regardless of whether that’s crime or espionage or some kid messing around. We don’t want anybody to be attacked.”

With the midterms just over 70 days from now, political groups and systems administrators have been on high alert about hacks and foreign meddling.

Microsoft recently detected that hackers tied to Russian intelligence targeted the Senate and conservative think tanks in the United States by creating fake websites. Last month, Facebook discovered a political influence campaign directed at disrupting the upcoming elections. And this week, the social media giant said it had found other disinformation efforts outside the United States.