Open 24/7/365

We Have A Life-Time Warranty /
Guarantee On All Products. (Includes Parts And Labor)

Election Officials Are Vulnerable To Email Attacks, Report Shows

Six jurisdictions used software that Russian spies have targeted in cyberattacks. Election Officials Are Vulnerable To Email Attacks, Report Shows

Many of the thousands of county and local election officials who will be administering November’s presidential election are running email systems that could leave them vulnerable to online attacks, a new report has found.

Cybersecurity vendor Area 1 Security Inc. tracked more than 12,000 local officials and determined that over 1,600 used free or nonstandard email software that often lacks the configuration and management protection found with large cloud-service providers. More than half of the officials used email systems with limited protection from phishing attacks, Area 1 said. The findings underscore problems with the country’s diverse, locally administered election system that attracted the attention of state-sponsored hackers four years ago.

In 2016, Russian hackers targeted dozens of election systems in the U.S. and breached two counties in Florida. And while security officials and election officials say that much has been done to improve the security of these systems, email could be another avenue of incursion, especially for attackers looking to disrupt or undermine confidence in the November election, according to Oren Falkowitz, Area 1’s chief executive.

Often, all it takes for a cyber intrusion is a single software bug or misconfigured system, Mr. Falkowitz said in an interview. “When you run your own service and you don’t partner with someone to professionally manage it, it means you have to be perfect every single day,” he said. “That’s really hard.”

Area 1 found that officials in six small jurisdictions in Michigan, Missouri, Maine and New Hampshire, for example, were using a buggy version of a free software product called Exim, which has been linked to online attacks conducted by the Russian intelligence service known as the GRU. In May, the National Security Agency warned that this version of Exim had been targeted since 2019 in online attacks by the GRU.

An NSA spokesman declined to comment.

There is a range of systems used by election officials that could be hacked, all with varying results. The most sensitive of all are the vote-registration, tallying and reporting systems that are critical to election night. Then there are the computers and servers, such as email servers, used by the election officials for their day-to-day business.

While security experts say that county email systems aren’t directly linked to the computer systems that count votes or register voters, the risk may be one of public perception, not vote hacking, said J. Michael Daniel, a former White House cybersecurity official who is now chief executive of the Cyber Threat Alliance, an intelligence-sharing consortium.

“The biggest danger in my view is not actual vote changing,” Mr. Daniel said. “That’s actually really hard to do at scale in a way that would actually have a significant impact. But what you would be concerned about is undermining people’s confidence. It starts to raise these questions about what you can trust.”

Since 2016, Congress has given more than $1.2 billion to the states to improve election security and respond to coronavirus-related vote challenges. While some of that money trickled down to counties to prepare for voting in November, their agencies are facing new challenges. Running elections during the socially distant era of the coronavirus requires more help, said Rita Reynolds, the chief technology officer of the National Association of Counties.

“There’s not enough funding directly to counties for the pandemic situation,” Ms. Reynolds said. “Equally, there’s not enough funding to counties for cybersecurity.”

Over the past few years, government agencies across the country, including Atlanta, Baltimore and Jackson County, Ga., have been felled by ransomware attacks that render computer systems inoperable until a ransom—usually in the digital currency bitcoin—is paid. Many ransomware attacks begin with malicious email messages, security experts say.

At an online conference held by the National Association of Secretaries of State earlier this month, a top Department of Homeland Security election security official said malicious software targeted at the computer systems used by county officials remains a problem.

“We’ll see that ransomware will come and take down the county network, which has an impact on the election network, even though it wasn’t being targeted,” said Matt Masterson, senior adviser on election security for the Department of Homeland Security. “It may have an impact on, particularly, a local office’s ability to run elections.”

A ransomware attack on election night could undermine confidence in the election’s results, even if election systems weren’t affected, Area 1’s Mr. Falkowitz said.

Area 1 sells corporate antiphishing services and has been involved in election security in the U.S. by providing its services to candidates and political committees this year. It has no clients among the entities audited in the report. Mr. Falkowitz formerly worked for the NSA.

Despite the remaining risks, election officials say that there are now better information sharing, security testing and security monitoring on election networks than there were in 2016. And this year more counties are using voting machines that have paper ballots as a backup, which can be counted by hand in the event of a technical glitch or an election audit.

Still, Area 1 counted 666 local officials who were using their personal email address for election-related business, a practice that could expose their work systems to impersonation or other forms of online fraud.

“Unquestionably, we are better off than we were in 2016,” Mr. Daniel said. “But better off does not mean that we are where we need to be.”

Related Articles:

As TikTok ‘Spyware’ Rumor Swirls, Crypto Apps Safety In The Spotlight

US Says China Backed Hackers Who Targeted COVID-19 Vaccine Research

Apparent Coordinated Twitter Attack Targets Binance, CZ, Gemini, And More

Why Does Binance’s Android App Need To Use Your Microphone?

Encrypted Instant Chat App Promising ‘Worry Free Secure Communication’ Was Hacked

Security Expert Exposes Chaos With Trump And U.S. Intelligence Agencies

Some Of The Latest News On Cyber-Attacks And Cyber-Security Trends

New Decentralized Cybersecurity Solution Enables Passwordless Logins (#GotBitcoin?)

