Photo: Saul Loeb/AFP/Getty Images

The DNC walked back an assertion that it had detected a "sophisticated" hacking attempt early Thursday, announcing instead that it was simply a subcontractor's unauthorized security test.

Why it matters: While this is a slight black eye for the DNC, who look a little foolish for riling up the press over what turned out to be an internal matter, it's a massive victory for Lookout, the third-party security firm that caught the "attempt" with its unique approach to discovering phishing sites.

What actually happened:

  • The DNC uses the contractor NGP VAN to manage its digital voter operations — specifically, a product known as VoteBuilder.
  • Lookout discovered what appeared to be a newly-registered phishing site meant to look like the NGP VAN site and alerted several stakeholders.
  • After an FBI investigation, it turned out that, according to the DNC's chief security officer Bob Lord, a third party "not authorized by the DNC or its vendors" set up the site to test Democrats' resiliency to phishing attacks.
  • Michael Kan, a reporter for PCMag, determined that the unauthorized third party was the Michigan Democratic Party — technically a separate entity from the national group.
  • It's not uncommon for organizations to try to phish their own members as both an educational experience and security audit.

The tech behind the hullabaloo:

  • "Most people in security want to know why a mobile security company discovered the phishing site," Aaron Cockerill, chief strategy officer at Lookout, told Axios. "There are dedicated products to protect organizations from phishing. Lookout is not one of them."
  • Cockerill said Lookout, which protects mobile phones, got into the phishing protection buisness because phishing remains a key mobile threat. Lookout caught the site where others didn't because it uses a different apparatus than other phishing protection services.
  • Most products run checks on a site after links are sent to clients. "We call that the 'sacrificial lamb approach,'" said Cockerill. "The links won't be detected as phishing sites until someone first sees them, which may be too late for that person."
  • Lookout, on the other hand, uses AI to detect if any newly-registered sites are phishing sites. In the NGP VAN case, Cockerill said, it identified the site half an hour after it launched.

Go deeper: Inside the Democratic war against hacks.

Get more stories like this by signing up for our cybersecurity newsletter, Codebook. 

Go deeper

Updated 11 mins ago - Politics & Policy

Trump vows to block stimulus funding for mail-in voting and USPS

President Trump on Thursday told Fox Business' Maria Bartiromo that Democratic demands to fund mail-in voting and the U.S. Postal Service in ongoing coronavirus stimulus negotiations were a non-starter.

Why it matters: Trump directly linked Democrats' desired $3.6 billion for mail-in voting and $25 billion for the USPS to his continued baseless claims that increased mail-in voting will lead to widespread voter fraud.

Wind and solar power hit record global market shares in first half of 2020

Reproduced from Ember; Chart: Axios Visuals

A steep decline in coal-fired power combined with rising wind and solar output drove the carbon-free sources to record global market share in the first half of 2020, per a new analysis from the environmental think tank Ember.

Why it matters: The report shows how the coronavirus pandemic is speeding the ongoing shakeup of the global power mix — but also how it's occurring too slowly to reach international climate goals.

BodyArmor takes aim at Gatorade's sports drink dominance

Illustration: Eniola Odetunde/Axios

BodyArmor is making noise in the sports drink market, announcing seven new athlete partnerships last week, including Christian McCaffrey, Sabrina Ionescu and Ronald Acuña Jr.

Why it matters: It wants to market itself as a worthy challenger to the throne that Gatorade has occupied for nearly six decades.