We are less than three months away from midterm elections in the US, a timeline that is not lost on the hacking community. With the conclusion of the Black Hat and DefCon conferences last week, the US is now even more focused on election and voting security.
In a feature story published Sunday, Robert McMillan and Dustin Volz of The Wall Street Journal reported on activities taking place during the second annual Voting Village at DefCon. Executing hacks designed to identify flaws in voting machines that could open up gateways for attackers, participants went after a number of popular machines used in various election precincts around the country during the event. According to the story:
On the first day of the event, which runs through Sunday, hackers were able to swap out software, uncover network plug-ins that shouldn’t have been left working, and uncover other ways for unauthorized actors to manipulate the vote.
However, several of the machine vendors present expressed skepticism over whether or not such hacks could be carried out in real life situations. According to the story:
“Anybody could break into anything if you put it in the middle of a floor and gave them unlimited access and unlimited time,” said Leslie Reynolds, executive director of the National Association of Secretaries of State.
Election Systems & Software LLC, a leading manufacturer of voting equipment, was reluctant to have its systems tested at the conference. The company played down the expected findings from the event in a letter to customers. Hackers “will absolutely access some voting systems internal components because they will have full and unfettered access to a unit without the advantage of trained poll workers, locks, tamper-evident seals, passwords, and other security measures that are in place in an actual voting situation.”
Whether or not hackers can break into voting machines or any systems and actually change vote tallies remains to be seen. There is no doubt though, that attackers have been able to gain access to the accounts of political candidates and their employees without having to challenge technical security controls. This was the case in the 2016 US national elections. Hopefully, the Black Hat and DefCon hackers are helping to address a problem before it spirals out of control. If history is a guide, then the US should be placing equal focus on how to protect vulnerable humans against run-of-the-mill phishing and social engineering attacks as well.
Read the full story at: Tensions Flare as Hackers Root Out Flaws in Voting Machines
Dtex in the News …
Last week, eWeek’s Chris Preimesberger published a product overview of the Dtex Advanced User Behavior Intelligence Platform. This comprehensive overview reveals how the platform helps customers to gain visibility over user behaviors, protect trusted insiders against attacks, detect insider threats, and protect privacy. According to Chris:
The Dtex Systems Advanced User Behavior Intelligence Platform provides customers with complete visibility over user behaviors and activities taking place on endpoints that are on and off the network. The Dtex lightweight endpoint meta data collectors are highly scalable, easy to deploy, require no maintenance, and have near-zero impact on endpoint and user performance. Dtex filters out all non-essential “noise” to create a high-fidelity data stream that indicates exactly when risky activities and behaviors are taking place. Machine learning and advanced analytics are applied to the data at the server to convert it into user behavior intelligence that provides accurate alerts and a complete audit trails showing where insider threats exist. Patented anonymization capabilities, privacy-by-design architecture and meta data collection protects user privacy.
Read the full analysis at: Dtex Systems: Product Overview and Analysis