Democrats Admit This Week’s DNC Hack was ‘Internal’ Security Test

Red Teaming penetration testing, hack

The attempted ‘hack’ of the Democratic National Committee’s (DNC) voter information database this week was, in fact, a security test, according to the DNC’s chief security officer.

Earlier this week, it was reported that unidentified hackers initiated a phishing attack by spoofing a login page for VoteBuilder, a voter data website used by the DNC in what was believed to be an attempt to steal sensitive information. VoteBuilder is commonly used by campaign managers and other officials. A DNC official insisted that the ‘sophisticated attack’ was quickly shut down with no information stolen.

As it turns out, what was initially thought to be malicious attempt to steal the massive voter information file happens to be a discreet phishing cybersecurity drill instead.

“This was an unauthorized test, not an attack,” Bob Lord, the Democratic National Committee’s chief security officer, told The Associated Press on Thursday.

The DNC and the internet platform hosting the data were not alerted about the simulated security test, leaving national party officials reaching out to contact federal law enforcement after discovering the ‘attack’.

“This is a demonstration that the DNC is plugged into the security community in a way we weren’t before,” Lord stated, adding:

The test, which mimicked several attributes of actual attacks on the Democratic party’s voter file, was not authorized by the DNC, VoteBuilder nor any of our vendors.

The phishing exercise was a common one, similar to the one that ensnared John Podesta – Hilary Clinton’s campaign chairman – that eventually lead to Wikileaks revealing his emails months before Clinton eventually lost to current U.S. president Donald Trump.

The simulated attack comes within three months of the November midterm elections.

Image credit: LIFARS archive.