Hack thwarted on Democratic Party voter data
Files contain information on millions of voters
The Democratic National Committee thwarted an attempted hack of its massive voter database, an official said Wednesday, two years after Russian operatives sent the party into disarray by breaking into its computers and facilitating the release of tens of thousands of emails online amid the U.S. presidential election.
A web security firm using artificial intelligence uncovered the attempt. The DNC was notified Tuesday, it said.
Hackers had created a fake login page to gather usernames and passwords in an effort to gain access to the Democratic Party's voter file, a party official said. The file contains information on tens of millions of voters.
The attempt was quickly thwarted by suspending the attacker's account, and no information was compromised, the official said. The FBI was notified. The official wasn't authorized to speak about sensitive security information and spoke to The Associated Press on condition of anonymity.
Government and tech officials say it's too early to know who was behind the attempt. The FBI declined to comment to the AP.
Latest in series of cyberattacks
The hacking attempt comes as Democrats gather for their summer meeting. The party's cybersecurity has been an issue since the 2016 presidential election, when Russian hackers compromised DNC servers and publicly revealed internal communications that exploited divisions between Bernie Sanders's and Hillary Clinton's campaigns as the two candidates vied for the Democratic presidential nomination.
Hackers also accessed the email accounts of Clinton's campaign chairman, John Podesta, and systematically released the contents throughout the fall campaign.
It also comes a day after Microsoft announced it had uncovered similarly fraudulent websites created by Kremlin agents that spoofed two conservative outfits that are foes of Russian President Vladimir Putin, presumably to trick unwitting visitors into surrendering credentials.
Bob Lord, the DNC's chief security officer, said the attempt showed how serious the cyberthreat is and why it's critical that state and federal officials work together on security.
"This attempt is further proof that there are constant threats as we head into midterm elections and we must remain vigilant in order to prevent future attacks," Lord said in a statement.
He said President Donald Trump isn't doing enough to protect American democracy. Previously, Trump mocked the DNC's cybersecurity and cast doubt on U.S. intelligence officials' findings that Russia was involved.
At a previously scheduled election security briefing Wednesday, Homeland Security Secretary Kirstjen Nielsen said the quick response to the attempted DNC hack showed that the system was working "and that different entities understand who to reach out to," she said.
High stakes
"Any attack on a political party or a campaign is important for us all to take seriously," she said, emphasizing the government was doing all it could to help protect election systems ahead of the midterm elections.
Amid the news, a Senate committee abruptly postponed a Wednesday vote on legislation to help states prevent against election hacking, frustrating Democrats and at least one Republican on the panel.
The vote was put off by the Senate Rules and Administration Committee after a bipartisan group of lawmakers spent months negotiating the legislation. The bill would aim to protect state election infrastructure by requiring that all states use backup paper ballots and conduct audits after elections, among other measures. It would also require DHS to immediately notify states if the federal government is aware that a state election system has been breached.
Republican Sen. James Lankford, of Oklahoma, one of the bill's sponsors, said after the vote's postponement that "congressional inaction is unacceptable."
The bill "will help states take necessary steps to further prepare our election infrastructure for the possibility of interference from not just Russia, but other possible adversaries like Iran or North Korea or a hacktivist group," Lankford said.
States have been scrambling to secure their election systems since it was revealed that Russian hackers targeted election systems in at least 21 states in 2016, though the number is likely greater. There has been no indication any vote tallies were changed.
In Tuesday's incident, a scanning tool deployed by the San Francisco security company Lookout detected a masquerading website designed to harvest the passwords of users of the login page of NGP VAN, a technology provider used by the Democrats and other liberal-leaning political organizations, said Mike Murray, the company's vice president of security intelligence.
Juicy target
The tool, which leverages artificial intelligence, has been in development for a year and wasn't tasked to scan any sites in particular but instead to identify phishing sites based on typical attributes, Murray said.
"This is the beauty of AI: It finds things that humans don't know to look for," he said.
He said the tool notified Lookout before the impostor page had even been populated with content.
Ross Rustici, senior director for intelligence services at Cybereason in Boston, said a voter database is a juicy target for anyone trying to exacerbate political divisions in the U.S. or gain insight on political opponents.
"The data housed in these types of databases would be incredibly useful both for domestic opposition research as well as for foreign intelligence and counterintelligence purposes," he said.