The DNC has backpedaled on a report by CNN that a “sophisticated attempt to hack into its voter database” had been discovered by San Francisco-based cybersecurity firm Lookout – whose co-founder John Hering contributed $30,700 to the DNC in June of 2016, along with $2,700 to Hillary Clinton the same day. It’s not Lookout’s fault, however, as they were simply “looking out” for the Democratic National Committee when they discovered a “simulated phishing test” they assumed was real.
And in a massive breakdown in communication before verifying facts, the DNC contacted the FBI and CNN about the hack – before thinking to speak with the outside contractor which runs the voter database, NGP VAN.
Earlier on Wednesday, Bob Lord, the committee’s chief security officer, briefed Democratic officials after detecting a fake login page that was designed to look like the access page Democratic Party officials and campaigns across the country use to log into a service called Votebuilder, which hosts the party’s voter database, a Democratic source familiar with the briefing told CNN.
The initial detection of the apparent hacking attempt by a cybersecurity firm on Monday prompted the DNC to call the FBI, the source said. –CNN
According to Axios, NGP-VAN was running an unauthorized “simulated phishing test” on the DNC’s VoteBuilder system. Meanwhile, PCMag reporter Michael Kan reported that it was the Michigan Democratic Party which asked a third party (NGP VAN) to conduct the test.
So apparently phishing attack on DNC was a false alarm. Source familiar with the matter says the Michigan Democratic Party asked a third party to conduct a “simulated phishing test” on the voter database but without authorization from the DNC. pic.twitter.com/AESUzB5yOX
— Michael Kan (@Michael_Kan) August 23, 2018
In short, San Francisco-based cybersecurity firm Lookout discovered the “simulated phishing test” on VoteBuilder, alerted the DNC – which failed to check with NGP VAN before contating the FBI and CNN to make national news.
NGP Van was founded by Nathaniel Pearlman, chief technology officer for Hillary Clinton’s 2008 presidential campaign. Their ‘VoteBuilder’ software was designed for Democratic candidates to track and analyze highly detailed information on voters for the purposes of ‘microtargeting’ specific demographics.
On December 16th, 2015, NGP VAN updated the Votebuilder with a patch that contained a bug – allowing the Sanders and the Clinton campaigns to temporarily access each other’s proprietary voter information for around 40 minutes. Lo and behold, the Sanders campaign National Data Director, Josh Uretsky, was found to have accessed Clinton’s information and was promptly fired.
Uretsky’s excuse was that he was simply grabbing Clinton’s data during the window of vulnerability to prove that the breach was real, while Sanders called it a setup – claiming that Uretsky was a DNC plant – “recommended by the DNC’s National Data Director, as well as a former COO of NGP VAN.”