DNC Says Reported Hack Attempt Was a False Alarm

furry_wookie writes: A suspected attempt to hack into the Democratic National Committee's voter database was actually a cybersecurity test [Editor's note: the originally submitted article might be paywalled; an alternative source], the organization said. The DNC, which was [allegedly] hacked by Russian intelligence officers during the 2016 presidential campaign, said Tuesday it had contacted the Federal Bureau of Investigation after being alerted to an apparent phishing scheme by the computer security firm Lookout Inc., which uncovered a replica of the login page to the DNC's Votebuilder database during an online scan. In a statement early Wednesday, Bob Lord, the DNC's chief information security officer, said the DNC and its partners who reported the site 'now believe it was built by a third party as part of a simulated phishing test.'

Re:Russians

[anegg]

In what way did this event involve the Russians? I don't have any problem believing the Russians are bad actors. Their whole "pretend we are doing nothing and that it is sad how everything thinks we are bad guys" while they are busy playing every dirty trick in the book is so time-worn that it deserves nothing but raised eyebrows at this point. But...

The news article that this Slashdot post is about describes how a cybersecurity exercise that involved an external web page (built by a third party involved in the test) had that web page spotted by yet another third party (who then reported it to the DNC) and whereupon it ended up being reported by the DNC as an action by a malicious actor. This can happen when the cybersecurity response function isn't 100% up to date on what the cybersecurity testing function is involved in, unfortunately. But there is no evidence in the report that it is part of a desensitization action on the part of the Russians (in this case), because the Russians didn't create the false alarm.

You might be able to make a case that the DNC cybersecurity response function was overly sensitive due to previous Russian actions, but properly evaluating threats is something every cybersecurity function has to deal with.

Re:Russians

[JackieBrown]

The CNN article on the original submission did a very good job linking this to the Russians while leaving themselves a way to act like they didn't

https://edition.cnn.com/2018/0... [cnn.com]

Re:

[Darinbob]

Does "third party" here means a group trying to hack the DNC and then when discovered quickly said "nope, we're just third parties, the good guys, testing your security for freeeeee, honest"?

Ooh! We blocked one! Never mind...

[Anonymous Coward]

These guys are pathetic. Absurd incompetence on an epic scale.

But; 'Give us control.We know how to fix the country.'

More shit show ahead folks.

Re:

[Anonymous Coward]

Highly unlikely Trump is impeached and close to 0 chance convicted by the Senate if he is.

Clinton was acquitted despite actual evidence that he lied under oath (which, despite how much of a butthurt loser you are, is why he was impeached). The only thing Trump's impeachment will be about is the pure hatred the Left harbors for him.

Re:Ooh! We blocked one! Never mind...

[arbiter1]

If liberals really go down the road using only their hate for him as the justification for his removal then just like Nuclear option they put in place it will turn out to haunt them in the future

Re:

[arbiter1]

plus i don't think support in their own party is there to get vote through as sure some of them know its a dangerous road they are gonna travel.

Re:

[Train0987]

Project much?

Re:

[Anonymous Coward]

A word of advice.

When you call Trump things like

punk faggot traitor ass

it comes across as hate.

I think he's very likely guilty of felonies
I think he is a traitor.
I think he's hateful.
I wouldn't call him a Nazi, but I do think he's racist.
I'm doubtful that he will "hang" in any sense.
I suspect the worst fate that he faces is losing the election in 2020 and being judged a terrible and corrupt president by history.

And when you use extreme rhetoric as you've done in your post it only strengthens Trump's base. It could be that's your

Re:

[Darinbob]

Clinton was impeached because of the pure hatred the Republicans had for him. The investigation took many years and turned up nothing except a "nope, I didn't cheat on my wife!". High Crimes and Misdemeanors! Even Ken Starr has expressed regret that the took on the Lewinsky case, despite it being the only "win" of his investigation.

I don't think Trump necessarily has anything impeachable either. He certainly hangs out with a lot of crooked people though, and has some terrible lawyers (the worst being Gui

Re:

[McFortner]

Well, it all depends on what your definition of "is" is.

Re:

[pgmrdlm]

I take home more in my pay check then I did under obama. This congress has passed more bills then the previous party did. "he data shows that the House in the 115th Congress passed 321 bills. The next highest of the past five first-term Congresses was the 111th Congress (2009), when 270 bills were passed in the House. But Tauberer offers a caveat.Sep 12, 2017" Go put your Antifa mask on and ask your mommy if you can go out to play.

Re:

[No Longer an AC]

I'm not sure how passing more bills than previous legislatures in and of itself is either good or bad.

