Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

2/17/2017
11:00 AM
Connect Directly
Twitter
RSS
E-Mail
0%
100%

After Election Interference, RSA Conference Speakers Ask What Comes Next

Election-tampering called 'a red line we should not allow anyone to cross.'

RSA CONFERENCE -- San Francisco -- As discussion about possible American collusion with Russian interference in the 2016 US presidential election heats up in Washington, the events have also been a hot topic here. RSA Conference speakers have not only tackled recent hacking events specifically, but discussed how they exacerbate the weaknesses of an already fragmented, lightly regulated voting system with highly irregular security practices.

The fundamental questions: what comes next and why does it matter to cybersecurity professionals? 

Rep. Michael McCaul (R-TX), chairman of the House Homeland Security Committee, said during a keynote session Tuesday that he was first briefed on election-related attacks in the spring, and has "no doubt" Russians undermined the election.

"This is a red line we should not allow anyone to cross," said Rep. McCaul. 

"We must continue to call out Moscow for election interference. …  And if we don’t, I am certain they will do it again," he said.

McCaul also said that there must be a response to this behavior, and the "strategies should not include just returning fire."

These were thoughts echoed by John P. Carlin, chair of Morrison and Foerster LLP in a session called "Electoral Dysfunction" Wednesday. Until recently, Carlin was the US Department of Justice's assistant attorney general for national security; he left the position in October. "I'm very concerned about repeated conduct," by nation-state attackers, said Carlin.

During Carlin's tenure, DOJ developed a cybercrime "deterrence playbook" to discourage nation-state attacks on the US by ensuring there would be consequences for them. For deterrence to work, Carlin explained, the government would not only have to make it clear that it would take action in respond to specific acts, but make it clear that "we are going to take actions until the behavior stops."  

Michele Flournoy - founder and CEO of the Center for a New American Security, who served as Under Secretary of Defense for Policy from 2009 to 2012 - took aim at Russia and recent attacks specifically.

"We need to assess Russian with clear eyes," said Flournoy, during a session on the future of security and defense Tuesday. She explained that after the Cold War, Russia did not integrate with global community as other members of the Eastern Bloc, and that since Putin took leadership of the country a second time he has pursued a campaign "against democracy" and an effort to deunify allies. 

"We owe it to ourselves to investigate [these attacks] further," Flournoy said, saying that we need to "really map the extent of contact between the Trump campaign and Russia." 

(Later that day, the New York Times reported that members of the Trump campaign had repeated contact with Russian intelligence before the election. Some legislators, including Senate Foreign Relations Committee Chairman Bob Corker, a Republican, has since suggested that recently ousted national security adviser Michael Flynn should testify before Congress, telling MSNBC "Maybe there's a problem that obviously goes much deeper than what we now suspect." President Trump has suggested the controversy is manufactured.)

How much of this really falls under the purview of cybersecurity, though? No evidence has been reported of voting machines themselves being exploited or attacked in the 2016 US presidential election. The hacks and information leaks that did occur were not particularly sophisticated from a technological standpoint.

Despite that, "it may eventually come to be seen as the biggest hack in history," said Kenneth Geers, Comodo Senior Research Scientist and a NATO Cooperative Cyber Defence Center of Excellence Ambassador, in an interview with Dark Reading. Geers also spoke about the demonstrable connection between malware activity and significant political, socioeconomic events during a Comodo event here Monday and RSA presentations.  

Geers says one could "definitely draw a parallel" between Russian involvement in the US elections and the Ukraine election in 2014, because both included the hacking of political parties, doxing, and the information operations in social media - like the creation of fraudulent accounts and the spread of propaganda, which are not always seen as part of the American definition of "information security." 

While attackers could focus their hacking efforts on e-voting machines themselves, Geers said, it would easier to discover than these other, subtler methods, Geers said.

Carlin echoed this sentiment. "Think of how effective this was, and it did not attack the [systems we use to vote.]"

There are other, practical reasons attackers wouldn't go after voting machines. Mike Weber, vice president of labs at Coalfire explained in the "Electoral Dysfunction" session, although vulnerabilities have been found in machines before, many of them require physical access, or near access to the hardware. Therefore, it's simpler "not to attack the infrastructure, but the things that access the infrastructure" - like voter databases, for example.

These attacks nevertheless cause distrust in the very democratic process.

In the same session, Pamela Smith, president of Verified Voting said the 2016 election showed that the US vote auditing and recount process is "worse than we thought." There are roughly 6,000 voting jurisdictions in the US, all with their own rules. Some of the jurisdictions that were called upon to do a recount had no voter-verified paper trails, others had policies allowing them the option to re-run their machines' tally instead of counting the paper votes, and others halted the recounts before they were completed. 

Related RSA Content:

 

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
GetErD973
67%
33%
GetErD973,
User Rank: Apprentice
2/19/2017 | 11:10:27 PM
Russians hacking election? Really?
So many things wrong with this concept.  First, a simple phish attack resulted in showing how the DNC was actually rigging the election and yet somehow what the DNC did is blamed on the Russians?

Second, the great USA has always tried to influence elections of other countries - why is it right when we do it and wrong when others try to do same to us?

If you are a credible security professional, this is a none story.  If you "hate Trump" and "love Clinton", then this is a great story to try to jam down everyone's throat.

 
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5421
PUBLISHED: 2020-09-19
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
CVE-2020-8225
PUBLISHED: 2020-09-18
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
CVE-2020-8237
PUBLISHED: 2020-09-18
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.
CVE-2020-8245
PUBLISHED: 2020-09-18
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11....
CVE-2020-8246
PUBLISHED: 2020-09-18
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-W...