Michigan Democratic Party 'misstep' sparked DNC hack fears

Jonathan Oosting | The Detroit News

Lansing — The Michigan Democratic Party on Thursday acknowledged it enlisted friendly hackers for a simulated phishing test that had prompted the Democratic National Committee to alert the FBI to a suspected attempt to infiltrate the party’s voter file.

The DNC said earlier this week it had thwarted what it to believed to be a hacking attempt two years after Russian operatives sent the party into disarray by hacking into its computers and facilitating the release of tens of thousands of emails amid the presidential election.

But Chief Security Officer Bob Lord said Thursday the suspected cyber attack that sparked fears actually appeared to be part of a test created by a third party that "mimicked several attributes of actual attacks on the Democratic Party's voter file" without national party authorization.

The third-party was enlisted by the Michigan Democratic Party, whose involvement was first reported by The Washington Post. A source familiar with the matter told The Detroit News the state party gave the "green light" for a group called DigiDems to conduct the phishing test without authorization from the DNC or its vendors.

"In an abundance of caution, our digital partners ran tests that followed extensive training," Michigan Democratic Party Chairman Brandon Dillon said later Thursday. "Despite our misstep and the alarms that were set off, it’s most important that all of the security systems in place worked."

Dillon said Democrats have "taken heightened steps to fortify our cyber-security — especially as the Trump administration refuses to crack down on foreign interference in our elections."

The party's voter file contains information on tens of millions of voters.

A web security firm using artificial intelligence first uncovered the unusual activity, and the DNC said it was notified Tuesday. The attempt was quickly thwarted by suspending the attacker’s account, and no information was compromised, a party official had said.

GOP jabs Democrats

Republican National Committee chairwoman Ronna McDaniel, former head of the Michigan GOP, jabbed the state party for failing to warn the DNC about its phishing test.

“I guess the Democrats still haven’t figured out how to talk to people in Michigan,” McDaniel said on Twitter.

The Michigan Republican Party also ribbed Democrats over the false alarm. Spokeswoman Sarah Anderson said that while MDP "hacked the 'mother ship,'" Republicans were focused on continuing the state's economic recovery and promoting "common-sense plans for Michigan’s future."

"Instead of hacking into our voter database, we are reaching out to voters directly and have already contacted over 1.5 million voters using the RNC’s data, no hacking required," Anderson said.

While he acknowledged a communication misstep with the national party, Dillon defended the underlying goal that led to testing by Michigan Democrats.

"Cybersecurity experts agree this kind of testing is critical to protecting an organization's infrastructure, and we will continue to work with our partners, including the DNC, to protect our systems and our democracy," he said.

The party’s cyber security has been an issue since the 2016 presidential election, when Russian hackers compromised DNC servers and publicly revealed internal communications that exploited divisions between Bernie Sanders’ and Hillary Clinton’s campaigns as the two candidates vied for the Democratic presidential nomination.

Hackers also accessed the email accounts of Clinton’s campaign chairman, John Podesta, and systematically released the contents throughout the fall campaign.

"There are constant attempts to hack the DNC and our Democratic infrastructure, and while we are extremely relieved that this wasn't an attempted intrusion by a foreign adversary, this incident is further proof that we need to continue to be vigilant in light of potential attacks," Lord said Thursday.

"False alarm' shows system worked

Mike Murray, vice president of the Lookout cybersecurity firm that first uncovered the phishing attempt, said early Thursday "the thing about 'false alarms' is that you don’t know that they’re false until you’ve showed up to investigate."

"All the folks who pulled together on this were amazing, and had this been a real attack, would have stopped something terrible," Murray wrote on Twitter.

At a previously scheduled election security briefing Wednesday, Homeland Security Secretary Kirstjen Nielsen said the quick response to the attempted DNC hack showed that the system was working “and that different entities understand who to reach out to,” she said.

“Any attack on a political party or a campaign is important for us all to take seriously,” Nielsen said, emphasizing the government was doing all it could to help protect election systems ahead of the midterm elections. At stake is control of Congress, which could potentially switch from Republican to Democrat.

The DNC committee attempt wasn’t mentioned at a Senate hearing on election security Wednesday, according to senators who were present.

States have been scrambling to secure their election systems since it was revealed that Russian hackers targeted election systems in at least 21 states in 2016, though the number is likely greater. There has been no indication any vote tallies were changed.

Michigan's election security

Michigan Secretary of State Ruth Johnson's office has repeatedly said it has no indication that hackers tried to target its election system. State officials have said Michigan's paper ballots, which are scanned by optical machines, make the state safer than most from manipulation and hacking.

Nielsen said at the briefing that states should have auditing systems in part as a safeguard so the public knows the vote tallies can be trusted.

In this November's post-election audit, Michigan officials for the first time plan to do a hand recount of ballots for all precincts selected in the audit to ensure more confidence in the system. Past election audits required reviewing voting machine equipment, among other things.

In Tuesday’s incident, a scanning tool deployed by the San Francisco security company Lookout detected a masquerading website designed to harvest the passwords of users of the login page of NGP VAN, a technology provider used by the Democrats and other liberal-leaning political organizations, said Mike Murray, the company’s vice president of security intelligence. He said he contacted the DNC.

The tool, which leverages artificial intelligence, has been in development for a year and wasn’t tasked to scan any sites in particular but instead to identify phishing sites based on typical attributes, Murray said.

“This is the beauty of AI: It finds things that humans don’t know to look for,” he said.

He said the tool notified Lookout before the impostor page had even been populated with content. “As soon as we realized how fast it was developing, I decided to reach out to contacts that I know at the DNC.” Murray also contacted the website hosting company, Digital Ocean.

Ross Rustici, senior director for intelligence services at Cybereason in Boston, said a voter database is a juicy target for anyone trying to exacerbate political divisions in the U.S. or gain insight on political opponents.

“The data housed in these types of databases would be incredibly useful both for domestic opposition research as well as for foreign intelligence and counterintelligence purposes,” he said.

The Associated Press contributed

joosting@detroitnews.com