DNC officials downplay report of data compromise ahead of Chicago convention

CHICAGO (WLS) -- Five days before the Democratic National Convention opens in Chicago, there are fresh concerns over cybersecurity after a recent report said it found some DNC data and credentials on a dark web hacking service.

DNC officials are strongly pushing back on the report, telling the ABC7 I-Team that the records are from the infamous 2016 data breach and that "none of the records referenced are active or associated with the 2024 Democratic National Convention."

ABC7 Chicago is now streaming 24/7. Click here to watch

When the Baltimore-based cyberanalytics firm ZeroFox released its report on Wednesday, titled "Threats to the Democratic National Convention in Chicago," it gained traction in some cybersecurity circles.

The report states that researchers discovered compromised credentials associated with official DNC websites were aggregated by a Telegram-based bot service called "IntelFetch." The records included email addresses and records from users registered on the party's official site.

The ZeroFox report states that, "Operatives identified records associated with 'demconvention[.]com,' including email addresses and records associated with users registered on the DNC website... Additionally, records related to 'democrats[.]org' were discovered."

ZeroFox states that records related to "the Democratic Party's Washington and Idaho state branches were also observed in the compromised credentials breach."

DNC officials pushed back on the report strongly, telling the I-Team that the convention's systems remain secure.

"The language in this report is an irresponsible and inaccurate characterization of the facts," a DNC spokesperson said. "We take cybersecurity very seriously and have been preparing to host a safe and successful convention for over a year."

DNC officials added that the records referenced in the ZeroFox report were from 2016, are no longer active and were accessed via external websites, not the official DemConvention[.]com website.

SEE ALSO | Chicago DNC 2024: What to know about Democratic convention, from road closures to speakers

ZeroFox provided the I-Team a breakdown of the "compromised credentials across four distinct domains likely related to the DNC and the Democratic Party" that they discovered.

According to two separate searches conducted by the firm, the following records were found:

14 records associated with wa-democrats[.]org (Washington state branch) were identified, all of which contained email addresses with [at]wa-democrats[.]org domains.
7 records related to idaho-democrats[.]org (Idaho state branch) were discovered, including two records containing email addresses with [at]idaho-democrats[.]org domains.
4 records associated with [at]demconvention[.]com
40 records associated with democrats[.]org

Adam Darrah, ZeroFox's Vice President of Intelligence, oversaw the research and said that from a threat standpoint, it doesn't matter what year the data was from.

"In security land, in intel land, whether or not they're from 2016 or 2024, the fact that bad guys are still interested in you, and they're still brokering in your compromise credentials, and those compromised credentials are still floating around, it means that you're still a viable target," Darrah told the I-Team. "So, whether it happened in 2016 or beyond or before, it's important to note that that stuff is still circulating."

The surprise pre-election breach of DNC computers in 2016 was by Russian military intelligence and resulted in significant leaks.

A similar cyberattack that summer on Illinois State Board of Elections computers resulted in hundreds of thousands of personal voter files being stolen.

Since then Illinois officials have spent millions to shore up computer security.

This latest report by ZeroFox comes two days after FBI officials confirmed the Bureau is now investigating efforts to hack into the computers of current and former staffers affiliated with both the former Biden-Harris and Donald Trump campaigns.

On Wednesday, both the FBI and Secret Service declined to discuss new concerns with the old DNC compromised data.