Quantcast
Connect with us

Computer researchers warn US House candidates are vulnerable to hacks

Published

on

hacker mr robot

Three of every 10 candidates running for the U.S. House of Representatives have significant security problems with their websites, according to a new study by independent researchers that underscores the threat hackers pose to the November elections.

The research was due to be unveiled on Sunday at the annual Def Con security conference in Las Vegas, where some attendees have spent three days hacking into voting machines to highlight vulnerabilities in technology running polling operations.

ADVERTISEMENT

A team of four independent researchers led by former National Institutes for Standards and Technology security expert Joshua Franklin concluded that the websites of nearly one-third of U.S. House candidates, Democrats and Republicans alike, are vulnerable to attacks. NIST is a U.S. Commerce Department laboratory that provides advice on technical issues, including cyber security.

Using automated scans and test programs, the team identified multiple vulnerabilities, including problems with digital certificates used to verify secure connections with users, Franklin told Reuters ahead of the presentation.

The warnings about the midterm elections, which are less than three months away, come after Democrats have spent more than a year working to bolster cyber defenses of the party’s national, state and campaign operations.

Democratic National Committee officials told Reuters they have completely rebuilt the party’s computer network, including email systems and databases, to avert a repeat of 2016, when Russian intelligence agents hacked into Democratic accounts and then used stolen data to undermine support for Hillary Clinton’s presidential bid.

ADVERTISEMENT

“No one wants to be the next ‘patient zero,’” said DNC Chief Technology Officer Raffi Krikorian, a former executive with Twitter and Uber.

The report follows a string of warnings by Trump administration security officials that Russia is actively interfering in the November elections. FBI Director Christopher Wray recently warned that Russian government agents were working around the clock to sow discord ahead of the election.

Democratic Senator Claire McCaskill, who is facing a tough re-election battle in Missouri, last month said that hackers had tried and failed to access her office’s computer network. The Def Con study did not address that incident.

ADVERTISEMENT

The researchers did not identify any cases where it appeared that politically motivated hackers had exploited those vulnerabilities.

“We’re trying to figure out a way to contact all the candidates” so they can fix the problems, said Franklin, who joined the nonprofit Center for Internet Security last month.

Department of Homeland Security officials said at Def Con that they are offering aid to states and counties for securing election equipment.

ADVERTISEMENT

Still, some states said they are not getting enough help, and new funding efforts failed in Congress. Individual campaigns are not eligible for federal assistance, so they rely on party officials, an increased number of tech-savvy volunteers and nonprofit groups such as Defending Digital Democracy, a bipartisan project at the Kennedy School of Government at Harvard University.

Franklin also said he found numerous potentially malicious web pages that closely resemble the names of candidates. Hackers use that practice, known as “typo-squatting,” to develop copycat sites for use in phishing campaigns to steal credentials or to criticize candidates.

The candidates at most risk of hacks are ones with small campaigns that have with little expertise in computer technology or security, Franklin said.

ADVERTISEMENT

STEPS BY THE DNC
The Democratic National Committee agreed to discuss some steps it has taken to bolster security in the hope it can serve as a model for other election offices.

Since Krikorian joined the DNC a year ago, the party has moved email and data storage to Google cloud and replaced most Windows computers with easier-to-defend Apple hardware and Google Chromebooks, he said.

The party also requires staff to fill out monthly surveys pledging that they are following key security practices, including use of two-factor authentication for personal accounts, long and unique passwords, and encryption on computers. They are also asked if they are running operating systems and application software with up-to-date security patches.

ADVERTISEMENT

The party uses software from San Francisco-based Okta that grants access to DNC systems only after testing devices to confirm the identity of users and verify they are not running malicious software.

The biggest change has been psychological, as staffers and volunteers are trained to assume that the network has been breached, avoid putting the most sensitive information in emails and use end-to-end encrypted messaging like Signal.

The party is also reaching out to campaigns and stressing basic precautions.

ADVERTISEMENT

DNC Chief Security Officer Bob Lord, a former security executive with Yahoo and Twitter, sent an email a week ago to state party leaders, urging them not to use phones from Chinese manufacturers Huawei [HWT.UL] and ZTE Corp.

U.S. intelligence officials have warned that Chinese authorities could seek to use those devices to spy on Americans.

Reporting by Joseph Menn in Las Vegas; Editing by Jim Finkle and Steve Orlofsky

ADVERTISEMENT

Enjoy this piece?

… then let us make a small request. Like you, we here at Raw Story believe in the power of progressive journalism — and we’re investing in investigative reporting as other publications give it the ax. Raw Story readers power David Cay Johnston’s DCReport, which we've expanded to keep watch in Washington. We’ve exposed billionaire tax evasion and uncovered White House efforts to poison our water. We’ve revealed financial scams that prey on veterans, and legal efforts to harm workers exploited by abusive bosses. We’ve launched a weekly podcast, “We’ve Got Issues,” focused on issues, not tweets. And unlike other news outlets, we’ve decided to make our original content free. But we need your support to do what we do.

