Election Day Cybershenanigans Highlight Need to Shore Up Security

...

Hackers last week launched DDoS attacks against both presidential candidates' campaign websites. The attacks were routed through HTTP Layer 7 of the OSI protocol.

There were at least four 30-second attacks reported.

"The websites were not penetrated by a cyberintrusion," said John Costello, a senior analyst at Flashpoint.

"They were attacked using their publicly available Web addresses and associated IPs," he told the E-Commerce Times.

The attackers were unsophisticated hackers and not a nation-state, Flashpoint said.

The attacks were not linked to the cyberintrusions on Democratic Party systems or the email breach affecting John Podesta, chairman of Hillary Clinton's presidential campaign. The United States has accused Russia of perpetrating those attacks.

The Mirai botnet was responsible for the campaign website hacks, Flashpoint said. It is known to have been behind other recent DDoS attacks that took advantage of devices connected to the Internet of Things.

The botnet's source code has been released, fragmenting it into smaller, competing botnets, Costello noted, which "has significantly lowered the impact, efficacy, and damage of subsequent attacks. No single attacker has been able to gain control of enough devices to replicate the scale of attacks we saw against Dyn DNS, OVH, or Krebs on Security."

The attacks "demonstrated that script kiddies and other basic threats were able to target and potentially disrupt portions of candidates' websites without the respective campaigns noticing the attacks," said James Scott, senior fellow at the Institute for Critical Infrastructure Technology.

That occurred "because both the sites lacked appropriate mitigation precautions," he told the E-Commerce Times.

"A greater prioritization and focus on cybersecurity and cyberhygiene is needed to secure the electoral process and America's critical infrastructure," Scott remarked.

Taking down websites is penny-ante stuff, and "I'd make a distinction between attacks that disrupt the availability of websites and attacks that raise questions regarding the integrity of the U.S. election process," said Rick Holland, VP of strategy at Digital Shadows.

The real danger of attacks like those against the Democratic National Committee, which resulted in emails being stolen and leaked, is that they "raise suspicions in the electorate that will have much longer-term implications for day-to-day governance of the nation," he told the E-Commerce Times.

Such leaks "fuel the opposition, which could launch investigations and inquiries that make it difficult for Washington to function."

Federal, state and local government officials could ensure the security of elections by implementing such measures as security websites and complex credential requirements, ICIT's Scott suggested.

Federal agencies may offer assistance to candidates on request, but "it is the responsibility of candidates to excel the minimum required security controls," he said.

Candidates and party officials also could set mandatory security guidelines in line with federal agency recommendations and trusted cybersecurity standards and guidelines, Scott added.

Data "is a liability and needs to be handled as such," Digital Shadows' Holland warned. Government officials "need to implement data governance policies that address data retention."

"Powerful malware such as Mirai will continue to develop and evolve," Scott said. "Every day, these sophisticated [types of] malware become more accessible, and easier to acquire and utilize by less-sophisticated threat actors."

The federal government should designate the election systems themselves as critical infrastructure, Holland maintained. That would not be sufficient to eliminate the threat, but it would accelerate resiliency.

Richard Adhikari has written about high-tech for leading industry publications since the 1990s and wonders where it's all leading to. Will implanted RFID chips in humans be the Mark of the Beast? Will nanotech solve our coming food crisis? Does Sturgeon's Law still hold true? You can connect with Richard on Google+.

Categories
Guide
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    Talk Metadata To Me: How to Decode Your Network's Deepest and Darkest Secrets

    Download This paper explains what rich, historical metadata is, how you get it and how the insights and analytics it enables can materially transform the way you detect and investigate critical security threats.Drawing from our firsthand experience, we provide case studies on how organizations are analyzing metadata and using the resulting intelligence to find and stop attacks that they never would have been able to discover otherwise.
  • 5300c769af79e

    Twitter Purges Alt-Right Accounts

    In a video titled Knight of Long Knives (a reference to the 1934 mass murder of Nazi leaders by Adolf Hitler), Spencer calls Twitter's move "corporate Stalinism.But the company told USA Today that "Twitter Rules prohibit targeted abuse and harassment, and we will suspend accounts that violate this policy.
  • 5300c769af79e

    Unicorn Herd Threatens Silicon Valley, Warns VC

    The age of Unicorn investing has led to alarming overvaluations of startups that could result in an afterparty roll call not seen since 1999, Silicon Valley VC Bill Gurley warned Thursday.However there's no Unicorn index to buy, and most investors' participation is keyed to specific company performances, he pointed out.
  • 5300c769af79e

    aTube Catcher APK for Android | Download Apps For Free

    The videos you download through aTube Catcher apk can be later edited, modified, shared and viewed without the necessity of being online to do so.Sure there are other apps that can do similar to what aTube Catcher does, but that still does not take away the fact that aTube Catcher is a pretty awesome app.