Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNC Says Reported Hack Attempt Was a False Alarm (wsj.com)

Posted by msmash on from the damn-you,-red-team dept.

furry_wookie writes: A suspected attempt to hack into the Democratic National Committee's voter database was actually a cybersecurity test [Editor's note: the originally submitted article might be paywalled; an alternative source], the organization said. The DNC, which was [allegedly] hacked by Russian intelligence officers during the 2016 presidential campaign, said Tuesday it had contacted the Federal Bureau of Investigation after being alerted to an apparent phishing scheme by the computer security firm Lookout Inc., which uncovered a replica of the login page to the DNC's Votebuilder database during an online scan. In a statement early Wednesday, Bob Lord, the DNC's chief information security officer, said the DNC and its partners who reported the site 'now believe it was built by a third party as part of a simulated phishing test.'

10 of 115 comments (clear)

  1. They finally learned... by mi · · Score: 4, Informative

    So, as Equifax and Ashley Madison — to name just a few — before, DNC has learned to take data-security seriously the hard-way. A welcome change nonetheless, for sure.

    Would it to be proper to mention, that the RNC has successfully foiled such an attack back in 2016? No? Too partisan? Ok...

    Or, maybe, it is not too partisan to call out the same guys, who have once mocked an opponent for being computer illiterate?

    --
    In Soviet Washington the swamp drains you.
    1. Re:They finally learned... by mi · · Score: 4, Insightful

      You can't say the DNC is technologically inferior if their competition is both the US AND Russian governments

      in 2016, DNC was the US government. And they failed anyway...

      --
      In Soviet Washington the swamp drains you.
    2. Re:They finally learned... by mi · · Score: 3, Insightful

      There are three branches to the government, and none of them were exclusive to DNC.

      Not "exclusive". But certainly run by the Democrats — as is normal for when the Executive branch is headed by a Democrat, of course.

      Even if you mistake DNC for the Democratic Party

      Distinction without meaningful difference to the topic at hand.

      it's patently false

      Oh, it is quite true. It is no secret at all, that Obama's administration (ab)used its power to spy on Republicans and help the fellow Democrats. And not only was the NSA-collected data used that way, Comey's FBI was "doing its part" too.

      "Patently false" my tail...

      --
      In Soviet Washington the swamp drains you.
  2. The FBI by TykeClone · · Score: 4, Funny

    Must have asked for access to their server.

    --
    A fine is a tax you pay for doing wrong and a tax is a fine you pay for doing all right.
  3. Did they wipe the server? by Oh+really+now · · Score: 5, Funny

    You know, like with a cloth?

  4. How about some context here? by onyxruby · · Score: 4, Insightful

    Saying someone was trying to hack the DNC doesn't mean anything. Any organization of a certain size or reputation deals with hack attempts 24/7/365. Many organizations have their own SOC just to deal with the non stop attempts. Smaller organizations will often outsource their SOC to a specialist company when they don't have the resources.

    Low level hack attempts are a bit like CMB. It's everywhere you look, in any direction you look, it never ever stops and quickly becomes background noise.

  5. Re:Ooh! We blocked one! Never mind... by arbiter1 · · Score: 4, Insightful

    If liberals really go down the road using only their hate for him as the justification for his removal then just like Nuclear option they put in place it will turn out to haunt them in the future

  6. Surprising by cyberchondriac · · Score: 3, Insightful

    I'm a little pleasantly surprised they came clean and didn't just continue to run with it, to stir up more "ruhssian treason" sentiment.
    OTOH however, they also know that the first accusation that goes out gets repeated and retweeted the most, and relatively fewer people pay attention to retractions or corrections, most particularly if those don't align with their political confirmation bias. In many people's perspective, this will continue to be yet another russian "hack" of the DNC.

    --

    Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
  7. Re:Russians by anegg · · Score: 5, Informative

    In what way did this event involve the Russians? I don't have any problem believing the Russians are bad actors. Their whole "pretend we are doing nothing and that it is sad how everything thinks we are bad guys" while they are busy playing every dirty trick in the book is so time-worn that it deserves nothing but raised eyebrows at this point. But...

    The news article that this Slashdot post is about describes how a cybersecurity exercise that involved an external web page (built by a third party involved in the test) had that web page spotted by yet another third party (who then reported it to the DNC) and whereupon it ended up being reported by the DNC as an action by a malicious actor. This can happen when the cybersecurity response function isn't 100% up to date on what the cybersecurity testing function is involved in, unfortunately. But there is no evidence in the report that it is part of a desensitization action on the part of the Russians (in this case), because the Russians didn't create the false alarm.

    You might be able to make a case that the DNC cybersecurity response function was overly sensitive due to previous Russian actions, but properly evaluating threats is something every cybersecurity function has to deal with.

  8. Re:Russians by JackieBrown · · Score: 4, Insightful

    The CNN article on the original submission did a very good job linking this to the Russians while leaving themselves a way to act like they didn't

    https://edition.cnn.com/2018/0...