When the Democratic National Committee's Chief Security Officer, Bob Lord, came over to the DNC from Yahoo, this is what he said:
"I'll be working to protect my new colleagues at the DNC from the attackers who would prefer to keep us distracted from our mission of getting Democrats across the nation elected. And my job doesn’t stop at the front door of the building—my team and I will work with state parties to update their information security strategies and deployments...."
Unfortunately, one of those state parties, Michigan, spoofed a voter database website as part of a phishing and security awareness exercise but never told the DNC's cybersecurity team.
Hours after the announcement that the DNC had notified the FBI, reporters started putting pressure on the DNC for more information about the site and the attempted hack. But the DNC was silent.
Daily Beast reporter Kevin Poulsen was one of those calling the DNC out on this:
Suspicions that something didn't add up proved to be correct. Bob Lord issued a late night statement on August 22, 2018:
"We, along with the partners who reported the site, now believe it was built by a third party as part of a simulated phishing test on VoteBuilder. The test, which mimicked several attributes of actual attacks on the Democratic party's voter file, was not authorized by the DNC, VoteBuilder nor any of our vendors."
Lord then took to Twitter to thank everyone who responded to discover the truth, and some suggested this was a sign that those in InfoSec are truly moving forward:
Cybersecurity industry collaboration is key to pushing back against bad actors.
However, not everyone thinks the way the DNC hacking scenario played out was so great. Joseph Carson is Chief Security Scientist at Thycotic:
"The positive side is that newer technology is helping organizations identify such threats earlier, however, this did raise a major issue to attribution and the source of the hacks because as we know, many cyberattacks utilize third-party vendors. I would actually handle this incident as an attempted cyberattack since the DNC has confirmed it was not authorized or approved so, therefore, a full incident and digital forensics process should be carried out even though it was a so called test."
We can also say this much: It was an interesting 24 hours in the cybersecurity news cycle. At the start, the DNC made headlines based on the hacking attempt that was going to happen. We wondered if the Russians were up to their proven hacking tricks again.
And at the end of the news cycle, the DNC made news because of a hacking attempt that did not happen.
Now that is something you don't see every day.