The Democratic National Committee said Wednesday that it had blocked a “sophisticated attempt” to access its file on tens of millions of voters.
Hackers attempted to access the file, which is hosted by Votebuilder, by creating a fake login page to try to get people’s usernames and passwords, a Democratic official said. The official said the party did not know who was behind the attempted attack and had contacted law enforcement, including the FBI, according to CNN, which first reported the incident.
Mobile digital security firm Lookout first detected the attack Monday evening through artificial intelligence that scans the web looking for phishing attempts. Recognizing that the attack had a high-value target, the engineer in charge of the AI relayed what was happening to higher-ups. The company then contacted the cloud service DigitalOcean, which it had detected was hosting the attack, as well as NGP VAN, which provides the software that hosts the DNC’s voter information.
The attack had been going on for about 30 minutes before it was detected, said Aaron Cockerill, Lookout’s chief strategy officer. The three groups managed to get the attack offline in a few hours, which Cockerill said is “remarkably fast.” Because the groups caught the attack so quickly, Cockerill said they believe it is unlikely that any phishing messages went out.
The Democratic official told CNN the party’s voter information was not accessed or changed in any way.
Bob Lord, the DNC’s chief security officer, briefed party officials about the incident on Wednesday.
“This attempt is further proof that there are constant threats as we head into midterm elections and we must remain vigilant in order to prevent future attacks,” he said in a statement. “While it’s clear that the actors were going after the party’s most sensitive information ― the voter file ― the DNC was able to prevent a hack by working with the cyber ecosystem to identify it and take steps to stop it.”
Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology, said it wasn’t unusual to see phishing used in attempts to steal credentials. But he said it was strange to see it targeted toward gaining access to voter information.
“What’s new is that we haven’t seen phishing attempts targeted at campaign voter lists like the DNC’s through NGP VAN’s Nation Builder platform, which if targeted could at a minimum disrupt the Democratic political machine during the midterms and potentially directly impact Democratic campaign efforts and get-out-the-vote effectivity in key districts,” he said in an email.
The DNC was hacked during the 2016 election, and hackers gained access to the party’s research on Donald Trump and internal emails and other communications. Congress approved $380 million for election security upgrades last year, but Trump has downplayed the threat of another breach even as states are working to improve their election security and U.S. intelligence officials warn that Russians are likely to interfere in this year’s midterm elections.