Sunday, July 24, 2016

Democratic National Committee (DNC) email servers hacked. What Email does the DNC use?

In this wild and crazy 2016 presidential election its very interesting the DNC email servers got hacked and documents were released just before the DNC convention.

Well, we did some investigation into what email system the DNC is actually using.
They seem to use two domains DEMOCRATS.ORG and DNC.ORG which we found being used in this WikiLeaks doc along with Donna Brazile's personal .me email.
Running email (MX) record testing on DNC.ORG returns the following which seems like a private hosted exchange server at APPRIVER.   The domain was registered at ENOM and is registered with the Democratic National Committee, but no website shows up for dnc.org

Although, AppRiver does blow this security trumpet on their website "AppRiver's award-winning SecureTide email protection is included with every Hosted Exchange account, so you also have the best security in the business built in." So much for SecureTide.

Running email (MX) record testing on the domain DEMOCRATS.ORG the MX info came back with the following info:


GOOGLE APPS The business class version of GMAIL.

Now, does this mean Google Apps or AppRiver sucks at security. Not really. It's more likely means that someone at the DNC was careless in opening an email therefore infecting their PC and or the entire network.

Lastly the Dems have a website http://www.democraticnationalcommittee.org 
Doing a mail server lookup for this domain brings up GoDaddy purchased domain and Godaddys  free and low cost POP email servers. 
Most likely the DNC is not using this domain for email (hopefully). In fact clicking on the only contact link forwards you to the following email: info@maf.democrat which is also using the same GoDaddy free and POP email servers. Its possible these are just mail forwarding accounts.

As we always say here, practice good email security prevention as discussed in a previous blog post at BLOG.MPECSINC.ca

Remember, when Sony Entertainment got hacked, the Sony email system of choice was our personal favorite Office365.

1 comment:

Anonymous said...

This is 100 percent accurate based on what I found. At the time if you investigated some of their public hosts you would discover that they didn't appropriately secure their L3 communication protocols - specifically BGP traffic. It was apparent to me as well after finding this and investigating that alot of the emails from the DNC that were published contained the communication transcripts with the same public blocks.

This was not just an application security issue although i'm sure this one was hit on all levels, but all up and down the IOS model. Its possible that external spoofing was allowed to take place simply by allowing the L3 protocols to be manipulated in anyway.