"While it's clear that the actors were going after the party's most sensitive information — the voter file — the DNC was able to prevent a hack by working with the cyber ecosystem to identify it and take steps to stop it."
The committee was alerted to the attempted breach by a San Francisco-based security firm, Lookout, and a cloud-service provider, DigitalOcean. The security firm discovered that a fake DNC log-in page had been created to trick people into giving up their usernames and passwords, a Democratic official said.
The page was designed to look like a portal that Democratic Party officials and campaigns use to access a platform called VoteBuilder, which houses the party's voter file.
Lookout's detection tool for "phishing" sites was triggered on Tuesday and within hours company officials had called the DNC, DigitalOcean and the vendor that manages the DNC site, said Mike Murray, Lookout's vice president of security intelligence. The detection tool is powered by artificial intelligence and receives thousands of hits on suspicious sites each day.
Murray said that the company probably found the site within 30 minutes of its being put online — before anyone would have logged on to it — and that it was changing rapidly, as if the hackers were building it as Lookout was discovering it. The fake site was designed to look identical to the one built for the DNC.
The site had no malware, Murray said. Rather it was intended to trick users into submitting their usernames and passwords so that hackers could then penetrate the real site.
Murray said there is no way yet to tell who was behind the attack. "It's way too early," he said. "That kind of analysis and attribution takes time."
DigitalOcean's chief security officer, Josh Feinblum, issued a statement saying: "In coordination with the research firm, Lookout, and the DNC, we began taking immediate steps to address the threat. We are continuing to partner with the DNC and appropriate law enforcement agencies on this issue. We take this, and all types of abuse of our services, seriously, and remain focused on making the internet a safer place."
The DNC's deputy communications director, Adrienne Watson, said the attack was "completely thwarted," adding, "There was no way the voters file was accessed."
Nonetheless, Lord said that the threats are "serious" and that the party cannot deter aggressors on its own.
"We need the [Trump] Administration to take more aggressive steps to protect our voting systems," he said. "It is their responsibility to protect our democracy from these types of attacks."
Lord briefed state party officials on the attempt at a meeting Wednesday in Chicago.
Some Democrats responded to the news by criticising Republicans for voting down an effort in the House last month to increase election security spending.
"This hacking attempt comes just weeks after @HouseGOP voted AGAINST funding for voting protections," Representative Carolyn Maloney said in a tweet. "Our intel community warned us about this, and now its happening. This isn't 'fake news' - its a REAL attack on our democracy. We need to act."