Slashdot Mirror
Democratic National Committee Says Hackers Unsuccessfully Targeted Voter Database (cnn.com)
The Democratic National Committee contacted the FBI on Tuesday after it detected what it believes was the beginning of a sophisticated attempt to hack into its voter database, a Democratic source tells CNN. From a report: The DNC was alerted in the early hours of Tuesday morning by a cloud service provider and a security research firm that a fake login page had been created in an attempt to gather usernames and passwords that would allow access to the party's database, the source said. The page was designed to look like the access page Democratic Party officials and campaigns across the country use to log into a service called Votebuilder, which hosts the database, the source said, adding the DNC believed it was designed to trick people into handing over their login details. The source said the DNC is investigating who may have been responsible for the attempted attack, but that it has no reason to believe its voter file was accessed or altered.
Well, we know someone associated with DNC or their providers managed to detect one possible attack. This does not mean that other attacks were unsuccessful, and considering DNC track record my money would be that they are getting hacked every other day and just don't know about it.
I've used it before calling on behalf of Beto. It's a shit database. At least 50% old numbers or disconnected. Of the other half, most either don't care or have republican husbands who answer the phone and yell at you. 10% are gonna vote for a D already. About 5% of the people might have been worth calling. The Russians couldn't have made it much worse.
There's a huge difference between a random bot probing for unpatched vulnerabilities and a highly targeted attack with a specifically created fake login page.
Support Right To Repair Legislation.
While not a sophisticated attack, a mocked up login portal is much more targeted than the bots that scrape the internet to look for open ports.
This is something in between what the article implies (some sort of high-tech conspiracy hacking attack) and what you're saying (dumb vulnerability scanners in the wild).
The Russians don't need to hack the RNC. They've already got a man on the inside.
Support Right To Repair Legislation.
Comment removed based on user account deletion
or a Nigerian prince.
I would assume the RNC and other national political bodies are targeted. They simply choose not to disclose the attacks publicly.
I doubt my employer would disclose any hacking---attempted or successful---unless legally required to do so.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
The page was designed to look like the access page Democratic Party officials and campaigns across the country use to log into a service called Votebuilder, which hosts the database, the source said, adding the DNC believed it was designed to trick people into handing over their login details.
As recent history shows, Democratic operatives choose weak passwords ('password') and offer them up readily when asked for them via email from strangers...
I'm looking at you, Jon Podesta, former campaign director of Hillary 2016.
Ken
Back in 2015 and 2016 the DNC poo-poo'd FBI and other agencies that tried to alert them that they were the targets of concerted hacking efforts.
Ken
It's nothing new, it's hardly newsworthy, it's just something that happens.
The claim isn't that they were hacked, it's that someone created a clone of their login page on a common typo of their website URL.
It's like your local newspaper putting a headline on the front page: "Bank break-in attempted" when their security cameras show someone walked past the bank front door and 'tested the lock'.
Ken
"See, we got this phone call and they said they were with Windows technical support and one of our computers was spewing error messages all over the Internet...
It's not a conspiracy theory though, Trump is Putin's agent. Ask him, he won't disabuse you of that fact. He'll get on stage on TV and pardon Putin for war crimes - and has.
two factor authentication. two factor authentication. TWO FACTOR AUTHENTICATION!!!!!!
=== "Some people see the glass as half-empty. Others see it as half-full. I see the glass as too big." -G. Carlin.
From the sound of the article, it appears to be a targeted attack on the system, vs just a general blanket attack on all things computery.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
What's so special about hackers targeting valuable data? Can you imagine being alerted everytime that happens?
Or is it that they are so proud they protected against this one that they want a pat on the back?
Mod me down with all of your hatred and your journey towards the dark side will be complete!
Yea, it's not like trump went on national TV and announced to the world for Russia to hack emails this time. Only last time.
I ran a private email server for the family (not Hillary Clinton) back in the late 90s - early 00s and was constantly being probed to try to crack the SMTP password. Had one guy make about one attempt every minute with a new password from some stock dictionary of common passwords. I wasn't concerned about anyone figuring that out (it was a large password) but finally threw in the towel after somebody spoofed one of the email addresses and sent out a ton of spam on behalf of it and I ended up on some black lists. It's worth $12/year just to let my registrar handle it now!
Most blacklists are more sophisticated now. Nobody blacklists you for having one of your return addresses on a batch of spam. Everyone knows that spammers forge return addresses.
I've run a couple mail servers for many years and it's always cat and mouse with spammers. I use fail2ban and any IP that triggers fail2ban more than once is permanently dropped into my firewall rules for all ports. Obvious password guessers don't get a second chance. If I get multiple hits from the same CIDR block, I drop the whole lot in my rules.
