Expert Comments

Experts Reaction On CISA And FBI Rebut Reports About Hacked Voter Data On Russian Forum

Expert(s): Security Experts
Expert(s): Security Experts

CISA and the FBI have released a joint statement to reassure the public that the agencies have seen no cyberattacks on voter registration databases this year, following news reports about Michigan voter data appearing on a Russian hacking forum.

https://twitter.com/CISAgov/status/1300887388366004225

 

Experts Comments

September 03, 2020
Boris Cipot
Senior Sales Engineer
Synopsys
As technology is increasingly integrated into our lives, it can be potentially life-threatening if it is able to be misused by an attacker. For example, earlier this year, news broke around a smartwatch vulnerability where the attacker could send false messages regarding medication intake and therefore, cause an accidental overdose. Imagine all the equipment you are using or will be using in the future that is connected to a network, if not directly to the internet itself. All this equipment,.....Read More
As technology is increasingly integrated into our lives, it can be potentially life-threatening if it is able to be misused by an attacker. For example, earlier this year, news broke around a smartwatch vulnerability where the attacker could send false messages regarding medication intake and therefore, cause an accidental overdose. Imagine all the equipment you are using or will be using in the future that is connected to a network, if not directly to the internet itself. All this equipment, if developed carelessly, could cause harm or even death. Therefore, I understand why we would no longer simply issue financial penalties, but extend this to jail time as well. However, I do not believe that the idea is as cut and dry as saying that one has to go jail and that’s it. There needs to be supporting guidelines on what adequate development practices are and what is expected to be followed, in order to satisfy these security standards. I not only believe that this will be needed but also welcomed by many companies struggling today on the security compliance front. It will also be welcomed by users who will feel more secure knowing that the software or devices they use are developed under some sort of formalized standard.  Read Less
September 03, 2020
Chris Hauk
Consumer Privacy Champion
Pixel Privacy
Fortunately, the FBI and CISA didn’t find signs of a compromise in this instance, but registered voters will still need to be on the lookout for bad actors attempting to use the information gleaned from these publicly available databases to obtain even more information about their targets. It is sad to believe that in this day and age that simply registering to exercise your right to vote can make you the target of hackers.
September 03, 2020
Paul Bischoff
Privacy Advocate
Comparitech
It's remarkably easy to get one's hands on voter databases in most states. Many of them are available to the public, including Michigan. However, even though there are rules about how the data can be used, rules can be broken. Those who legitimately request voter data are responsible for securing it, and not everyone has the same standards of security. I wouldn't be surprised if we see more voter databases in the hands of foreign threat actors before the 2020 general election.
September 03, 2020
Richard Bejtlich
Principal Security Strategist
Corelight
Every election network should be instrumented with a network security monitoring platform that creates an audit record of all activity on the wire. It's not enough to install security devices that only try to stop malicious activity or create alerts on suspicious activity. It's also important to have a neutral record of how the election network was used, not only for analysis at the time of the election, but as evidence to prove in the future that the elections were not subjected to tampering.

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Expert Comments – Travis CI Flaw Reveals *All* Keys, Credentials,...

Misconfigured APIs Make-Up Two-Thirds of Cloud Breaches

Epik Data Breach- Blue Hexagon Comments

Former US Intel Operatives Fined $1.6M For Hacking For A...

Microsoft Lets Users Go Passwordless, Experts Weigh In

Security Expert Re: New OWASP Top 10 List for Application...

Microsoft Patch Tuesday Expert Commentary

Deloitte Poll: C-suite Expects Ransomware Uptick But Orgs. Aren’t Trained...

What Expert Says On The Latest OMI Vulnerability In Azure

Expert Reacted On High Severity Vulnerability Found In HP’s Popular...

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy