Cybersecurity and the Elections

election-hackedIn the last several days, we have seen big distributed denial of service (DDoS) attacks against DynDNS, an Internet services company that provides domain name services (DNS) to many companies including Twitter and PayPal.  DNS is how web sites are found on the web, you enter a web address in your browser, and DNS finds the website you are looking for.  When attacked in this way, DNS stops working because the flood of requests overwhelms the DNS servers ability to provide responses.  These attacks took down the Internet on the east coast first, and then the west coast, for a period of several hours each on different days.

This particular DDoS attack is using the Mirai botnet.  This is a botnet comprised largely of Internet of Things (IoT) devices such as web cams, DSL and cable modems, DVRs, smart TVs and Routers.  Read more here:

What We Know About Friday’s Massive East Coast Internet Outage

West Coast under web attack: Twitter among huge number of blocked sites

Some officials are thinking that these attacks may be trial runs leading up to the National Election next week.  There has been other evidence of attacks mounted against the electronic election infrastructure.  Here are some articles of interest.

From Russia with grudge: hackers accused of trying to sway US election

Or this one from Silicon Beat.

US Gov’t Officially Accuses Russia Of Hacking… Question Is What Happens Next

And someone has been attacking the voter registration databases.  All fifty states have been scanned for weakness, and at least 13 states have declared a breach.  Three presenters at the Cyber Security Summit (an Army General, a DHS Under Secretary, and a Regional Director of the SBA) mentioned this issue.  The government it taking this threat seriously, although each of them doubted the ability of a hacker to actual change vote totals at this point.

This does not bode well for our election.

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.