Despite my policies, password guessing is fairly fruitless on my system anyway as my usernames are complicated and do not match the email addresses that are associated with them. Hackers have to guess the username AND the password. When I get an attempt to log in using an email address "username", I know it's a hacker/script kiddie and they get dropped into the blackhole. At this point the only ones I have left trying are slow distributed attacks that don't try often enough to trip fail2ban and never use the same IP twice anyway.
and say that if they're brought in the FBI it's something more than just a random hit to their IP address.
The hacking of the DNC really ought to be a bigger scandal than it was, and if our media was doing it's job of investigative journalism it would be. There's strong evidence that the Russians got ahold of voter rolls and send them on to the Republican party and/or the Trump campaign. There was a sudden shift in the Trump campaign's ad buys and campaigning where it became highly effective for no discernible reason, and it was right around when the hack happened....
One of the reasons I'd really love to see basic income become a thing is that it would pay for people to be investigative journalists. Combine basic income with the internet's cheap ability to distribute information. and we'd have a winning formula for one of the most important aspects of democracy, the free press. As it stands there's little work being done to investigate Trump won outside of the Mueller probe, and given the political situation that may fizzle out whereas independent journalism might hit a Watergate style breakthrough.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Ouch, funny though. And no, I am not a Browns fan. Even though I have lived here 15 years.
Anonymous comments are as pathetic as the anonymous "sources" that contaminate gutless journalism from the New York Time
Cohen hasn't flipped on Trump yet. There is actually no cooperation deal on the Russian thing which the prosecutors have made clear.
What Cohen has done is pleaded guilty to bank fraud and campaign finance reporting violations, presumably for a reduction in the 65 years of prison time he was facing.
This implications for this vis-a-vis the president is that this is the first time the Trump campaign, and the president himself, has been connected to a crime in court. However I doubt those implications are politically catastrophic. The laws broekn probably seem obscure to the average person.
What the president needs is for Cohen and Manafort to hang tough on Russia, which thus far they have, which is pretty remarkable. Either they don't have anything valuable to give up on that score, they're angling for a pardon, or they've got more serious problems than jail time. Cohen in particular is up to his eyeballs with the Russian mob.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Back in the mid-90s the first time I turned on ZoneAlarm I was getting a break-in attempt about once every 5 seconds on my IP address.
Today, in 2018, I see hackers attempting to hack my website multiple times daily.
Give it a break liberals. Hacking isn't new nor is it infrequent.
Yep. I run my own Nextcloud as a private server on a different port. I get e-mails from fail2ban about hack attempts. Mostly from China. Nothing new. Just long as security measures such as securing the admin accounts and alerts are in place you're fine.
Yes. RNC just happened to survive it the first time .
Perhaps, because they run a tighter ship, so to speak...
In Soviet Washington the swamp drains you.
Well, since you brought the president up, his August 5 tweet pretty much admits the purpose of the Trump Tower meeting of June 9 2016 was to solicit campaign aid from a foreign intelligence service -- to coin a phrase, to "collude" with the Russians. The claim now is that it was perfectly legal to do that (experts disagree).
The story about that meeting has changed so frequently I don't blame you if you missed that particular entry.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I see dead people.
Have gnu, will travel.
They wouldn't know if it was a sophisticated attack.
Well, maybe it's BS. Depends on how big of a deal piracy is to you. If Russia is pirating these databases for ~$375*50 that's nearly $20k dollars.
How much is that in RIAA dollars? This could be a very serious crime, like downloading a 1970s AC/DC album from a Russian server, thereby removing the musicians' incentive to have rocked out. Do you want Bon Scott to have banged Rosie in vain? So let's not be premature with the BS charges, dude.
The confidential information that these servers hold doesn't really have anything to do with voter registration, that's public knowledge (with a fee in some States) it's the contact and donation histories of party members.
So the voter registrations show Sally Joe is a registered "D" but the Dem database shows Sally also gives the max political donation to both state and federal candidates each election cycle and possibly some Democrat PACs as well. To some people that could be useful information but it's primarily mostly valuable to other Democrats.
Of course that's just my opinion...... you could be wrong!
He could also get an aneurysm and die.
Old, fat and ill-tempered is not a good combination.
I understand if they are unable to hack a system, or not even able to find it, but unable to target it?
Blindfold me and I am able to target (and miss) a pinata.
Don't fight for your country, if your country does not fight for you.
You know how dead people wind up being registered to vote? They register to vote when they're alive ... and then they die. That's not voter fraud.
There are lots of people (1.8 million?) who are registered to vote and who are dead. But dead people voting? Not so much. Voter impersonation is almost nonexistent.
If it weren't for deadlines, nothing would be late.
e.g. not with full address information let alone any demographics and the like.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
It's had plenty of effect on US politics, what are you talking about? If this doesn't pan out for the Democrats, it will be their Benghazi moment. You know, the topic that will go on for years and ultimately produce nothing. They really need SOMETHING to stick, so Mueller better come up with something that will stick.