Some have argued that we'd be better off if they stopped passing so many laws and with one party in control of both Houses as well as the Executive Branch it could be interpreted as them just ramming through everything they can think of while the opposition can do little to stop them.

We see the GOP pushing hard to ram Kavanaugh onto the Supreme Court just as we see the Dems trying hard to hold off confirmat

Re:

[arth1]

You lefties are a hoot. It's like your brains are wired for 2+2=5.

That's because we're rational and understand measured quantities and not just countable numbers.

I walked the dog for 2 miles yesterday, and 2 miles today. We walked a total of 5 miles.

Re:

[arth1]

It's correct math. Measured numbers are not like cardinal or rational numbers.

My daily walk with the dog is typically around 2.3-2.4 miles, depending on whether we cut corners or not. That rounds to 2 miles.
In two days, we will have walked twice that, or 4.6-4.8 miles. That rounds to 5 miles.

But you don't even need that additional information. 2 as a measured quantity without qualifying further is 2 +- 0.5, and 5 is within twice that.

When you drive, do you feel a bunch of donkey kicks as your speed incr

Re:

[martinX]

What made you assume he was talking about measurable numbers and not cardinal or rational?

Re:

[arth1]

What made you assume he was talking about measurable numbers and not cardinal or rational?

Why assume? Making assumptions is bad, being open-minded is not. And there seems be a strong correlation between being open-minded and being liberal.

Re:

[JackieBrown]

They reported it to keep their narrative of "we can't trust elections" alive.

Re:

[pgmrdlm]

Epic! Pathetic! I would suggest that this is not any of that hyperbolic nonsense. Its a perfectly normal mistake. You want to look at pathetic, look at the national security and intelligence apparatus that can't seem to keep anything secret or seems to provide "Intelligence" that has no basis other than serving the interests of their political bosses. The difference is when they make a mistake, they don't admit it and then double down since no one can call them on it. We spent billions of dollars on a c

Re:

[Train0987]

More importantly, lessen the importance, scope and reach of the GOVERNMENT in our lives period. That's the difference between conservative and liberal. Government is the problem, not the solution.

Re:

[Anonymous Coward]

I'm really surprised they owned up about the screw up....I suspect someone was about to tell and they decided to go ahead.

There may have been someone about to tell the truth but that's not needed at all.

This is how the newscycle goes.

1. Break news! Hacking attempts against DNC servers.
2. Rampant speculation from opinion heads that the Russians were up to it.
3. Viewers/readers reading the news have their Russia Collusion narrative bias confirmed.
4. 24 hours later DNC issues retraction statement. This gets updated on Internet articles about the story but rarely issued as a new story.
5. Retraction isn't covered, because it's not

They finally learned...

[mi]

So, as Equifax and Ashley Madison — to name just a few — before, DNC has learned to take data-security seriously the hard-way. A welcome change nonetheless, for sure.

Would it to be proper to mention, that the RNC has successfully foiled [wsj.com] such an attack back in 2016? No? Too partisan? Ok...

Or, maybe, it is not too partisan to call out the same guys, who have once mocked an opponent for being computer illiterate [youtu.be]?

Re:They finally learned...

[mi]

You can't say the DNC is technologically inferior if their competition is both the US AND Russian governments

in 2016, DNC was the US government. And they failed anyway...

Re:

[Anonymous Coward]

in 2016, DNC was the US government. And they failed anyway...

Oh mi, just because you assume a political party is an authoritarian regime, doesn't mean it actually is.

You might want to remember that when you (or your compadres) claim that the RNC is an authoritarian regime.

Re:

[arth1]

in 2016, DNC was the US government.

There are three branches to the government, and none of them were exclusive to DNC.
Even if you mistake DNC for the Democratic Party, it's patently false.

Re:

[mi]

There are three branches to the government, and none of them were exclusive to DNC.

Not "exclusive". But certainly run by the Democrats — as is normal for when the Executive branch is headed by a Democrat, of course.

Even if you mistake DNC for the Democratic Party

Distinction without meaningful difference to the topic at hand.

it's patently false

Oh, it is quite true. It is no secret at all, that Obama's administration (ab)used its power to spy on Republicans [usatoday.com] and help the fellow Democrats. And not only wa

Re:

[mi]

The "opinion piece" cites an article [circa.com] with the actual declassified government documents...

Re:

[Vitriol+Angst]

The RNC was also hacked but that information, for some reason, was not let loose on WikiLeaks.

Re:

[mi]

The RNC was also hacked

Was it? No, it was not [wsj.com].

for some reason, was not let loose on WikiLeaks

Such a fresh, beautiful conspiracy theory, nipped in its innocent pink bud...