CIA’s ‘Lax’ Security Led To Massive Theft of Hacking Tools, Internal Report Finds

Signal Is A Truly Private Chat App Ideal For Protestors (#GotBitcoin?)

Maintain Your Privacy And Security During A Protest (#GotBitcoin?)

Borrower, Beware: Credit-Card Fraud Attempts Rise During The Coronavirus Crisis

Senate Vote Allows FBI Access To Your Browsing History Without A Warrant And What You Can Do About It

Report Says Chinese And Iranian Hackers Seek To Steal Coronavirus Research

28,000 GoDaddy Hosting Accounts Compromised

Some States Dabble In Online Voting, Weighing Pandemic Against Cybersecurity Concerns

Antonopoulos: Chainalysis Is Helping World’s Worst Dictators & Regimes (#GotBitcoin?)

Survey Shows Many BTC Holders Use Hardware Wallet, Have Backup Keys (#GotBitcoin?)

Blockfolio Quietly Patches Years-Old Security Hole That Exposed Source Code (#GotBitcoin?)

Apple iPhone May Be Vulnerable To Email (Mail) Hack

Gates Foundation, WHO And Wuhan Institute of Virology All Hacked!

Google Hack Requires That You Updated Chrome Browser Now To Version: 81.0.4044.113

Privacy-Oriented Browsers Gain Traction (#GotBitcoin?)

Can Blockchain Technology Counter US Anti-Message Encryption Bill? (#GotBitcoin?)

Chinese Military Turns To U.S. University To Conduct Covert Research

CIA Has Had Keys To Global Communication Encryption Since WWII

Hostile Spies Target U.S. With Cyber, Encryption, Big Data, Report Finds

Hackers Stole And Encrypted Data of 5 U.S. Law Firms, Demand 2 Crypto Ransoms

Ex-CIA Engineer Goes On Trial For Massive Leak

Multi One Password (Portable App)

After He Fell For A $40K Phone Scam, His Bank Offered To Help—If He Stayed Quiet (#GotBitcoin?)

Your PGP Key? Make Sure It’s Up To Date

Bezos’ Phone Allegedly Hacked By Account Associated With Crown Prince

Major Companies Shared Vulnerability Used In Travelex Cyberattack (#GotBitcoin?)

Microsoft Releases Patch To Patch Windows Flaw Detected By NSA

VPN Tier List 2020 (Comparison Table)

SEC Market-Surveillance Project Hits Snag Over Hacker Fears

Inside China’s Major US Corporate Hack

Twitter Bug Exposed Millions of User Phone Numbers

U.S. Cyber Officials Give Holiday Shopping Advice For Consumers

Is Cayla The Toy Doll A Domestic Spy?

Google’s “Project Nightingale” Faces Government Inquiry Over Patient Privacy.

Which Password Managers Have Been Hacked?

DNS Over HTTPS Increases User Privacy And Security By Preventing Eavesdropping And Manipulation

Russia Steps Up Efforts To Shield Its Hackers From Extradition To U.S.

Barr Revives Debate Over ‘Warrant-Proof’ Encryption (#GotBitcoin?)

Should Consumers Be Able To Sell Their Own Personal Data?

Doordash Says Security Breach Affected Millions Of People (#GotBitcoin?)

Fraudsters Used AI To Mimic CEO’s Voice In Unusual Cybercrime Case (#GotBitcoin?)

Pearson Hack Exposed Details on Thousands of U.S. Students (#GotBitcoin?)

Cyber Hack Got Access To Over 700,000 IRS Accounts (#GotBitcoin?)

Take A Road Trip With Hotel Hackers (#GotBitcoin?)

Hackers Prove The Insecurity Of Trump’s Border Security By Stealing Photos Of Travelers’ Faces (#GotBitcoin?)

Hackers Target Loyalty Rewards Programs (#GotBitcoin?)

Taxpayer Money Finances IRS “Star Trek” Parody (#GotBitcoin?)

IRS Fails To Prevent $1.6 Billion In Tax Identity Theft (#GotBitcoin?)

IRS Workers Who Failed To Pay Taxes Got Bonuses (#GotBitcoin?)

Trump DOJ Declines To Charge Lois Lerner In IRS Scandal (#GotBitcoin?)

DMV Hacked! Your Personal Records Are Now Being Transmitted To Croatia (#GotBitcoin?)

Poor Cyber Practices Plague The Pentagon (#GotBitcoin?)

Tensions Flare As Hackers Root Out Flaws In Voting Machines (#GotBitcoin?)

3-29-2019 FBI Retools To Counter Cyber Threats, 4-12-2019 Thousands Of FBI Personal Data Is Stolen (#GotBitcoin?)

Overseas Traders Face Charges For Hacking SEC’s Public Filings Site (#GotBitcoin?)

Group Hacks FBI Websites, Posts Personal Info On Agents. Trump Can’t Protect You! (#GotBitcoin?)

SEC Hack Proves Bitcoin Has Better Data Security (#GotBitcoin?)

Hackers Prove The Insecurity Of Trump’s Border Security By Stealing Photos Of Travelers’ Faces (#GotBitcoin?)

Our Facebook Page

Your Questions And Comments Are Greatly Appreciated.

Monty H. & Carolyn A.

Go back

Leave a Reply