It's like your local newspaper putting a headline on the front page: "Bank break-in attempted" when their security cameras show someone walked past the bank front door and 'tested the lock'.
Analogy fail. It's more like someone created a copy of the bank's front door, in order to trick a bank employee to insert their key so it could be copied.
And let's not forget TFH: the hack was "unsuccessful."
If it weren't for deadlines, nothing would be late.
I wonder how much Cambridge Analytics data they have in this database?
Comment removed based on user account deletion
Comment removed based on user account deletion
Yeah, except the integrity of an election
This has nothing to do with anything relating to the election, this is a contact database of registered voters - if hackers managed to delete any/all the records in the database it wouldn't impact a single voter, it wouldn't prevent anyone from voting.
The DNC is a private organization, not a branch of government.
Ken
But not by Russia!. https://www.motherjones.com/po... https://www.npr.org/2016/04/19... https://nypost.com/2016/04/21/...
And he deserves life in prison, if not the gallows for treason
For the crime of, what, exactly?
Ken
it's the contact and donation histories of party members
You mean the donations that the DNC reported to the FEC and are available to anyone interested in learning about by simply accessing their public website?
Ken
Comment removed based on user account deletion
> Don't worry, if there is something, Mueller has it.
And even if there isn't something, he still has it. Mueller deserves to be tried as a war criminal for helping start the Iraq war, by lying about "weapons of mass destruction". See
https://www.youtube.com/watch?...
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
DNC is revving up their excuses for losing bigly in 2018 midterm elections. I'm certain they're stupid enough to try blaming their incompetence on Russia again.
Muh Russia intensifies
Cohen hasn't flipped on Trump yet.
Cohen would not accept a pardon from Trump, if offered, Davis said. “Not only is he not hoping for it, he would not accept a pardon. He considers a pardon from somebody who has acted so corruptly as the president to be something he would never accept,” Davis told NBC on Wednesday. -- LA Times
It certainly looks like a flip to me.
The DNC was hacked and the results leaked to sway the election.
The RNC was hacked and those documents are being sat on. Why, I wonder?
Blackmail, perhaps?
The GOP are fucking traitors, is the short answer.
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
Comment removed based on user account deletion
The article I linked to says, the attack on the RNC failed. The organization was not hacked. Why, I wonder, would you misrepresent the facts this way?
Funny, how you assume, internal documents must always be embarrassing. Kinda reveals your opinion of the organizations you know from the inside :-)
That you are either a moron unable to comprehend fairly basic English, or a liar hoping to influence this kind of morons, is now established.
Whichever option applies, both explain your hatred of the GOP far better, than there being anything wrong with the object of your hate.
In Soviet Washington the swamp drains you.
According to the DNC Russian hackers had no problem doing this before.
Yeah and they had Hillary as a shill in the DNC.
DNC servers have never been inspected any US intelligence agency.
We are just supposed to take their words for it, because they are so honest.
And this comes from CNN - the most laughable fake name in news.
Sounds like posturing. We'll know if the pardon is actually proffered, which it shouldn't be if Trump knows what's good for him.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
What did Cohen corroborate? That he paid off a porn star and was then repaid by Trump?
If you're trying to refer to the Trump tower meeting, although it's been reported Cohen had knowledge of Trump involvement, both his Senate and House testimony as well as his own lawyer statements claim that he has no knowledge about Trump's involvement. Apparently it was all just another CNN fever dream and since no one in todays news offices ever bothers to corroborate anything or look for original sources the circle jerk of reporting made it a internet fact.
Trump's position has always been the same (his August 5th tweet was actually just a repeat of statements made a year earlier):
- Jr. had a meeting with a Russian lawyer in which he thought some dirt on Hillary was going to be dished and it turned into nothing.
- No one told him about it because nothing came of it.
- Talking with foreigners isn't illegal (even most legal experts won't commit to the idea that simply giving information is a violation of election rules. Even Politifact doesn't commit to calling it a crime).
The clearest involvement of foreign nationals and campaign violations would be Clinton using her lawyers to contract Fusion GPS to hire Christopher Steele to then contact Russian government officials to create the infamous dossier but even that is a technicality. It is illegal to hide the ultimate beneficiary of campaign payouts and burying oppo research under 'lawyer fees' is a textbook example of a breaking the rules. You could potentially make the same case for Trump and the Stormy payout but at that point you simply have a he said he said issue with Cohen claiming it was campaign related and Trump saying it was personal.
In either case, even if every possible allegation is true it would still amount to nothing. Both Clinton and Trump would be charged with campaign finance violations and as is the norm, pay a small fine.
Of course that's just my opinion...... you could be wrong!