Security firm Lookout was reported to have warned the DNC Tuesday that it had found a fake login page for VoteBuilder, a tool the party uses so its campaigns can better target voters.
The apparent attackers’ apparent aim was to obtain credentials they could use to access the party’s voter information. The DNC’s Chief Security Officer Bob Lord briefed party officials on the attack yesterday, then made a public statement denouncing the current US Administration for not protecting the political process from hackers. The party also spoke about the incident to a number of media outlets.
What happened was a phishing test, an exercise party leaders mistook for the real thing
But it developed this morning that there was no actual attack. What happened was a phishing test, an exercise party leaders mistook for the real thing. The DNC leaders say they didn’t authorize a phishing test, and it’s not clear how they know the incident was just a test, but being caught out like this is embarrassing to any organization. CNN calls the episode a “SNAFU,” which seems about right.
Awareness training is important, but it’s important to do it right. When an organization runs interactive, realistic training, it’s got to know, at the appropriate levels, what’s going on. This kind of “scoring into your own goal” is easy to commit, but it’s also easy to avoid.
The Guardian has the story: https://www.theguardian.com/us-news/2018/aug/22/dnc-hack-voter-database-detected-fbi.
CNN has the retraction: https://www.cnn.com/2018/08/23/politics/dnc-hack-false-alarm/index.html
Based Blockchain Network