Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Attack on DNC Part of Simulated Phishing Test

UPDATED. A recent phishing attack aimed at the Democratic National Committee’s voter database was actually part of a simulation, researchers and representatives of the Democratic Party confirmed.

UPDATED. A recent phishing attack aimed at the Democratic National Committee’s voter database was actually part of a simulation, researchers and representatives of the Democratic Party confirmed.

Cybersecurity firm Lookout this week came across a custom phishing website apparently aimed at the Democratic National Committee (DNC), specifically its VoteBuilder service.

The phishing site mimicked a login page of NGP VAN, a technology provider for the Democratic Party, and was hosted by DigitalOcean.

Lookout immediately notified the DNC, NGP VAN and DigitalOcean, and the phishing page was removed within hours, before any credentials were compromised. The FBI was also informed and an investigation was launched.

However, after further analysis, the DNC now believes the fake website was actually created by a third-party as part of a “simulated phishing test on VoteBuilder.”

“The test, which mimicked several attributes of actual attacks on the Democratic party’s voter fil­e, was not authorized by the DNC, VoteBuilder nor any of our vendors,” explained Bob Lord, the DNC’s chief security officer.

“There are constant attempts to hack the DNC and our Democratic infrastructure, and while we are extremely relieved that this wasn’t an attempted intrusion by a foreign adversary, this incident is further proof that we need to continue to be vigilant in light of potential attacks,” Lord added.

Advertisement. Scroll to continue reading.

Mike Murray, who leads Lookout’s intelligence team, confirmed that it was a false alarm.

“The thing about ‘false alarms’ is that you don’t know that they’re false until you’ve showed up to investigate,” Murray said on Twitter. “All the folks who pulled together on this were amazing, and had this been a real attack, would have stopped something terrible.”

According to PCMag tech reporter Michael Kan, the phishing test was actually commissioned by the Michigan Democratic Party, but without authorization from the DNC.

SecurityWeek has reached out to the Michigan Democratic Party for comment and will update this article if the organization responds.

“I would […] not call this a TEST as the phishing attempt was being conducted on a live production system against real people,” Joseph Carson, chief security scientist at Thycotic, told SecurityWeek. “The positive side is that newer technology is helping organizations identify such threats earlier however, this did raise a major issue to attribution and the source of the hacks because as we know, many cyberattacks utilize third party vendors,”

“I would actually handle this incident as an attempted cyberattack since the DNC has confirmed it was not authorized or approved so therefore a full incident and digital forensics process should be carried out even though it was a so-called test,” Carson said.

UPDATE. The Michigan Democratic Party has confirmed for SecurityWeek that this was in fact a test conducted by its partners. MDP Chair Brandon Dillon provided the following statement:

“We have taken heightened steps to fortify our cybersecurity – especially as the Trump Administration refuses to crack down on foreign interference in our elections. In an abundance of caution, our digital partners ran tests that followed extensive training. Despite our misstep and the alarms that were set off, it’s most important that all of the security systems in place worked. Cybersecurity experts agree this kind of testing is critical to protecting an organization’s infrastructure, and we will continue to work with our partners, including the DNC, to protect our systems and our democracy.”

Related: Russian Hackers Breach US Democratic Committee Database

Related: Microsoft Disrupts Election-Related Domains Used by Russian Hackers

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.


The easiest way for a cyber-attacker to gain access to sensitive data is by compromising an end user’s identity and credentials. Things get even...