A recent hacking attempt against the Democratic National Committee (DNC) proved to be a false alarm, according to a clarifying statement released by the DNC chief security officer Bob Lord.
The attempted hack came to light yesterday, after CNN and the Washington Post published news stories about a phishing attempt against a website owned by the DNC.
The reports cited an alert issued by US cyber-security firm and government contractor Lookout.
Lookout told reporters, and later in a blog post, about discovering a phishing page hosted on the infrastructure of DigitalOcean, a US-based hosting provider.
The phishing page mimicked the login page of votebuilder.com, a website managed by NGP VAN, a privately owned company that offers a voter database used by the DNC for its political campaigns.
Lookout says its Phishing AI technology identified this fake login page on Monday, after which it immediately contacted the DNC, NGP VAN, and DigitalOcean to have it taken down.
The page was taken down on Tuesday when the news of the attempted phishing attack against the DNC also broke in US mainstream media.
But as investigators looked into the matter, the attempted hack proved to be a test, according to a statement issued by DNC CSO Bob Lord.
"We have continued to investigate the phishing site reported to the DNC yesterday. We along with partners who reported the site, now believe it was built by a third party as part of a simulated phishing test on VoteBuilder," Lord said.
"The test, which mimicked several attributes of actual attacks on the Democratic party's voter file, was not authorized by the DNC, VoteBuilder nor any of our vendors," he said.
"The party took the necessary precautions to ensure that sensitive data critical to candidates and state parties across the country was not compromised. There are constant attempts to hack the DNC and our Democratic infrastructure, and while we are extremely relieved that this wasn't an attempted intrusion by a foreign adversary, this incident is further proof that we need to continue to be vigilant in light of potential attacks."
According to Michael Kan, a reporter for PCMag, the "third party" who authorized the phishing test without informing the DNC was the Michigan Democratic Party branch.
So apparently phishing attack on DNC was a false alarm. Source familiar with the matter says the Michigan Democratic Party asked a third party to conduct a "simulated phishing test" on the voter database but without authorization from the DNC. pic.twitter.com/AESUzB5yOX— Michael Kan (@Michael_Kan) August 23, 2018
Image credits: Lookout