Searching for smart, safe news you can TRUST?

Support safe, smart, REAL journalism. Sign up for our Axios AM & PM newsletters and get smarter, faster.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Searching for smart, safe news you can TRUST?

Support safe, smart, REAL journalism. Sign up for our Axios AM & PM newsletters and get smarter, faster.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa-St. Petersburg news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Photo: Saul Loeb/AFP/Getty Images

The DNC walked back an assertion that it had detected a "sophisticated" hacking attempt early Thursday, announcing instead that it was simply a subcontractor's unauthorized security test.

Why it matters: While this is a slight black eye for the DNC, who look a little foolish for riling up the press over what turned out to be an internal matter, it's a massive victory for Lookout, the third-party security firm that caught the "attempt" with its unique approach to discovering phishing sites.

What actually happened:

  • The DNC uses the contractor NGP VAN to manage its digital voter operations — specifically, a product known as VoteBuilder.
  • Lookout discovered what appeared to be a newly-registered phishing site meant to look like the NGP VAN site and alerted several stakeholders.
  • After an FBI investigation, it turned out that, according to the DNC's chief security officer Bob Lord, a third party "not authorized by the DNC or its vendors" set up the site to test Democrats' resiliency to phishing attacks.
  • Michael Kan, a reporter for PCMag, determined that the unauthorized third party was the Michigan Democratic Party — technically a separate entity from the national group.
  • It's not uncommon for organizations to try to phish their own members as both an educational experience and security audit.

The tech behind the hullabaloo:

  • "Most people in security want to know why a mobile security company discovered the phishing site," Aaron Cockerill, chief strategy officer at Lookout, told Axios. "There are dedicated products to protect organizations from phishing. Lookout is not one of them."
  • Cockerill said Lookout, which protects mobile phones, got into the phishing protection buisness because phishing remains a key mobile threat. Lookout caught the site where others didn't because it uses a different apparatus than other phishing protection services.
  • Most products run checks on a site after links are sent to clients. "We call that the 'sacrificial lamb approach,'" said Cockerill. "The links won't be detected as phishing sites until someone first sees them, which may be too late for that person."
  • Lookout, on the other hand, uses AI to detect if any newly-registered sites are phishing sites. In the NGP VAN case, Cockerill said, it identified the site half an hour after it launched.

Go deeper: Inside the Democratic war against hacks.

Get more stories like this by signing up for our cybersecurity newsletter, Codebook. 

Go deeper

41 mins ago - Health

U.S. tops 88,000 COVID-19 cases, setting new single-day record

Expand chart
Data: COVID Tracking Project; Chart: Axios Visuals

The United States reported 88,452 new coronavirus cases on Thursday, setting a single-day record, according to data from the COVID Tracking Project.

The big picture: The country confirmed 1,049 additional deaths due to the virus, and there are over 46,000 people currently being hospitalized, suggesting the U.S. is experiencing a third wave heading into the winter months.

Updated 2 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Health: Large coronavirus outbreaks leading to high death rates — Coronavirus cases are at an all-time high ahead of Election Day.
  2. Politics: Top HHS spokesperson pitched coronavirus ad campaign as "helping the president" — Space Force's No. 2 general tests positive for coronavirus.
  3. World: Taiwan reaches a record 200 days with no local coronavirus cases.
  4. Sports: MLB to investigate Dodgers player who joined celebration after positive COVID test.
  5. 🎧Podcast: The vaccine race turns toward nationalism.

The norms around science and politics are cracking

Illustration: Aïda Amer/Axios

Crafting successful public health measures depends on the ability of top scientists to gather data and report their findings unrestricted to policymakers.

State of play: But concern has spiked among health experts and physicians over what they see as an assault on key science protections, particularly during a raging pandemic. And a move last week by President Trump, via an executive order, is triggering even more worries.