News has broken that the Democratic National Committee thwarted an attempted hack of its massive voter database, two years after Russian operatives sent the party into disarray by breaking into its computers and facilitating the release of tens of thousands of emails online amid the presidential election.
DNC security contractors notified the party Tuesday that hackers had created a fake login page to gather usernames and passwords in an effort to gain access to the Democratic Party’s voter file, a party official said. The file contains information on tens of millions of voters. The attempt was quickly thwarted by suspending the attacker’s account, and no information was compromised, the official said. The FBI was notified. IT security experts commented below.
Pravin Kothari, CEO at Cloud Security Vendor CipherCloud:
“The DNC recently announced that a suspected hack was merely an unauthorized test. Of course, it is ridiculous that a third party decided to “test” someone else’s defense without authorization. We’ll have to wait and see how law enforcement reacts to this unknown party’s “unauthorized test.” There is more to this adventure, perhaps, than we know today.
Unauthorized (and mysterious) tests aside, the DNC security operations team and other organizations responsible for acquiring voting software need to take immediate steps to add necessary resilience to their voting systems and election databases. These systems require substantial hardening of the cyber defense at all levels, given they are receiving the attention of nation-state attackers.
Recommended actions for voter database protection
There are many types of voting software. They are all not designed the same. Consider an independent 3rd party review of your top choices for vendor software systems. Penetration test your selected vendor’s voting systems using an independent tester and then request necessary remediation from the voting system vendor. Consider the use of continuous security validation technology for the identification and remediation of misconfigurations, vulnerabilities, and more.
The use of Zero Trust policies is also an essential component of hardening both the systems and the policies that govern their use. Mandate that all access to the vendor voting systems by any party must be two-factor authenticated, without exception. Further, all internal databases, especially those used in voting systems that use the cloud, should be encrypted using a end-to-end “edge” encryption. Finally, restrict all access to the voting networks, by vendors, developers, managers, etc. to only clients acquired solely for that purpose. Don’t let anyone bring their own device and connect it to the network.
Backup of data is essential such that the integrity of the election is never in jeopardy or doubt. The best way to do this is to retain a paper audit trail of voter activity.
Full and open disclosure is now required by voting system vendors. Vendors that supply voting systems must notify all relevant parties within hours of a suspected cyberattack. These voting systems have become critical national infrastructure and should be treated as such.”
Ross Rustici, Senior Director, Intelligence Services at Cybereason:
“The attempt on the DNC voter database is another in the long line of doppelganger domains used for spearphishing and harvesting of credentials. The data housed in these types of databases would be incredibly useful, both for domestic opposition research as well as for foreign intelligence and counterintelligence purposes. This type of prep work by hackers is likely to continue, and it is a good sign that these websites are being detected before they appear to be in use. The efficacy of this type of credential theft is greatly mitigated by use of two-factor authentication and other identity management tools.”