Attempt to Break Into Democratic Party Voter Data Thwarted
23.8.18 securityweek BigBrothers
An attempt to break into the Democratic National Committee’s massive voter database has been thwarted, a party official said Wednesday, two years after Russian operatives sent the party into disarray by hacking into its computers and facilitating the release of tens of thousands of emails amid the presidential election.
A web security firm using artificial intelligence uncovered the attempt. The DNC was notified Tuesday, it said. Hackers had created a fake login page to gather usernames and passwords in an effort to gain access to the Democratic Party’s voter file, a party official said. The file contains information on tens of millions of voters. The attempt was quickly thwarted by suspending the attacker’s account, and no information was compromised, the official said. The FBI was notified.
The official wasn’t authorized to speak about sensitive security information and spoke to The Associated Press on condition of anonymity.
Government and tech officials say it’s too early to know who was behind the attempt. The FBI declined to comment to the AP.
The attempt comes as Democrats gather for their summer meeting. The party’s cybersecurity has been an issue since the 2016 presidential election, when Russian hackers compromised DNC servers and publicly revealed internal communications that exploited divisions between Bernie Sanders’ and Hillary Clinton’s campaigns as the two candidates vied for the Democratic presidential nomination. Hackers also accessed the email accounts of Clinton’s campaign chairman, John Podesta, and systematically released the contents throughout the fall campaign.
It also comes a day after Microsoft announced it had uncovered similarly fraudulent websites created by Kremlin agents that spoofed two conservative outfits that are foes of Russia’s president, Vladimir Putin, presumably to trick unwitting visitors into surrendering credentials.
Bob Lord, the DNC’s chief security officer, said the attempt showed how serious the cyberthreat is and why it’s critical that state and federal officials work together on security.
“This attempt is further proof that there are constant threats as we head into midterm elections and we must remain vigilant in order to prevent future attacks,” Lord said in a statement.
He said President Donald Trump isn’t doing enough to protect American democracy. Previously, Trump mocked the DNC’s cybersecurity and cast doubt on U.S. intelligence officials’ findings that Russia was involved.
At a previously scheduled election security briefing Wednesday, Homeland Security Secretary Kirstjen Nielsen said the quick response to the attempted DNC hack showed that the system was working “and that different entities understand who to reach out to,” she said.
“Any attack on a political party or a campaign is important for us all to take seriously,” she said, emphasizing the government was doing all it could to help protect election systems ahead of the midterm elections. At stake is control of Congress, which could potentially switch from Republican to Democrat.
Amid the news, a Senate committee abruptly postponed a Wednesday vote on legislation to help states prevent against election hacking, frustrating Democrats and at least one Republican on the panel.
The vote was put off by the Senate Rules and Administration Committee after a bipartisan group of lawmakers spent months negotiating the legislation. The bill would aim to protect state election infrastructure by requiring that all states use backup paper ballots and conduct audits after elections, among other measures. It would also require DHS to immediately notify states if the federal government is aware that a state election system has been breached.
A Senate Republican aide said the vote was postponed because secretaries of state had complained about certain provisions, including the type of audits the bill would require. The aide said additional Republican support would be necessary to move the legislation out of committee. The aide was not authorized to speak about the committee’s reasoning and spoke on condition of anonymity.
Republican Sen. James Lankford of Oklahoma, one of the bill’s sponsors, said after the vote’s postponement: “Congressional inaction is unacceptable.”
The bill “will help states take necessary steps to further prepare our election infrastructure for the possibility of interference from not just Russia, but other possible adversaries like Iran or North Korea or a hacktivist group,” Lankford said.
The DNC committee attempt wasn’t mentioned at a Senate hearing on election security Wednesday, according to senators who were present.
States have been scrambling to secure their election systems since it was revealed that Russian hackers targeted election systems in at least 21 states in 2016, though the number is likely greater. There has been no indication any vote tallies were changed. Nielsen said at the briefing that states should have auditing systems in part as a safeguard so the public knows the vote tallies can be trusted.
In Tuesday’s incident, a scanning tool deployed by the San Francisco security company Lookout detected a masquerading website designed to harvest the passwords of users of the login page of NGP VAN, a technology provider used by the Democrats and other liberal-leaning political organizations, said Mike Murray, the company’s vice president of security intelligence. He said he contacted the DNC.
The tool, which leverages artificial intelligence, has been in development for a year and wasn’t tasked to scan any sites in particular but instead to identify phishing sites based on typical attributes, Murray said.
“This is the beauty of AI: It finds things that humans don’t know to look for,” he said.
He said the tool notified Lookout before the impostor page had even been populated with content. “As soon as we realized how fast it was developing, I decided to reach out to contacts that I know at the DNC.” Murray also contacted the website hosting company, Digital Ocean.
Ross Rustici, senior director for intelligence services at Cybereason in Boston, said a voter database is a juicy target for anyone trying to exacerbate political divisions in the U.S. or gain insight on political opponents.
“The data housed in these types of databases would be incredibly useful both for domestic opposition research as well as for foreign intelligence and counterintelligence purposes,” he said.