The Democratic National Committee said on Wednesday that the sophisticated hacking attempt it was fearing was in fact just an unauthorized “phishing test” rather than a real attempt to hack into its systems.
However, it didn’t say who built the test or how the committee found out the attack was only a simulated test.
The DNC’s chief security officer Bob Lord briefed Democratic officials on Wednesday after discovering a fake login page which looked like the one members of the Democratic Party use to log into their voter’s database.
According to a source with knowledge of the briefing, the DNC called the FBI after the initial detection of what was believed to be a hacking attempt by a cybersecurity firm on Monday.
“This attempt is further proof that there are constant threats as we head into midterm elections and we must remain vigilant in order to prevent future attacks,” Lord said in a statement.
But the committee’s investigation later showed the apparent hack was nothing more than a phishing test. Following the revelation, Lord said they were continuing “to investigate the phishing site reported to the DNC,” and added that they believed “it was built by a third party as part of a simulated phishing test on VoteBuilder.”
Lord stressed that the test was not authorized by either the DNC, VoteBuilder or any of their vendors.
Organizations often hire so-called “red teams” to find gaps in their cybersecurity practices by using this kind of tests, although that was not the case with the DNC. The committee, Lord said, had taken the “necessary precautions to ensure that sensitive data critical to candidates and state parties across the country was not compromised.”
“There are constant attempts to hack the DNC and our Democratic infrastructure, and while we are extremely relieved that this wasn’t an attempted intrusion by a foreign adversary, this incident is further proof that we need to continue to be vigilant in light of potential attacks,” he further noted.