Re:

[Train0987]

Maybe because there was nothing salacious there? Also note that the RNC cooperated with the FBI to investigate, whereas the DNC to this day will not allow the FBI to look at their servers or evidence.

I don't believe for a second that any foreign power hacked John Podesta's gmail account or the DNC servers. Every bit of evidence points to the gmail hack being incompetence on his part and the DNC leaks being an inside job.

Re:

[eaglesrule]

Just before died, Seth Rich may have revealed to the police why he didn't also leak the RNC's emails. Unfortunately the DC police still won't turn over the bodycam video [twitter.com], so we'll probably never know.

Re:

[pots]

... What? Do you not know what the DNC is? It stands for Democratic National Committee. It's basically a fundraising and support organization for Democratic political candidates. It is not and has never been the US government, it is not the Democratic Party, it has no influence over politicians, it's leaders are not politicians (though many of them have been in the past).

There's a comparable organization, the RNC, which is also not the US government, and not the Republican Party, etc. These are support o

Re:

[Glarimore]

Or, maybe, it is not too partisan to call out the same guys, who have once mocked an opponent for being computer illiterate [youtu.be]?

Good job conflating a candidate's computer literacy with the competence of an IT department.

The FBI

[TykeClone]

Must have asked for access to their server.

Re:

[quantaman]

Must have asked for access to their server.

Haha, very funny.

The FBI HAD access to the server last time, images of the server VMs which is exactly what the FBI wanted.

I know it's a dumb joke, but lets not let this become the new "Al Gore claims he invented the Internet".

Re:

[alvinrod]

I know it's a dumb joke, but lets not let this become the new "Al Gore claims he invented the Internet".

That's just poppycock. Everyone knows that he actually invented the algorithm.

Re:

[Anonymous Coward]

Must have asked for access to their server.

Haha, very funny.

The FBI HAD access to the server last time, images of the server VMs which is exactly what the FBI wanted.

I know it's a dumb joke, but lets not let this become the new "Al Gore claims he invented the Internet".

True. Whether or not the FBI actually had the DNC server images is irrelevant when they were all but flying an "I'm with her!" flag on the HQs flagpole while they were working on whatever that "insurance policy" was.

Hmmm. Maybe that "insurance policy" was a special counsel investigation where any attempt to clean out corrupt sleazeballs that used the NSA to spy on a rival campaign - guys like Andy "$1 million from Hillary! went to my wife!" McCabe and Bruce "my wife worked with the guys Hillary! paid to c

Re:

[Train0987]

"The FBI HAD access to the server last time, images of the server VMs which is exactly what the FBI wanted."

Except that is a very recent cover story that the FBI denies. The DNC hired Cloudstrike (a supporter/contributor) to "confirm" that the evil Russians had hacked their servers instead of legitimate law enforcement..

Did they wipe the server?

[Oh really now]

You know, like with a cloth?

Re:

[Daralantan]

Don't say anything about "bleaching" or "acid bath" though. You might have a fact checker saying that you lied because you used the wrong term!

How about some context here?

[onyxruby]

Saying someone was trying to hack the DNC doesn't mean anything. Any organization of a certain size or reputation deals with hack attempts 24/7/365. Many organizations have their own SOC just to deal with the non stop attempts. Smaller organizations will often outsource their SOC to a specialist company when they don't have the resources.

Low level hack attempts are a bit like CMB. It's everywhere you look, in any direction you look, it never ever stops and quickly becomes background noise.

Surprising

[cyberchondriac]

I'm a little pleasantly surprised they came clean and didn't just continue to run with it, to stir up more "ruhssian treason" sentiment.
OTOH however, they also know that the first accusation that goes out gets repeated and retweeted the most, and relatively fewer people pay attention to retractions or corrections, most particularly if those don't align with their political confirmation bias. In many people's perspective, this will continue to be yet another russian "hack" of the DNC.

Re: Hmmmmmmm

[jrumney]

Not a test. A simulation of a test. By an unknown third party. Nothing to see here...we didn't get hacked.

Even better... it wasn't a HACK, was JUST PHISHING

[furry_wookie]

Good greif, now I read that the whole DNC thing yesterday was not even an "attack" it was just a phising email sent to some people. And they cried "muh rushians" over that.

The Nigerian Prince who sent these super scary emails to people at the DNC which made headlines in every #fakenews organization yesterday, was unavailable for comment.

Good Lord

[cascadingstylesheet]

So they hit the media claiming an attack because of an internal phishing test??

I mean, kudos for finally watching for this stuff now, but ...

Maybe that's their actual security plan

[cascadingstylesheet]

In the event of intrusion attempt:

1. Alert the media

2. ???

3. Profit!

trolls unite

[SoulRider]

OMG its a troll feeding ground!