Raw Story is independent. You won’t find mainstream media bias here. We’re not part of a conglomerate, or a project of venture capital bros. From unflinching coverage of racism, to revealing efforts to erode our rights, Raw Story will continue to expose hypocrisy and harm. Unhinged from billionaires and corporate overlords, we fight to ensure no one is forgotten.

We need your support to keep producing quality journalism and deepen our investigative reporting. Every reader contribution, whatever the amount, makes a tremendous difference. Invest with us in the future. Make a one-time contribution to Raw Story Investigates, or click here to become a subscriber. Thank you. Click to donate by check.

Enjoy this piece?

… then let us make a small request. Like you, we here at Raw Story believe in the power of progressive journalism — and we’re investing in investigative reporting as other publications give it the ax. Raw Story readers power David Cay Johnston’s DCReport, which we've expanded to keep watch in Washington. We’ve exposed billionaire tax evasion and uncovered White House efforts to poison our water. We’ve revealed financial scams that prey on veterans, and efforts to harm workers exploited by abusive bosses. We’ve launched a weekly podcast, “We’ve Got Issues,” focused on issues, not tweets. Unlike other news sites, we’ve decided to make our original content free. But we need your support to do what we do.

Raw Story is independent. You won’t find mainstream media bias here. We’re not part of a conglomerate, or a project of venture capital bros. From unflinching coverage of racism, to revealing efforts to erode our rights, Raw Story will continue to expose hypocrisy and harm. Unhinged from corporate overlords, we fight to ensure no one is forgotten.

We need your support to keep producing quality journalism and deepen our investigative reporting. Every reader contribution, whatever the amount, makes a tremendous difference. Invest with us in the future. Make a one-time contribution to Raw Story Investigates, or click here to become a subscriber. Thank you.



Report typos and corrections to: [email protected]. Send news tips to: [email protected].
READ COMMENTS - JOIN THE DISCUSSION
Continue Reading

Breaking Banner

‘This is how he gets us killed’: American Jews and allies horrified after Trump blurts out anti-Semitic trope

Published

on

President Donald Trump blurted out another anti-Semitic trope during his brief press availability Tuesday in the Oval Office.

Trump has been having a kind of holy war with Reps. Ilhan Omar (D-MN) and Rashida Tlaib (D-MI), two of just three Muslim officials in Congress. When speaking to the press Tuesday, he claimed that Jews have no business supporting Democrats because they're anti-Semitic. But then he took it a step further.

Continue Reading

Facebook

After getting caught having sex with former congregants, Franklin Graham’s nephew launches new church based on ‘redemption’

Published

on

Tullian Tchividjian insists that when he had extra-marital affairs with congregants at his former church, they were "consensual" and not an abuse of power. Nevertheless, he's getting a second shot with the upcoming launch of his new church in Palm Beach Gardens, Florida, The Christian Post reports.

“I don’t care what role a person has, a consensual relationship between two adults is not abuse. And some of these people will try to make the case that, ‘Well, because you’re in a position of authority, it is abuse,’” Tchividjian, who is the nephew of evangelical figurehead Franklin Graham and the grandson of famed evangelist Billy Graham, told the Palm Beach Post this weekend. “And I’ll go, ‘OK I can see how that has been and can be used by people in those positions.’ ... [But] that just was not true for me. I was not abusing my authoritative role to try and find women.”

Continue Reading
 

Breaking Banner

Conservative columnist blasts GOP as ‘partisan hacks for whom hypocrisy is second-nature’

Published

on

On Tuesday, President Donald Trump once again ripped into The Squad, this time to undercut an emotional press conference in which Rep. Rashida Tlaib (D-MN) described the conditions her Palestinian relatives live under.

“Sorry, I don’t buy Rep. Tlaib’s tears. I have watched her violence, craziness and, most importantly, WORDS, for far too long,” the president tweeted. “Now tears? She hates Israel and all Jewish people. She is an anti-Semite. She and her 3 friends are the new face of the Democrat Party. Live with it!”

Sorry, I don’t buy Rep. Tlaib’s tears. I have watched her violence, craziness and, most importantly, WORDS, for far too long. Now tears? She hates Israel and all Jewish people. She is an anti-Semite. She and her 3 friends are the new face of the Democrat Party. Live with it!

Continue Reading
 
 

Thank you for whitelisting Raw Story!

As a special thank you, from now until August 31st, we're offering you a discounted rate of $5.99/month to subscribe and get ad-free access. We're honored to have you as a reader. Thank you. :) —Elias, Membership Coordinator
LEARN MORE
close-link
close-image