Connect with us

Hacking

No, the 17-year-old teen did not hack a state election

Published

on

No, the 11-year-old teen did not hack a state election
No, the 11-year-old teen did not hack a state election

No, the 11-year-old teen did not hack a state election: Headlines from Def Con, a hacking conference held this month in Las Vegas, might have left some thinking that infiltrating state election websites and affecting the 2018 midterm results would be child’s play.

Articles reported that teenage hackers at the event were able to “crash the upcoming midterm elections” and that it had taken “an 11-year-old hacker just 10 minutes to change election results.” A first-person account by a 17-year-old in Politico Magazine described how he shut down a website that would tally votes in November, “bringing the election to a screeching halt.”

But now, elections experts are raising concerns that misunderstandings about the event — many of them stoked by its organizers — have left people with a distorted sense of its implications.

In a website published before r00tz Asylum, the youth section of Def Con, organizers indicated that students would attempt to hack exact duplicates of state election websites, referring to them as “replicas” or “exact clones.” (The language was scaled back after the conference to simply say “clones.”)

Instead, students were working with look-alikes created for the event that had vulnerabilities they were coached to find. Organizers provided them with cheat sheets, and adults walked the students through the challenges they would encounter.

Josh Franklin, an elections expert formerly at the National Institute of Standards and Technology and a speaker at Def Con, called the websites “fake.”

“When I learned that they were not using exact copies and pains hadn’t been taken to more properly replicate the underlying infrastructure, I was definitely saddened,” Franklin said.

Franklin and David Becker, the executive director of the Center for Election Innovation & Research, also pointed out that while state election websites report voting results, they do not actually tabulate votes. This information is kept separately and would not be affected if hackers got into sites that display vote totals.

“It would be lunacy to directly connect the election management system, of which the tabulation system is a part of, to the internet,” Franklin said.

Jake Braun, the co-organizer of the event, defended the attention-grabbing way it was framed, saying the security issues of election websites haven’t gotten enough attention. Those questioning the technical details of the mock sites and whether their vulnerabilities were realistic are missing the point, he insisted.

“We want elections officials to start putting together communications redundancy plans so they have a protocol in place to communicate with voters and the media and so on if this happens on election day,” he said.

Braun provided ProPublica with a report that r00tz plans to circulate more widely that explains the technical underpinnings of the mock websites. They were designed to be vulnerable to a SQL injection attack, a common hack, the report says.

Franklin acknowledged that some state election reporting sites do indeed have this vulnerability, but he said that states have been aware of it for months and are in the process of protecting against it.

Becker said the details spelled out in the r00tz report would have been helpful to have from the start.

“We have to be really careful about adding to the hysteria about our election system not working or being too vulnerable because that’s exactly what someone like President Putin wants,” Becker said. Instead, Becker said that “we should find real vulnerabilities and address them as elections officials are working really hard to do.”

Boy Who Dreamed Of Working With Apple Hacked Its Systems From Home

Hacking

DNC detect an attempt to hack voter database – Again

Published

on

By

DNC detect an attempt to hack voter database
DNC detect an attempt to hack voter database

DNC detect an attempt to hack voter database: Someone tried to hack the Democratic National Committee – again.

The DNC, the formal governing body of the Democratic Party, told the FBI on Tuesday that it had discovered a “sophisticated attempt” by hackers to gain access to its voter database, according to CNN.

That voter database, held in a service called Votebuilder, includes sensitive information like addresses and phone numbers — likely of thousands of potential voters, donors, and more.

The hackers apparently created a fake website designed to look very similar to the real one that Democratic Party officials and campaigns use to log in to that database. The idea was that officials would try to log in to this fake page using their real usernames and passwords, thereby revealing that information to the hackers and enabling them to use it to log in to the real site and access the voter database. This tactic, called “spearphishing,” is one of the most common ploys hackers use to try to gain access to sensitive or private information.

The hackers even sent emails to DNC officials trying to get them to use the fake page.

The DNC only found out about the attack because a cybersecurity company in San Francisco called Lookout detected the fake website late Monday and alerted the company that hosts the DNC’s database. That company, DigitalOcean, says it took down the fake site “within hours.”

CNN, citing an unnamed “Democratic source,” says the DNC doesn’t currently believe that the hacking attempt was actually successful and “has no reason to believe its voter file was accessed or altered.”

The DNC has reportedly contacted the FBI to let it know about the hacking attempt. For now, it’s unclear what action, if any, the FBI is taking in response, though DigitalOcean said in a statement that it is working with the “appropriate law enforcement agencies” on the matter. The DNC also said it was investigating who the culprit might be.

It’s a good thing Lookout found what it did. The fake website “was very convincing,” the company’s vice president Mike Murray told CNN, adding that “it would have been a very effective attack” if it hadn’t been spotted so quickly.

Related: New Russian hacking attempt

The DNC was a cyber target before — and it didn’t go well

If you feel like you’ve heard this story before, it’s because you have — but it had a much worse ending last time around.

As the New York Times has reported in detail, the FBI discovered that a hacking group linked to the Russian government had gained access to at least one computer at the DNC.

But when the FBI contacted the DNC in September 2015 to let them know, the organization’s tech-support contractor didn’t do much with the information beyond performing “a cursory search of the DNC computer system logs to look for hints of such a cyberintrusion.” In fact, it took a whopping nine months before DNC officials even held a formal meeting with the FBI about it.

That was too little, too late. Russian hackers ultimately had access to the DNC’s network for seven months before top DNC officials knew about the attack or hired anyone to combat it. During that time, the hackers stole countless emails and documents, later releasing them to the public to try to damage the Hillary Clinton campaign.

Clearly, the DNC has learned its lesson this time around, and it has moved swiftly to let the FBI know about the attempt. What’s less clear is whether the DNC can stay just as vigilant — and move just as quickly — when the next attack comes.

Continue Reading

Trending

Copyright © 2017- 20 Ydraft