The Democratic National Committee foiled an attempted spearphishing attack aimed at hacking its voter database hosted on Votebuilder after receiving an alert Tuesday from security firm Lookout.
The would-be attackers had created a fake login page in an attempt to snag credentials that could be used to access the database.
“Lookout's phishing AI detection discovered a domain with a custom phishing kit deployed on DigitalOcean,” the company said in a statement, explaining that the site replicated the login page of NGP VAN, which provides technology to Democratic and progressive campaigns and organizations.
“Our Principal Engineer for phishing, Jeremy Richards, received an alert from our phishing AI detection, and Lookout started to investigate the phishing site, which was hosted on DigitalOcean,” the Lookout report said. “After notifying the hosting provider the phishing site was then taken down by DigitalOcean within hours.”
During the course of the investigation, Lookout Vice President of Security Intelligence Mike Murray contacted the “DNC, NGP/VAN, and DigitalOcean to initiate the response process and start the investigation,” the security company said.
"Today's news about the attempt on the DNC voter database is another in the long line of doppelganger domains used for spearfishing and harvesting of credentials. The data housed in these types of databases would be incredibly useful both for domestic opposition research as well as for foreign intelligence and counterintelligence purposes," Ross Rustici, senior director of intelligence services.
“There shouldn't be any shock or awe regarding the alleged recent intrusion of the DNC's network. And fundamentally, the adversaries don't actually care about elections or political parties, but rather they are focused on using non-kinetic means to change their foreign policy environment,” said Rustici. “Simply put, they are using cyber intrusions, psychological operations, and propaganda to sow discord to prevent unified action.”
The attempted DNC hack came just a day after Microsoft said it had shut down six websites created by the Russian Fancy Bear cybercrime gang targeting members of the U.S. Senate and conservative think tanks and potentially intended to launch cyberattacks.
The tech giant petitioned a judge in the Eastern District of Virginia to take control of the sites, some of which used misleading domains such as “senate.group," and "adfs-senate.email."
Microsoft confirmed the domains, which also included those meant to look like they were generated by the conservative think tank Hudson Institute and could have been used for spearphishing, were linked to "the Russian government and known as Strontium, or alternatively Fancy Bear or APT28."
Noting that Fancy Bear uses a variety of attack vectors to access and compromise networks, Daniel Smith, head of security research for Radware's Emergency Response Team, said the “highly skilled group,” linked to Russian military intelligence, understands “network security and how to bypass some of the most well-protected systems in the world.”
A Tripwire survey of 416 attendees at Infosecurity Europe 2018 found that 93 percent of respondents “think nation-state cyberattacks will rise in the next 12 months” and 83 percent believe “nation-state attacks on critical infrastructure will increase over the year,” going “beyond espionage and aim to cause direct harm.”
Smith said state-sponsored espionage groups will continue to be a threat to elections worldwide. “Manipulating elections is no longer an emerging threat,” he said. “Cyberattacks have become a very powerful tool for not only government hackers but also organizations, hacktivist and individuals for hire to influence voters via simple phishing and data collection campaigns in combination with social manipulation and propaganda.”
Cyberreason's Rustici said the “intrusions are not actually about election meddling but rather a demonstration of using cyber means as a way to undermine voices critical of Russia” and will continue until the “strategy is deemed ineffective or costly they will continue to operate” in that fashion.
“The more fear, political fighting, and media coverage these operations get the more successful they are. This strategy is a bit like dropping rocks into a pond,” he said. “Each individual action is small but the hope is that the ripples will grow, overlap and cause issues. The more those ripples get amplified the more successful the attacks will be deemed.”
Organizations are getting better at fending off attacks. “If this was a year or two ago, the DNC would have been hacked, and we'd be reading about the damage in tomorrow's paper,” said David Ginsburg, vice president of marketing at Cavirin. “So, organizations are beginning to continually assess and strengthen their cyber posture.”
Rustici agreed. "This type of prep work by hackers is likely to continue, however, it is a good sign that these websites are being detected before they appear to be in use," he said. "The efficacy of this type of credential theft is greatly mitigated by views of two-factor authentication and other identity management tools."
While the hackers were unsuccessful this time, Peter Goldstein, CTO of Valimail, said, “hardly a week goes by when our private and public institutions aren't successfully penetrated by bad actors taking advantage of email's inherent security flaws.”
Email, in particular, is “under attack across the globe,” Goldstein said, pointing to a report Valimail released Wednesday, estimating “that a minimum of 6.4 billion fake emails are sent every day.”
That number “counts just one kind of fake email - those that impersonate the domain names of legitimate senders - and that is just one of an array of impersonation techniques available to the bad guys,” said Goldstein.
Noting the threat “leading up to the November election is very real,” Ginsburg said “there is still time to adjust.”
While the average voter shouldn't be too concerned, Ross said, the federal government should be worried.
“It is up to the U.S. government to make sure we are not susceptible to their actions,” said Rustici.
“As far as what can be done, I'm not convinced it is an administration-only issue,” said Ginsburg. “Congress can act as well. For example, there are bills in both the House and Senate to mandate a paper trail for the election, as well as lawsuits at the state level to mandate the same.”
Indeed, a few blocks from DNC headquarters the Senate Rules Committee began to mark-up the Secure Elections Act, bipartisan legislation introduced last March by Sen. James Lankford, R-Okla., to shore up and preserve the integrity of the country's election systems.