Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNC Says Reported Hack Attempt Was a False Alarm (wsj.com)

Posted by msmash on from the damn-you,-red-team dept.

furry_wookie writes: A suspected attempt to hack into the Democratic National Committee's voter database was actually a cybersecurity test [Editor's note: the originally submitted article might be paywalled; an alternative source], the organization said. The DNC, which was [allegedly] hacked by Russian intelligence officers during the 2016 presidential campaign, said Tuesday it had contacted the Federal Bureau of Investigation after being alerted to an apparent phishing scheme by the computer security firm Lookout Inc., which uncovered a replica of the login page to the DNC's Votebuilder database during an online scan. In a statement early Wednesday, Bob Lord, the DNC's chief information security officer, said the DNC and its partners who reported the site 'now believe it was built by a third party as part of a simulated phishing test.'

15 of 115 comments (clear)

  1. Ooh! We blocked one! Never mind... by Anonymous Coward · · Score: 2, Insightful

    These guys are pathetic. Absurd incompetence on an epic scale.

    But; 'Give us control.We know how to fix the country.'

    More shit show ahead folks.

    1. Re:Ooh! We blocked one! Never mind... by arbiter1 · · Score: 4, Insightful

      If liberals really go down the road using only their hate for him as the justification for his removal then just like Nuclear option they put in place it will turn out to haunt them in the future

    2. Re:Ooh! We blocked one! Never mind... by JackieBrown · · Score: 2

      They reported it to keep their narrative of "we can't trust elections" alive.

  2. They finally learned... by mi · · Score: 4, Informative

    So, as Equifax and Ashley Madison — to name just a few — before, DNC has learned to take data-security seriously the hard-way. A welcome change nonetheless, for sure.

    Would it to be proper to mention, that the RNC has successfully foiled such an attack back in 2016? No? Too partisan? Ok...

    Or, maybe, it is not too partisan to call out the same guys, who have once mocked an opponent for being computer illiterate?

    --
    In Soviet Washington the swamp drains you.
    1. Re:They finally learned... by mi · · Score: 4, Insightful

      You can't say the DNC is technologically inferior if their competition is both the US AND Russian governments

      in 2016, DNC was the US government. And they failed anyway...

      --
      In Soviet Washington the swamp drains you.
    2. Re:They finally learned... by arth1 · · Score: 2

      in 2016, DNC was the US government.

      There are three branches to the government, and none of them were exclusive to DNC.
      Even if you mistake DNC for the Democratic Party, it's patently false.

    3. Re:They finally learned... by mi · · Score: 3, Insightful

      There are three branches to the government, and none of them were exclusive to DNC.

      Not "exclusive". But certainly run by the Democrats — as is normal for when the Executive branch is headed by a Democrat, of course.

      Even if you mistake DNC for the Democratic Party

      Distinction without meaningful difference to the topic at hand.

      it's patently false

      Oh, it is quite true. It is no secret at all, that Obama's administration (ab)used its power to spy on Republicans and help the fellow Democrats. And not only was the NSA-collected data used that way, Comey's FBI was "doing its part" too.

      "Patently false" my tail...

      --
      In Soviet Washington the swamp drains you.
    4. Re:They finally learned... by mi · · Score: 2

      The "opinion piece" cites an article with the actual declassified government documents...

      --
      In Soviet Washington the swamp drains you.
  3. The FBI by TykeClone · · Score: 4, Funny

    Must have asked for access to their server.

    --
    A fine is a tax you pay for doing wrong and a tax is a fine you pay for doing all right.
  4. Did they wipe the server? by Oh+really+now · · Score: 5, Funny

    You know, like with a cloth?

  5. How about some context here? by onyxruby · · Score: 4, Insightful

    Saying someone was trying to hack the DNC doesn't mean anything. Any organization of a certain size or reputation deals with hack attempts 24/7/365. Many organizations have their own SOC just to deal with the non stop attempts. Smaller organizations will often outsource their SOC to a specialist company when they don't have the resources.

    Low level hack attempts are a bit like CMB. It's everywhere you look, in any direction you look, it never ever stops and quickly becomes background noise.

  6. Surprising by cyberchondriac · · Score: 3, Insightful

    I'm a little pleasantly surprised they came clean and didn't just continue to run with it, to stir up more "ruhssian treason" sentiment.
    OTOH however, they also know that the first accusation that goes out gets repeated and retweeted the most, and relatively fewer people pay attention to retractions or corrections, most particularly if those don't align with their political confirmation bias. In many people's perspective, this will continue to be yet another russian "hack" of the DNC.

    --

    Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
  7. Good Lord by cascadingstylesheet · · Score: 2

    So they hit the media claiming an attack because of an internal phishing test??

    I mean, kudos for finally watching for this stuff now, but ...

  8. Re:Russians by anegg · · Score: 5, Informative

    In what way did this event involve the Russians? I don't have any problem believing the Russians are bad actors. Their whole "pretend we are doing nothing and that it is sad how everything thinks we are bad guys" while they are busy playing every dirty trick in the book is so time-worn that it deserves nothing but raised eyebrows at this point. But...

    The news article that this Slashdot post is about describes how a cybersecurity exercise that involved an external web page (built by a third party involved in the test) had that web page spotted by yet another third party (who then reported it to the DNC) and whereupon it ended up being reported by the DNC as an action by a malicious actor. This can happen when the cybersecurity response function isn't 100% up to date on what the cybersecurity testing function is involved in, unfortunately. But there is no evidence in the report that it is part of a desensitization action on the part of the Russians (in this case), because the Russians didn't create the false alarm.

    You might be able to make a case that the DNC cybersecurity response function was overly sensitive due to previous Russian actions, but properly evaluating threats is something every cybersecurity function has to deal with.

  9. Re:Russians by JackieBrown · · Score: 4, Insightful

    The CNN article on the original submission did a very good job linking this to the Russians while leaving themselves a way to act like they didn't

    https://edition.cnn.com/2018/0...