Hackers failed to hack into DNC voter database, says security firm

The Democratic National Committee has prevented an attempt to hack into its database of tens of millions of voters.

CNN and the Associated Press reported on Wednesday, citing an unnamed party official, that the political organization was warned Tuesday of the attempt.

DNC officials reportedly contacted the FBI. When contacted, a spokesperson for the FBI declined to comment.

Lookout, a security firm, told TechCrunch that its staff detected a phishing page hosted on DigitalOcean, a cloud computing and hosting giant, which replicated a login page for NGP VAN, a technology provider for Democratic campaigns.

In the case of phishing attacks, hackers attempt to obtain the username and password for sensitive internal systems by tricking staff into entering their credentials on spoofed sites. Hackers can then reuse those credentials to log in themselves.

Jeremy Richards, principal engineer at the security firm, notified DigitalOcean of the phishing site, which was taken offline. Mike Murray, vice president of security intelligence, informed the DNC.

It’s not immediately known who was behind the attempted hack.

Bob Lord, DNC’s security chief, briefed Democratic officials on the incident in Chicago on Wednesday. Lord did not immediately respond to a request for comment.

It’s not uncommon for political parties to store vast amounts of information on voters. Political parties and national committees often use the data to target voters with political messaging.

In recent years, several voter databases have leaked or were exposed on unprotected servers for anyone to find.

Earlier this week, Microsoft said it thwarted an attempt by a Russian-backed advanced persistent threat group known as Fancy Bear (or APT28) to steal data from political organizations.

Twitter will give political candidates a special badge during US midterm elections

Ahead of 2018 U.S. midterm elections, Twitter is taking a visible step to combat the spread of misinformation on its famously chaotic platform. In a blog post this week, the company explained how it would be adding “election labels” to the profiles of candidates running for political office.

“Twitter has become the first place voters go to seek accurate information, resources, and breaking news from journalists, political candidates, and elected officials,” the company wrote in its announcement. “We understand the significance of this responsibility and our teams are building new ways for people who use Twitter to identify original sources and authentic information.”

These labels feature a small government building icon and text identifying the position a candidate is running for and the state or district where the race is taking place. The label information included in the profile will also appear elsewhere on Twitter, even when tweets are embedded off-site.

The labels will start popping up after May 30 and will apply to candidates in state governor races as well as those campaigning for a seat in the Senate or the House of Representatives.

Twitter will partner with nonpartisan political nonprofit Ballotpedia to create the candidate labels. In a statement announcing its partnership, Ballotpedia explains how that process will work:

Ballotpedia covers all candidates in every upcoming election occurring within the 100 most-populated cities in the U.S., plus all federal and statewide elections, including ballot measures. After each state primary, Ballotpedia will provide Twitter with information on gubernatorial and Congressional candidates who will appear on the November ballot. After receiving consent from each candidate, Twitter will apply the labels to each candidate profile.

The decision to create a dedicated process to verify political profiles is a step in the right direction for Twitter. With major social platforms still in upheaval over revelations around foreign misinformation campaigns during the 2016 U.S. presidential election, Twitter and Facebook need to take decisive action now if they intend to inoculate their users against a repeat threat in 2018.