U.S. voting machines are easily hackable, DEF CON report says

A number of voting machines used in U.S. elections are easily hackable, a report from DEF CON, one of the world’s largest hacker conventions, found. The report is based on the Voting Village experiment at July’s DEF CON conference in Las Vegas. Over the course of four days, hackers were invited to explore and tinker with voting machines to expose their vulnerabilities. Hackers with physical access to the systems were able to compromise some of the machines within minutes. Over the course of the experiment, each of the two dozen machines was breached in some way, the report notes. The findings were presented by a panel of hackers and cybersecurity experts on an Atlantic Council panel on Tuesday, which included DEF CON founder Jeff Moss. “These machines were pretty easy to hack,” Moss said. “This flies in the face of the narrative that’s been spun by the manufacturers, which is […]

The post U.S. voting machines are easily hackable, DEF CON report says appeared first on Cyberscoop.

Continue reading U.S. voting machines are easily hackable, DEF CON report says

States want more from DHS after confusing update on 2016 election hacking activity

U.S. states targeted by Russian hackers last year are pushing back after the Department of Homeland Security provided what they say is inaccurate information about attempts to breach their election systems prior to Election Day. The election administrative offices in California, Wisconsin and Texas said this week that the information provided to them by DHS failed to prove that Russian hackers had either attempted or were successful in breaching state election systems, which includes products sold by contractors and used by states for voter registration and vote tabulation. People familiar with the matter told CyberScoop that the information provided by DHS last week is in fact accurate, but clearly incomplete. The evidence provided to states failed to give the necessary context needed to explain how certain activities aimed at adjacent, interconnected internet systems could impact election-related technology. A DHS spokesperson confirmed the department had in recent days provided clarifications to […]

The post States want more from DHS after confusing update on 2016 election hacking activity appeared first on Cyberscoop.

Continue reading States want more from DHS after confusing update on 2016 election hacking activity

Former DHS secretary issues stark warning on election cybersecurity

Former Secretary of Homeland Security Jeh Johnson on Thursday warned members of Congress that additional actions to standardize and improve the cybersecurity of state election systems must be taken before the 2018 mid-term elections and the 2020 presidential election. “National elections will be decided in key precincts in key states,” said Johnson, testifying before a task force of congressional Democrats investigating cyber threats to election infrastructure. “In other words, the integrity of our election outcomes on a national level dances on the head of a pin.” Johnson, who issued multiple public statements in the run up to the 2016 presidential election referencing attempts by Russian hackers to infiltrate election systems in dozens of states, said although he knows of no evidence that any ballots were altered, he remains very concerned about the integrity of state election systems, particularly voter registration databases. “Last years’ experience was a wake-up call,” Johnson said. […]

The post Former DHS secretary issues stark warning on election cybersecurity appeared first on Cyberscoop.

Continue reading Former DHS secretary issues stark warning on election cybersecurity

North Korean hackers came close to hacking Hillary Clinton’s presidential campaign

As part of a cyber-espionage operation against Hillary Clinton’s 2016 presidential campaign, North Korean hackers compromised email accounts belonging to individuals involved with an East Asia-focused foreign policy advisory group, multiple people familiar with the incident told CyberScoop.  The North Koreans sought to acquire policy documents and other relevant information that may have affected the regime if Clinton were to become president, the sources said. The advisory group’s job was to craft such policies. The hackers were able to break into the email accounts of employees of at least one prominent D.C.-based think tank; some of which were involved with the East Asia foreign policy advisory group. These individuals occasionally communicated with staff of the Democratic candidate’s official Hillary for America (HFA) campaign, based on an incident response report obtained by CyberScoop and authored by security experts who worked for the presidential campaign. The attackers used their access to apparently draft convincing […]

The post North Korean hackers came close to hacking Hillary Clinton’s presidential campaign appeared first on Cyberscoop.

Continue reading North Korean hackers came close to hacking Hillary Clinton’s presidential campaign

Report: Obama admin planted cyber ‘bombs’ inside Russian infrastructure

The Obama Administration reportedly planted cyber weapons within Russian infrastructure in 2016 to use in response to potential threats made by the Kremlin, according to the Washington Post. Through collaboration with members of the NSA, CIA and U.S. Cyber Command, according to the Washington Post, Obama gave his signature to a covert cyber operation designed “to be triggered remotely as part of retaliatory cyber-strike in the face of Russian aggression, whether an attack on a power grid or interference in a future presidential race.” The cyber weapons were “the digital equivalent of bombs that could be detonated if the United States found itself in an escalating exchange with Moscow,” but the project, including the “time sensitive” weapons, were never fully completed under Obama and the option for potential retaliation now rests with President Donald Trump. The Obama administration publicly announced a set of sanctions in December 2016 aimed at cracking […]

The post Report: Obama admin planted cyber ‘bombs’ inside Russian infrastructure appeared first on Cyberscoop.

Continue reading Report: Obama admin planted cyber ‘bombs’ inside Russian infrastructure

Russian hackers targeted 21 states before 2016 election, FBI still investigating

Government officials from the Department of Homeland Security and Federal Bureau of Investigations said Wednesday that election officials and systems in a total of 21 states were targeted by Russian hackers in the months preceding the 2016 presidential election. “We have evidence of election-related systems in 21 states that were targeted,” said Jeanette Manfra, acting deputy undersecretary for cybersecurity and communications at the DHS’s National Protection and Programs Directorate. The disclosure was made for the first time during a hearing held by the Senate Select Committee on Intelligence focused on Russian interference in the U.S. election. Manfra did not name the individual states which were targeted and also did not further explain the contextual definition of “targeted” in this context. She also did not say how many of the targeted states were ultimately hacked and if, for example, any data was exfiltrated in these select incidents. The “owners” of targeted […]

The post Russian hackers targeted 21 states before 2016 election, FBI still investigating appeared first on Cyberscoop.

Continue reading Russian hackers targeted 21 states before 2016 election, FBI still investigating

U.S. election software companies aren’t that worried about phishing emails

Although a recently leaked intelligence report suggested that Russian spies attempted to hack into at least one election software vendor, many of the industry’s top companies say they aren’t threatened by spear phishing emails. Prominent election software companies say that phishing emails do not present a pressing problem, even though a classified intelligence report recently published by The Intercept indicated that Russian military intelligence had previously targeted one such company. The report says Russia’s attempt to influence the U.S. voting process may have been more expansive, and revealed attempts to place malware on the computers of local government officials. Of 16 U.S. election software companies contacted by CyberScoop, four said that they had not received any phishing emails between August 2016 and June 2017, including Free & Fair, ClearBallot, Scytl and BPro Inc. Others, like Everyone Counts, reported receiving phishing emails but stressed the sufficiency of the security systems currently in place […]

The post U.S. election software companies aren’t that worried about phishing emails appeared first on Cyberscoop.

Continue reading U.S. election software companies aren’t that worried about phishing emails

Comey: Russians Targeted ‘Hundreds’ of Entities in Election Hacking

Former FBI director James Comey’s testimony is a solid reminder that the Russian hacking campaign went far beyond the Democratic National Committee and John Podesta. Continue reading Comey: Russians Targeted ‘Hundreds’ of Entities in Election Hacking

Comey: Russians Targeted ‘Hundreds’ of Entities in Election Hacking

Former FBI director James Comey’s testimony is a solid reminder that the Russian hacking campaign went far beyond the Democratic National Committee and John Podesta. Continue reading Comey: Russians Targeted ‘Hundreds’ of Entities in Election Hacking