Democratic National Committee Says Hackers Unsuccessfully Targeted Voter Database

The Democratic National Committee contacted the FBI on Tuesday after it detected what it believes was the beginning of a sophisticated attempt to hack into its voter database, a Democratic source tells CNN. From a report: The DNC was alerted in the early hours of Tuesday morning by a cloud service provider and a security research firm that a fake login page had been created in an attempt to gather usernames and passwords that would allow access to the party's database, the source said. The page was designed to look like the access page Democratic Party officials and campaigns across the country use to log into a service called Votebuilder, which hosts the database, the source said, adding the DNC believed it was designed to trick people into handing over their login details. The source said the DNC is investigating who may have been responsible for the attempted attack, but that it has no reason to believe its voter file was accessed or altered.

Look ma, look what I did

[sinij]

Well, we know someone associated with DNC or their providers managed to detect one possible attack. This does not mean that other attacks were unsuccessful, and considering DNC track record my money would be that they are getting hacked every other day and just don't know about it.

Untargeted vs Targeted

[Comboman]

There's a huge difference between a random bot probing for unpatched vulnerabilities and a highly targeted attack with a specifically created fake login page.

Re:Oh puhlease!

[tnok85]

While not a sophisticated attack, a mocked up login portal is much more targeted than the bots that scrape the internet to look for open ports.

This is something in between what the article implies (some sort of high-tech conspiracy hacking attack) and what you're saying (dumb vulnerability scanners in the wild).

Re:And?

[Comboman]

The Russians don't need to hack the RNC. They've already got a man on the inside.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:And?

[EndlessNameless]

I would assume the RNC and other national political bodies are targeted. They simply choose not to disclose the attacks publicly.

I doubt my employer would disclose any hacking---attempted or successful---unless legally required to do so.

Seems like a lot of work

[kenh]

The page was designed to look like the access page Democratic Party officials and campaigns across the country use to log into a service called Votebuilder, which hosts the database, the source said, adding the DNC believed it was designed to trick people into handing over their login details.

As recent history shows, Democratic operatives choose weak passwords ('password') and offer them up readily when asked for them via email from strangers...

I'm looking at you, Jon Podesta, former campaign director of Hillary 2016.

Re:Seems like a lot of work

[Mashiki]

Look pal. Have you gotten permission from CNN to look at the wikileaks on this? After all only journalists are allowed to do that.

Oh NOW they want the FBI's help

[kenh]

Back in 2015 and 2016 the DNC poo-poo'd FBI and other agencies that tried to alert them that they were the targets of concerted hacking efforts.

How it happend

[jmcwork]

"See, we got this phone call and they said they were with Windows technical support and one of our computers was spewing error messages all over the Internet...

So?

[grasshoppa]

What's so special about hackers targeting valuable data? Can you imagine being alerted everytime that happens?

Or is it that they are so proud they protected against this one that they want a pat on the back?

Re:Oh puhlease!

[fuzznutz]

I ran a private email server for the family (not Hillary Clinton) back in the late 90s - early 00s and was constantly being probed to try to crack the SMTP password. Had one guy make about one attempt every minute with a new password from some stock dictionary of common passwords. I wasn't concerned about anyone figuring that out (it was a large password) but finally threw in the towel after somebody spoofed one of the email addresses and sent out a ton of spam on behalf of it and I ended up on some black lists. It's worth $12/year just to let my registrar handle it now!

Most blacklists are more sophisticated now. Nobody blacklists you for having one of your return addresses on a batch of spam. Everyone knows that spammers forge return addresses.

I've run a couple mail servers for many years and it's always cat and mouse with spammers. I use fail2ban and any IP that triggers fail2ban more than once is permanently dropped into my firewall rules for all ports. Obvious password guessers don't get a second chance. If I get multiple hits from the same CIDR block, I drop the whole lot in my rules.

Despite my policies, password guessing is fairly fruitless on my system anyway as my usernames are complicated and do not match the email addresses that are associated with them. Hackers have to guess the username AND the password. When I get an attempt to log in using an email address "username", I know it's a hacker/script kiddie and they get dropped into the blackhole. At this point the only ones I have left trying are slow distributed attacks that don't try often enough to trip fail2ban and never use the same IP twice anyway.

I'm gonna go out on a limb here

[rsilvergun]

and say that if they're brought in the FBI it's something more than just a random hit to their IP address.

The hacking of the DNC really ought to be a bigger scandal than it was, and if our media was doing it's job of investigative journalism it would be. There's strong evidence that the Russians got ahold of voter rolls and send them on to the Republican party and/or the Trump campaign. There was a sudden shift in the Trump campaign's ad buys and campaigning where it became highly effective for no discernible reason, and it was right around when the hack happened....

One of the reasons I'd really love to see basic income become a thing is that it would pay for people to be investigative journalists. Combine basic income with the internet's cheap ability to distribute information. and we'd have a winning formula for one of the most important aspects of democracy, the free press. As it stands there's little work being done to investigate Trump won outside of the Mueller probe, and given the political situation that may fizzle out whereas independent journalism might hit a Watergate style breakthrough.

Re:why bother?

[pgmrdlm]

Dead bigots are good bigots. Hope you become a dead bigot soon. And no, that is not a threat. There are always other bigots out there that will do the job for me because they are just as fucking stupid as you.

Re:Non-story

[hey!]

Well, since you brought the president up, his August 5 tweet pretty much admits the purpose of the Trump Tower meeting of June 9 2016 was to solicit campaign aid from a foreign intelligence service -- to coin a phrase, to "collude" with the Russians. The claim now is that it was perfectly legal to do that (experts disagree).

The story about that meeting has changed so frequently I don't blame you if you missed that particular entry.

Re:And?

[yuriklastalov]

DNC is revving up their excuses for losing bigly in 2018 midterm elections. I'm certain they're stupid enough to try blaming their incompetence on Russia again.

Muh Russia intensifies

Re:Interesting timing here

[jrumney]

Cohen hasn't flipped on Trump yet.

Cohen would not accept a pardon from Trump, if offered, Davis said. “Not only is he not hoping for it, he would not accept a pardon. He considers a pardon from somebody who has acted so corruptly as the president to be something he would never accept,” Davis told NBC on Wednesday. -- LA Times

It certainly looks like a flip to me.