DNC Says Reported Hack Attempt Was a False Alarm

furry_wookie writes: A suspected attempt to hack into the Democratic National Committee's voter database was actually a cybersecurity test [Editor's note: the originally submitted article might be paywalled; an alternative source], the organization said. The DNC, which was [allegedly] hacked by Russian intelligence officers during the 2016 presidential campaign, said Tuesday it had contacted the Federal Bureau of Investigation after being alerted to an apparent phishing scheme by the computer security firm Lookout Inc., which uncovered a replica of the login page to the DNC's Votebuilder database during an online scan. In a statement early Wednesday, Bob Lord, the DNC's chief information security officer, said the DNC and its partners who reported the site 'now believe it was built by a third party as part of a simulated phishing test.'

Did they wipe the server?

[Oh+really+now]

You know, like with a cloth?

Re:Russians

[anegg]

In what way did this event involve the Russians? I don't have any problem believing the Russians are bad actors. Their whole "pretend we are doing nothing and that it is sad how everything thinks we are bad guys" while they are busy playing every dirty trick in the book is so time-worn that it deserves nothing but raised eyebrows at this point. But...

The news article that this Slashdot post is about describes how a cybersecurity exercise that involved an external web page (built by a third party involved in the test) had that web page spotted by yet another third party (who then reported it to the DNC) and whereupon it ended up being reported by the DNC as an action by a malicious actor. This can happen when the cybersecurity response function isn't 100% up to date on what the cybersecurity testing function is involved in, unfortunately. But there is no evidence in the report that it is part of a desensitization action on the part of the Russians (in this case), because the Russians didn't create the false alarm.

You might be able to make a case that the DNC cybersecurity response function was overly sensitive due to previous Russian actions, but properly evaluating threats is something every cybersecurity function has to deal with.