A would-be hacking attempt into the national Democratic Party’s massive voter file wasn’t that at all. It turns out to be the work of a technology company hired by Michigan Democrats, all in the name of testing how secure the party can keep information on tens of millions of Americans. “This was an unauthorized test, not an attack,” Bob Lord, the Democratic National Committee’s chief security officer, told The Associated Press in an interview Thursday. That finding, discovered after national party officials already had contacted federal law enforcement fearing a malicious hacking attempt, marks an odd and potentially embarrassing twist to the party’s data security efforts two years after Russians penetrated DNC computers and released internal communications the upended the 2016 presidential election. The chairman of the Michigan Democratic Party, Brandon Dillon, did not respond to a request for comment.
Lord, who is attending the party’s summer meetings this week in Chicago, said the episode shows “we could do a better job.” But he also framed the whiplash storyline as evidence the party has improved its overall cybersecurity since 2016, even as it depended on outsiders this time to flag what looked like a threat.
“This is a demonstration that the DNC is plugged into the security community in a way we weren’t before,” Lord said.
Lord says he was notified by two companies — the web security firm Lookout and the web cloud hosting service DigitalOcean — in the wee hours Tuesday morning about a live website that appeared to mimic logins for the DNC’s web-based VoteBuilder program that houses information on voters across the country. The DNC grants state parties access to various portions of the database so the parties and Democratic candidates can use it — and enhance — as part of campaigns.