The Michigan Democratic Party tried to hack the DNC but forgot to warn them first

[William Gayde]

Facepalm: The Michigan Democratic Party conducted a penetration test on the DNC's national voter database but forgot to warn the DNC in advance. The DNC freaked out and reported it to the FBI.

This past Tuesday, the Democratic National Committee reported to the FBI that it had been targeted by a sophisticated cyberattack and they were proud of the fact that they had thwarted the attack. In a surprise reversal today, the DNC announced it was all a false alarm. It turns out the "attack" was just a friendly security test done by some volunteers and researchers in Michigan.

The incident consisted of a phishing attack to gain access to the party's master voter database. The firm conducting the test, DigiDems, created a fake login page that was emailed to DNC officials. This page would then steal the password of anyone that tried to log into the VoteBuilder database. This is a closely guarded list containing the personal information of registered democratic voters and donors. It could be extremely valuable to adversaries so access is closely monitored.

In a statement to NPR, a party official described the test as being actually carried out by white hat workers at the Michigan Democratic Party. Unfortunately, members of the state party never communicated to the national office about the test.

This kind of penetration tests are very common in the industry as a way to find weak points in an institution's security. However, the company whose security is being tested usually knows about such a test in advance.

DNC security officer Bob Lord said in a statement that "there are constant attempts to hack the DNC and our Democratic infrastructure, and while we are extremely relieved that this wasn’t an attempted intrusion by a foreign adversary, this incident is further proof that we need to continue to be vigilant in light of potential attacks.”

The DNC was attacked by Russian hackers during the 2016 election so it's no surprise they are on high alert for future incidents.

Permalink to story.

https://www.techspot.com/news/76116-michigan-democratic-party-tried-hack-dnc-but-forgot.html

 

[Evernessince]

Each state should be hiring professionals to get our election system ready for mid-terms. There are only a few months left and nothing has really changed since 2016. That's not good.

 

[gamerk2]

Each state should be hiring professionals to get our election system ready for mid-terms. There are only a few months left and nothing has really changed since 2016. That's not good.

Well, one party shot down a measure increasing funding for election security; they said they felt there wasn't enough evidence to prove increased funding was warranted.

Fact is, Putin has learned time and time again he can meddle basically anywhere and get away with it. This all goes back to George W. not pushing back against the invasion of Georgia. Putin's ambitions continue to expand, and no one is willing to stop him.

If you look at the way things are going, the similarities to the 1930's are stark.

 

[Cyber Citizen]

The behavior of the Michigan Democratic Party is unacceptable and its leaders should resign. Also, I hope their Russin ties are investigated to the fullest.

 

[Theinsanegamer]

Each state should be hiring professionals to get our election system ready for mid-terms. There are only a few months left and nothing has really changed since 2016. That's not good.

Well, one party shot down a measure increasing funding for election security; they said they felt there wasn't enough evidence to prove increased funding was warranted.

Fact is, Putin has learned time and time again he can meddle basically anywhere and get away with it. This all goes back to George W. not pushing back against the invasion of Georgia. Putin's ambitions continue to expand, and no one is willing to stop him.

If you look at the way things are going, the similarities to the 1930's are stark.

If your party and candidate can be defeated by some russians buying some ads supporting burnie on facebook and pepe memes, your party and candidate are ****.

Constantly blaming benal russian ads for burnie for the reason trump won the election only shows that the democrats havent learned ANYTHING since 2016, and are guaranteeing their failure in 2018.

Also, the democrats were all buddy buddy with russia until late into obama's second term. If russia has been doing this since bush, then wouldnt the democrats also be guilty of collusion with the russians? Did obama win thanks to russian influence?

 

[Evernessince]

If your party and candidate can be defeated by some russians buying some ads supporting burnie on facebook and pepe memes, your party and candidate are ****.

Constantly blaming benal russian ads for burnie for the reason trump won the election only shows that the democrats havent learned ANYTHING since 2016, and are guaranteeing their failure in 2018.

Also, the democrats were all buddy buddy with russia until late into obama's second term. If russia has been doing this since bush, then wouldnt the democrats also be guilty of collusion with the russians? Did obama win thanks to russian influence?

Dude, chill out. No one said anything about Russians, Democrats, or anything else. If you are going to go on a political rant, go somewhere else. Whataboutism doesn't work here.

Otherwise the importance of securing our elections should go without saying. If you don't support fair and equal elections then I have nothing else to discuss with you.

 

[isamuelson]

Actually, not informing them of the test IS good practice. Our company does it all the time, sending out fake emails. If you click the "phish" button instead to report it, you usually get a notification that you did a good thing. However, if you don't report it and click the link, you'll then get a training ticket assigned to you to retake the online cyber security training within our company's training web site. So, complaining that they didn't have ample notice is basically trying to lay the blame on someone else rather than taking ownership of their stupidity. Maybe now they'll be less likely to click on links.