In the early hours of Tuesday, the DNC was made aware of a faux login page by Lookout and a Cloud service provider that was attempting to gather usernames and passwords which could have been used to get inside the DNC voter database. The page was designed to look identical to the Votebuilder page, which hosts the database. On Wednesday, the DNC announced the attempted phishing attack in an effort to notify as many people as possible to minimize the damage. After hours of research and investigation the page was able to be removed, only to be recognized as a simulated phishing test set up by the Michigan Democratic Party. Although it was a false positive, attacks towards the Democratic infrastructure will continue and it’s always better to err on the side of caution when such issues arise. Todd Beardsley, the research director for Rapid7 commented on the situation saying, “This event [still] underscores the importance of staying vigilant when using an internet browser, especially if you’re an interesting person with access to interesting data like a DNC party official who works with a proprietary voter database. It’s important to remember that the presence of a green padlock isn’t the only security control in your web browser; you need to also pay close attention to the actual host name of the system you think you’re logging into.”
