The Democratic National Committee announced last Wednesday that it had thwarted what it believed was a sophisticated attempt to hack into its voter database. But everything wasn't what it seemed. The DNC later learned the attempt wasn't the work of an adversary, but had come from within.
What actually had been detected was a simulation by the Democratic Party of Michigan of the makings of a hack. The state party had failed to let the DNC know about the exercise.
Crime, law enforcement and corrections
Elections and campaigns
Federal Bureau of Investigation
Government and public administration
Government bodies and offices
Government organizations - US
Political Figures - US
US Democratic Party
US Department of Justice
US federal departments and agencies
US federal government
US political parties
In theory, the scare, which prompted the DNC to call the FBI, showed that the party's cybersecurity systems were working: A threat was detected, the party worked with cybersecurity and hosting firms to move quickly to neutralize the threat, they contacted authorities and they promptly shared information with regional party officials and the media.
That last bit, however, is what Democrats have been reckoning with since the extensive hacking of their party and presidential campaign in the lead-up to the 2016 election: If we're hacked, should we tell voters?
Broadly, there appear to be two competing schools of thought on that issue.
One says to keep the information quiet. Report it to authorities, but don't make it public as it will distract from the message of the campaign.
The other says to share information about the hack so other campaigns know what to look for, and -- perhaps more significantly -- to put the media and opposition campaigns on notice that if internal campaign correspondence surfaces, it could be the result of a hack.
Hackings in California
Earlier this month, it emerged that the campaigns of two Democratic congressional candidates in California had been breached in the lead-up to the state's primary in June.
Neither Dr. Hans Keirstead's nor David Min's campaigns made the details of the hacks public at the time, as they didn't want it to become a distraction, sources from both campaigns told CNN. The details of the breaches emerged only after both candidates lost their primaries.
The Democratic Congressional Campaign Committee -- a group that was itself hacked by Russian military intelligence in 2016, as outlined in a recent indictment from special counsel Robert Mueller -- wouldn't explicitly say what it advises campaigns to do after a hack.
It pointed out that it doesn't have control of individual campaigns, but a committee aide said cyber and legal experts the committee had spoken with warned that discussing the details of individual cyber threats increases the threat.
Sources familiar with the Keirstead and Min campaigns said the Democratic Congressional Campaign Committee didn't advise them one way or the other on going public about being hacked. All said the committee was helpful in helping improve their campaigns' cybersecurity after they reported the breaches.
"Every campaign has to make an individual choice about whether to make information about a hack public," Robby Mook, Hillary Clinton's former campaign manager, told CNN. "But the last thing any campaign should want is a bunch of compromising information released to the public without the proper context that it was stolen -- perhaps by a hostile foreign government."
Democrats tried to get ahead of the hacked materials in 2016, but Mook said many found the revelations that it was due to a Russian intelligence operation "unbelievable at the time."
He said that although he understood why campaigns were reluctant to do anything to distract from their message, "A story that you got hacked is maybe a one- or two-day story, and buys you time to educate the press about who is behind the attack. Thousands of juicy emails released at regular intervals can be a weeks-long story. The one-day story may protect your message from the weeks-long story."
When Keirstead's work email, which the candidate sometimes used for campaign correspondence, was hacked, the decision was made to keep it under wraps, a source familiar with the campaign told CNN.
"The only decision that you take into account is how does this affect your electoral chances," the source said.
When Min's campaign realized it had been hacked in March, an FBI agent arrived at the campaign's headquarters within 24 hours, according a source familiar with the campaign.
The source added, "We didn't want to make anything happen that would interfere with (the FBI investigation) or take away from the focus of the campaign."
The source hinted at another concern that campaigns that are hacked may have in mind: money. A hack could dissuade donors from contributing out of fear their information will be compromised.
The hack that wasn't
The DNC said last week's false alarm demonstrated the party is being proactive when it comes to cybersecurity.
"Despite our misstep and the alarms that were set off, it's most important that all of the security systems in place worked," said Brandon Dillon, the chair of the Michigan Democratic Party, the group responsible for the scare.
And despite the false alarm, it appears that the threat is very real. The targeting of the Keirstead and Min campaigns was done by actors who have not been made known -- and may not be known to authorities.
Microsoft announced last week that it had taken control of six websites it said had been created by Russian military intelligence that could have been used to target the US Senate and conservative groups. So far this election cycle, there have been no public disclosures of Republican campaigns suffering a breach.
In announcing the company's move against the Russian operation, Microsoft President Brad Smith wrote in a blog post, "We can only keep our democratic societies secure if candidates can run campaigns and voters can go to the polls untainted by foreign cyberattacks."