Cybersecurity and the Elections

election-hackedIn the last several days, we have seen big distributed denial of service (DDoS) attacks against DynDNS, an Internet services company that provides domain name services (DNS) to many companies including Twitter and PayPal.  DNS is how web sites are found on the web, you enter a web address in your browser, and DNS finds the website you are looking for.  When attacked in this way, DNS stops working because the flood of requests overwhelms the DNS servers ability to provide responses.  These attacks took down the Internet on the east coast first, and then the west coast, for a period of several hours each on different days.

This particular DDoS attack is using the Mirai botnet.  This is a botnet comprised largely of Internet of Things (IoT) devices such as web cams, DSL and cable modems, DVRs, smart TVs and Routers.  Read more here:

What We Know About Friday’s Massive East Coast Internet Outage

West Coast under web attack: Twitter among huge number of blocked sites

Some officials are thinking that these attacks may be trial runs leading up to the National Election next week.  There has been other evidence of attacks mounted against the electronic election infrastructure.  Here are some articles of interest.

From Russia with grudge: hackers accused of trying to sway US election

Or this one from Silicon Beat.

US Gov’t Officially Accuses Russia Of Hacking… Question Is What Happens Next

And someone has been attacking the voter registration databases.  All fifty states have been scanned for weakness, and at least 13 states have declared a breach.  Three presenters at the Cyber Security Summit (an Army General, a DHS Under Secretary, and a Regional Director of the SBA) mentioned this issue.  The government it taking this threat seriously, although each of them doubted the ability of a hacker to actual change vote totals at this point.

This does not bode well for our election.

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Senior Cybersecurity Engineer at Computer Integration Technologies, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment