Cyber Headlines: Hacking the 2016 Presidential Election

Cyber Headlines: Hacking the Election

In the ever-changing landscape of Cybersecurity, it’s hard to keep up sometimes. Luckily, we’re here to keep you in the loop with all the current white-hat, grey-hat and black-hat hacker news of the day. As I was traveling, Dennis Skarr stepped in solo, with the latest news on hacking voter systems. Peep the video below and don’t forget to let us know what you think!

  • The DNC has been breached and leaked on WikiLeaks
  • The dump included over 19,000 emails, 891 documents and 175 spreadsheets.
  • The election system is particularly vulnerable because it involves a combination of state, local and federal government agencies; each with their own systems, software, hardware and security protocols.
  • US officials and cybersecurity experts have concluded that Russia was behind the DNC hacks.
  • Government departments are running old legacy computer systems that are extremely vulnerable to malware and hacking.
  • Information warfare, as a means to swing an election, is not new- but the cyber element brings up new issues therein.
  • Information warfare is a concept involving the use and management of information and communication technology in pursuit of a competitive advantage over an opponent.
  • Researchers have found many vulnerability issues in voting systems in the past.
  • Michael Greg released a blog post on his top ten ways to swing an election; here are three:
    • Hack a voting machine – There are a number of ways this can be done, such as attacking the network the machines are being run on at a voting precinct,
      • Physically tampering with the device or the network hardware to install malware,
      • Attacking the voting machine company’s network or employees to get malware into the devices or steal passwords before they are released to a government and target the back-end government network used to manage them
    • Shut down the voting system or election agencies – Similarly, hackers could use a distributed denial-of-service (DDoS) attack to disable voting machines or the back-end servers in order to deny access to voters.
      • They could also launch DDoS attacks against local, state, and federal election agencies at key moments to disrupt voter registration, notification of voting precinct times and locations, record management, or coordination between agencies.
    • Delete or change election records – If you can breach a network, you can do almost anything you want to the data.
      • They could delete important data records, change the data or insert fake records. This would be particularly disastrous with election agencies.
    • Election fraud has typically been the responsibility of election officials working with local law enforcement. It now has national security consequences, with attackers from overseas, making it a federal issue.
    • 2002 Help America Vote Act (HAVA) requires US election assistants commission to periodically adopt systems in the form of voluntary voting systems guidelines.
    • The HAVA of 2002 was passed by the US Congress to make sweeping reforms to the nation’s voting process.
    • HAVA addresses improvements to voting systems and voter access which were identified in the 2002 election.
    • In April a new presidential directive was released to update our cybersecurity stance against critical infrastructure, however voting security wasn’t mentioned.
    • Security researchers have been finding vulnerabilities in an attempt to push for more regulation, but nothing can be done without congress.
    • WikiLeaks is here to stay, and have mentioned more leaks are coming.
Sources:

http://www.politico.com/magazine/story/2016/08/2016-elections-russia-hack-how-to-hack-an-election-in-seven-minutes-214144

https://www.lawfareblog.com/what-old-and-new-and-scary-russias-probable-dnc-hack

http://www.huffingtonpost.com/michael-gregg/top-six-ways-hackers-coul_b_7832730.html

CyberTraining 365 is a comprehensive library of cybersecurity classes which enable practical application while allowing the student to control their learning pace and absorption rate. With interactive labs and a responsive community, CyberTraining 365 provides solutions for a variety of learning styles while covering an array of imperative, relevant and current topics and certifications surrounding cybersecurity. Our LMS is also ideal for training use by enterprisegovernment and educational organizations.

Leave a Reply

Your email address will not be published. Required fields are marked *