Election Day Cybershenanigans Highlight Need to Shore Up Security
Nov 10, 2016 1:43 PM PT
Hackers last week launched DDoS attacks against both presidential candidates' campaign websites. The attacks were routed through HTTP Layer 7 of the OSI protocol.
There were at least four 30-second attacks reported.
"The websites were not penetrated by a cyberintrusion," said John Costello, a senior analyst at Flashpoint.
"They were attacked using their publicly available Web addresses and associated IPs," he told the E-Commerce Times.
The attackers were unsophisticated hackers and not a nation-state, Flashpoint said.
The attacks were not linked to the cyberintrusions on Democratic Party systems or the email breach affecting John Podesta, chairman of Hillary Clinton's presidential campaign. The United States has accused Russia of perpetrating those attacks.
The Mirai botnet was responsible for the campaign website hacks, Flashpoint said. It is known to have been behind other recent DDoS attacks that took advantage of devices connected to the Internet of Things.
The botnet's source code has been released, fragmenting it into smaller, competing botnets, Costello noted, which "has significantly lowered the impact, efficacy, and damage of subsequent attacks. No single attacker has been able to gain control of enough devices to replicate the scale of attacks we saw against Dyn DNS, OVH, or Krebs on Security."
Are US Elections Cybersecure?
The attacks "demonstrated that script kiddies and other basic threats were able to target and potentially disrupt portions of candidates' websites without the respective campaigns noticing the attacks," said James Scott, senior fellow at the Institute for Critical Infrastructure Technology.
That occurred "because both the sites lacked appropriate mitigation precautions," he told the E-Commerce Times.
"A greater prioritization and focus on cybersecurity and cyberhygiene is needed to secure the electoral process and America's critical infrastructure," Scott remarked.
The Real Danger of Attacks
Taking down websites is penny-ante stuff, and "I'd make a distinction between attacks that disrupt the availability of websites and attacks that raise questions regarding the integrity of the U.S. election process," said Rick Holland, VP of strategy at Digital Shadows.
The real danger of attacks like those against the Democratic National Committee, which resulted in emails being stolen and leaked, is that they "raise suspicions in the electorate that will have much longer-term implications for day-to-day governance of the nation," he told the E-Commerce Times.
Such leaks "fuel the opposition, which could launch investigations and inquiries that make it difficult for Washington to function."
How to Secure Systems
Federal, state and local government officials could ensure the security of elections by implementing such measures as security websites and complex credential requirements, ICIT's Scott suggested.
Federal agencies may offer assistance to candidates on request, but "it is the responsibility of candidates to excel the minimum required security controls," he said.
Candidates and party officials also could set mandatory security guidelines in line with federal agency recommendations and trusted cybersecurity standards and guidelines, Scott added.
Data "is a liability and needs to be handled as such," Digital Shadows' Holland warned. Government officials "need to implement data governance policies that address data retention."
"Powerful malware such as Mirai will continue to develop and evolve," Scott said. "Every day, these sophisticated [types of] malware become more accessible, and easier to acquire and utilize by less-sophisticated threat actors."
The federal government should designate the election systems themselves as critical infrastructure, Holland maintained. That would not be sufficient to eliminate the threat, but it would accelerate resiliency.