Quantcast
Connect with us

Three out of ten House of Representatives candidates vulnerable to hacks: cybersecurity experts

Published

on

hacker

Three of every 10 candidates running for the U.S. House of Representatives have significant security problems with their websites, according to a new study by independent researchers that underscores the threat hackers pose to the November elections.

The research was due to be unveiled on Sunday at the annual Def Con security conference in Las Vegas, where some attendees have spent three days hacking into voting machines to highlight vulnerabilities in technology running polling operations.

ADVERTISEMENT

A team of four independent researchers led by former National Institutes for Standards and Technology security expert Joshua Franklin concluded that the websites of nearly one-third of U.S. House candidates, Democrats and Republicans alike, are vulnerable to attacks. NIST is a U.S. Commerce Department laboratory that provides advice on technical issues, including cyber security.

Using automated scans and test programs, the team identified multiple vulnerabilities, including problems with digital certificates used to verify secure connections with users, Franklin told Reuters ahead of the presentation.

The warnings about the midterm elections, which are less than three months away, come after Democrats have spent more than a year working to bolster cyber defenses of the party’s national, state and campaign operations.

Democratic National Committee officials told Reuters they have completely rebuilt the party’s computer network, including email systems and databases, to avert a repeat of 2016, when Russian intelligence agents hacked into Democratic accounts and then used stolen data to undermine support for Hillary Clinton’s presidential bid.

ADVERTISEMENT

“No one wants to be the next ‘patient zero,’” said DNC Chief Technology Officer Raffi Krikorian, a former executive with Twitter and Uber.

The report follows a string of warnings by Trump administration security officials that Russia is actively interfering in the November elections. FBI Director Christopher Wray recently warned that Russian government agents were working around the clock to sow discord ahead of the election.

Democratic Senator Claire McCaskill, who is facing a tough re-election battle in Missouri, last month said that hackers had tried and failed to access her office’s computer network. The Def Con study did not address that incident.

ADVERTISEMENT

The researchers did not identify any cases where it appeared that politically motivated hackers had exploited those vulnerabilities.

“We’re trying to figure out a way to contact all the candidates” so they can fix the problems, said Franklin, who joined the nonprofit Center for Internet Security last month.

Department of Homeland Security officials said at Def Con that they are offering aid to states and counties for securing election equipment.

ADVERTISEMENT

Still, some states said they are not getting enough help, and new funding efforts failed in Congress. Individual campaigns are not eligible for federal assistance, so they rely on party officials, an increased number of tech-savvy volunteers and nonprofit groups such as Defending Digital Democracy, a bipartisan project at the Kennedy School of Government at Harvard University.

Franklin also said he found numerous potentially malicious web pages that closely resemble the names of candidates. Hackers use that practice, known as “typo-squatting,” to develop copycat sites for use in phishing campaigns to steal credentials or to criticize candidates.

The candidates at most risk of hacks are ones with small campaigns that have with little expertise in computer technology or security, Franklin said.

ADVERTISEMENT

STEPS BY THE DNC

The Democratic National Committee agreed to discuss some steps it has taken to bolster security in the hope it can serve as a model for other election offices.

Since Krikorian joined the DNC a year ago, the party has moved email and data storage to Google cloud and replaced most Windows computers with easier-to-defend Apple hardware and Google Chromebooks, he said.

The party also requires staff to fill out monthly surveys pledging that they are following key security practices, including use of two-factor authentication for personal accounts, long and unique passwords, and encryption on computers. They are also asked if they are running operating systems and application software with up-to-date security patches.

The party uses software from San Francisco-based Okta that grants access to DNC systems only after testing devices to confirm the identity of users and verify they are not running malicious software.

ADVERTISEMENT

The biggest change has been psychological, as staffers and volunteers are trained to assume that the network has been breached, avoid putting the most sensitive information in emails and use end-to-end encrypted messaging like Signal.

The party is also reaching out to campaigns and stressing basic precautions.

DNC Chief Security Officer Bob Lord, a former security executive with Yahoo and Twitter, sent an email a week ago to state party leaders, urging them not to use phones from Chinese manufacturers Huawei [HWT.UL] and ZTE Corp.

U.S. intelligence officials have warned that Chinese authorities could seek to use those devices to spy on Americans.

ADVERTISEMENT


Report typos and corrections to: [email protected].
READ COMMENTS - JOIN THE DISCUSSION
Continue Reading

Breaking Banner

Republicans keep dragging trolls, wackos and conspiracy theorists before hearings — are the Democrats finally fed up?

Published

on

Republicans in Congress returned to Capitol Hill following their August recess last week and immediately set out to make a mockery of their constitutional obligation — inviting discredited witnesses to provide expert testimony in a manner that only served to derail, dismiss and diminish otherwise serious subject manners.

Former Turning Point USA communications director Candace Owens was again invited by Republicans to appear before a House Joint Oversight Subcommittee on combating white supremacy. Owens, who previously argued that the 2018 mail bombings targeting Democrats actually resulted from a conspiracy plot orchestrated by liberals, claims the NRA was founded as a civil rights organization (it was actually started by Civil War veterans to improve soldiers' marksmanship), and has said, "Black Americans are doing worse off economically today than we were doing in the 1950s under Jim Crow,” to downplay the threat of white supremacy.

Continue Reading

Breaking Banner

Pence knew about and actually participated in Trump’s apparent Ukraine extortion plot: report

Published

on

Vice President Mike Pence is seemingly complicit in President Donald Trump's apparent extortion and bribery plot, based on the transcript of a press conference the VP held in Poland on September 2. At issue is a whistleblower's complaint that the White House refuses to release. It is believed it says Trump repeatedly threatened to withhold military aid from Ukraine until, or in exchange for, that country digging up and handing over dirt on former Vice President Joe Biden and his son Hunter Biden. There is no evidence any dirt was found or even exists.

Continue Reading
 

Breaking Banner

Pulitzer Prize-winner reveals why the White House thinks Trump’s Ukraine scandal ‘can be spun as positive’

Published

on

Despite the growing movement for impeachment, advisors to President Donald Trump believe the bombshell reports about soliciting foreign election interference from Ukraine can be "spun as a positive" for the president's 2020 re-election campaign.

Ashley Parker, a White House reporter for The Washington Post, was interviewed about the thinking of Trump's advisors by MSNBC's Steve Kornacki on Monday.

"This is a White House, a Trump White House, that is used to being under siege. There was of course the two-and-a-half-year saga with the Mueller investigation culminating in the Mueller report, Mueller’s testimony recently. There have been a million other controversies, flare-ups, moments when the White House was forced to defend a comment from the president, allegation against the president, these sorts of things," Kornacki noted.

Continue Reading
 
 
Help Raw Story Investigate and Uncover Injustice. Join Raw Story Investigates for $1 and go ad-free.
close-image