A Democratic National Committee official is now saying that what appeared to be a thwarted attempt to break into its massive voter database was actually an unauthorized test.
Bob Lord, the DNC's chief security officer, said late Wednesday in a statement that the test "mimicked several attributes of actual attacks on the Democratic party's voter file" and that it was not authorized by the DNC, the company that houses the file containing information on tens of millions of voters, or its vendors.
A web security firm using artificial intelligence had uncovered what was believed to be an attack and the DNC was notified Tuesday, it said.
U.S. & World
Hackers appeared to create a fake login page to gather usernames and passwords in an effort to gain access to the Democratic Party's voter file, a party official had said. The attempt was quickly thwarted by suspending the attacker's account, and no information was compromised, the official said. The FBI was notified; it declined to comment to the AP.
The official wasn't authorized to speak about sensitive security information and spoke to The Associated Press on condition of anonymity.
The test was organized by the Michigan Democratic party, which didn't notify the DNC, a person familiar with the incident told The Washington Post.
The apparent false alarm comes two years after Russian operatives sent the party into disarray by hacking into its computers and facilitating the release of tens of thousands of emails amid the presidential election.
Lord said that, in this case, an attack by a foreign adversary was ruled out, but that the test underscores the need for the organization to maintain a strong cyberdefense.
"There are constant attempts to hack the DNC and our Democratic infrastructure, and while we are extremely relieved that this wasn't an attempted intrusion by a foreign adversary, this incident is further proof that we need to continue to be vigilant in light of potential attacks," he said.
The attempt comes as Democrats gather for their summer meeting. The party's cybersecurity has been an issue since the 2016 presidential election, when Russian hackers compromised DNC servers and publicly revealed internal communications that exploited divisions between Bernie Sanders' and Hillary Clinton's campaigns as the two candidates vied for the Democratic presidential nomination. Hackers also accessed the email accounts of Clinton's campaign chairman, John Podesta, and systematically released the contents throughout the fall campaign.
The apparent false alarm came a day after Microsoft announced it had uncovered similarly fraudulent websites created by Kremlin agents that spoofed two conservative outfits that are foes of Russia's president, Vladimir Putin, presumably to trick unwitting visitors into surrendering credentials.
At a previously scheduled election security briefing Wednesday, Homeland Security Secretary Kirstjen Nielsen said the quick response to the apparent attempted DNC hack showed that the system was working "and that different entities understand who to reach out to," she said.
"Any attack on a political party or a campaign is important for us all to take seriously," she said, emphasizing the government was doing all it could to help protect election systems ahead of the midterm elections. At stake is control of Congress, which could potentially switch from Republican to Democrat.
Amid the news, a Senate committee abruptly postponed a Wednesday vote on legislation to help states prevent against election hacking, frustrating Democrats and at least one Republican on the panel.
The vote was put off by the Senate Rules and Administration Committee after a bipartisan group of lawmakers spent months negotiating the legislation. The bill would aim to protect state election infrastructure by requiring that all states use backup paper ballots and conduct audits after elections, among other measures. It would also require DHS to immediately notify states if the federal government is aware that a state election system has been breached.
A Senate Republican aide said the vote was postponed because secretaries of state had complained about certain provisions, including the type of audits the bill would require. The aide said additional Republican support would be necessary to move the legislation out of committee. The aide was not authorized to speak about the committee's reasoning and spoke on condition of anonymity.
Republican Sen. James Lankford of Oklahoma, one of the bill's sponsors, said after the vote's postponement: "Congressional inaction is unacceptable."
The bill "will help states take necessary steps to further prepare our election infrastructure for the possibility of interference from not just Russia, but other possible adversaries like Iran or North Korea or a hacktivist group," Lankford said.
The apparent DNC committee attempt wasn't mentioned at a Senate hearing on election security Wednesday, according to senators who were present.
States have been scrambling to secure their election systems since it was revealed that Russian hackers targeted election systems in at least 21 states in 2016, though the number is likely greater. There has been no indication any vote tallies were changed. Nielsen said at the briefing that states should have auditing systems in part as a safeguard so the public knows the vote tallies can be trusted.
In Tuesday's incident, a scanning tool deployed by the San Francisco security company Lookout detected a masquerading website designed to harvest the passwords of users of the login page of NGP VAN, a technology provider used by the Democrats and other liberal-leaning political organizations, said Mike Murray, the company's vice president of security intelligence. He said he contacted the DNC.
The tool, which leverages artificial intelligence, has been in development for a year and wasn't tasked to scan any sites in particular but instead to identify phishing sites based on typical attributes, Murray said.
"This is the beauty of AI: It finds things that humans don't know to look for," he said.
He said the tool notified Lookout before the impostor page had even been populated with content. "As soon as we realized how fast it was developing, I decided to reach out to contacts that I know at the DNC." Murray also contacted the website hosting company, Digital Ocean.
Ross Rustici, senior director for intelligence services at Cybereason in Boston, said a voter database is a juicy target for anyone trying to exacerbate political divisions in the U.S. or gain insight on political opponents.
"The data housed in these types of databases would be incredibly useful both for domestic opposition research as well as for foreign intelligence and counterintelligence purposes," he said.
Associated Press writers Mary Clare Jalonick, Frank Bajak and Mike Balsamo contributed to this report.