WAPO – Election Security – worrisome in the 10th degree if you ask me


PATCHED:The vast majority of the nation’s largest county election offices aren’t protecting themselves against basic email phishing attacks that hackers could use to disable polling equipment and sow chaos on Election Day, a report out this morning finds. 

The company Valimail checked protections at election offices in the three largest counties in every state and found just 5 percent were set up to automatically reject or quarantine suspicious emails. Across six active swing states — Arizona, Florida, North Carolina, Pennsylvania, Michigan, and Wisconsin — none of the top three counties had the protection. 

The fact that election officials aren’t using basic protections against email phishing suggests they’d be “staggeringly” vulnerable to a sophisticated foreign adversary, Seth Blank, director of industry initiatives at Valimail, told me.


Windows 7 is good enough for voting machines, really?

This is just crazy or stupid. I would advocate that even small business should be getting off Windows 7 as fast as possible. But it is good enough for US voting machines (a huge impact attack surface that we know is already week – voting machines), really? This just does not make sense and demonstrates incredibly poor planning for one of the most important activities in our democracy – voting.

Hacking tools and hands for hire – cheap!

Much has been said / printed about the cybersecurity risks we all face with our digital information and transactions. But, i believe many of us underestimate just how easy and cheaply it is for ‘bad folks’ to get access, tools and other resources to do the work … for example, quote: “In another case, McGuire and Bromium found a database of passwords and PIN numbers that appeared to belong to customers of Qatar National Bank, a global bank with tens of billions of dollars in revenue, for sale for roughly $10.”

That quote was from an article referenced by Washington Post – https://www.cyberscoop.com/corporations-beware-dark-net-markets-selling-tools-targeting-accounts/

WAPO pointed to a Bloomberg post – you may need subscription https://www.bloomberg.com/news/articles/2019-06-06/access-to-bank-networks-for-sale-on-dark-web-new-research-says

An interesting costing estimate, quote: “The price for commissioning an attack on a specific corporation averaged about $4,500, the researchers found. Bespoke corporate espionage services, targeting either individuals or specific information from a particular company, were available for fees ranging from $1,000 to $15,000, they said.”