Salted Hash Live Blog – Election Day 2016

Election news and coverage with a security twist

1 2 Page 2
Page 2 of 2

10:30 AM EST:

On Twitter, there have been reports of power outages at polling places, but by far the largest issue this morning is broken scanners. Hundreds of voters have taken to social media to vent their frustrations over long lines and broken machines.

Here is an example from Brooklyn. The video was taken earlier this morning by Molly Rubin (@mrubez) and posted on Twitter by Beth Ponsot (@bponsot), both work for Quartz (, which is running a live blog today covering the election.

Let’s talk Spam:

Election-related spam spiked in October, which is to be expected, as criminals never fail to capitalize on current events. Symantec says they’ve caught more than eight million election-based spam emails in the last month.

The messages were mostly of the generic variety; however some of them contained malware. The malicious emails used Donald Trump as a lure, and promised “secret emails” if the user opened the attachment. Hillary Clinton was also used as a lure in August, when malicious Java files were circulated under the pretense that they were videos proving Clinton was meeting with ISIS leaders.

Earlier this morning, we talked about hacking an election in a machine vs. voter since. In a statement emailed to Salted Hash, Michael Harris, the CMO of Guidance Software, shared his views on the matter:

"The undecided voter is the target, not the voting machine. Human error, like incorrectly completing a ballot, is probably going to change more physical votes than hacking. Generally, voting machines are not connected to the Internet. Any attempt to manipulate actual machines would require massive on-the-ground coordination and would still be incredibly risky and unlikely to change the outcome of a nationwide election, with more than 100 million votes, in a meaningful way."

Compromised / Exposed Voter Data:

Last week, thirty laptops were stolen from an office in Orange County, which was occupied by Republican Assemblywoman Young Kim.

The laptops were password protected, which is to say, not-encrypted, and they held voter records and issues-based data collected during neighborhood canvassing. A spokesperson speculated that the theft was targeted, given that the offices were on the fourth floor and the equipment wasn’t visible from the outside.

In Duluth, Minnesota, a city clerk fell for a Phishing scam that compromised their email account. However, while the incident happened in August, word of the attack surfaced last week.

The account compromise could have impacted 55,184 voters, because of a registration list that was present in the compromised account. In addition, the account contained job applications for 14 people, and business records with tax ID numbers and Social Security numbers. City officials are confident the exposed voter records would have no impact on today’s election.

These two incidents are just the most recent in a number of security incidents that have impacted voter records this year. In September, MacKeeper’s Chris Vickery discovered 2.9 million Louisiana voter records. A few weeks later, he discovered more than 350,000 records for voters in Montana, New Jersey, California, and Virginia.

Earlier this year, Vickery discovered a poorly configured MongoDB instance that contained 191 million voter records. This discovery was followed by a second set of voter data, which contained detailed issued-based data on 18 million voters.

This summer, the voter registration databases in Illinois and Arizona were compromised, exposing hundreds of thousands of voters.

The concern is that the leaked or compromised voter records could be used for targeted spam or Phishing campaigns – or worse – the data could used to access registration records and alter data, which could prevent people from voting.

Fortunately, there have been no reported links between registration issues and the compromised records.

07:57 AM EST:

Heading to the polling place was an interesting adventure. It’s within walking distance of my house, so I left at shortly after the polls opened this morning at 06:00 a.m.

Given the turnout during the primaries, I wasn’t expecting much this early in the morning. However, when I arrived at 06:10, the doors were locked and there were about forty people standing around.

At 06:30, the doors were opened, and we’re told that the machine that will scan my district’s ballots is broken. The line took about thirty minutes to clear, but by the time I’d finished my ballot, the machine was fixed.

A scan of Twitter shows that there are broken systems and long lines all over the Midwest and East Coast, so voters are in for a long day.

County to pay ransom demand, after systems bricked by Ransomware:

In Madison County, Indiana, officials have said they will pay an undisclosed ransom in order to recover from a Ransomware attack, which has left county computers unusable.

Madison County Commissioner Jeff Harden told local media that investigators advised a ransom payment, but Harden didn’t disclose the reasoning behind this choice, or why backups were not an option. The county has insurance that should cover the total ransom demand, but they wouldn’t disclose the cost.

The attack happened Friday, but the county expects that systems will be restored by Wednesday.

The Ransomware attack has forced law enforcement to use pen and paper when processing inmate information at the local jail, and officers out on patrol have to contact other agencies in order to lookup a person’s criminal records. Calls to 911 are coming in normally, but police and fire have been impacted.

According to WISH TV, voting in Madison County will not be affected by this attack, and reminded viewers that county offices were closed for Election Day.

DDoS attacks disable heating in Finland: is reporting that DDoS attacks disabled heating access to at least two properties in the city of Lappeenranta, which is located in eastern part of Finland.

In both cases, the DDoS disabled the computers that controlled building heating. The attack lasted from late October until November 3.

“At this time of the year temperatures in Finland are below freezing and a long-term disruption in heat will cause both material damage as well as the need to relocate residents elsewhere. Thankfully in this case the fix was easy to do by limiting network traffic,” the post stated.

More about influence:

To continue the discussion about influence, there’s more to it than just distrust in the system. What about shaping distrust in the people who will work within, or oversee the system?

Over the last few months, a number of high-profile hacks targeting Democratic email have generated tons of news coverage. WikiLeaks has been publishing the compromised messages non-stop, exposing the inner workings of the Clinton camp, the DNC, and how they interact with the media and other top officials.

In October, the Office of the Director of National Intelligence (ODNI), citing recent Democratic Party compromises, named Russia as the likely suspect, and suggested that Guccifer 2.0 and DCLeaks were their puppets.

On Monday, Flashpoint Intelligence suggested that WikiLeaks may be a pawn – witting or unwitting – “that has been leveraged by the Russian government as an outlet for stolen information damaging to the Democratic National Party.”

 Even after WikiLeaks founder Julian Assange was punished by the Ecuadorian Embassy for the leaks, the media organization kept publishing content. But have the leaks surrounding Clinton and her inner circle had an impact? Even if Trump wins, we may never know.

Headline generating scandals and shattered faith in the system are the major types of negative influence an attacker could have on an election, another trick is to target the uninformed.

In 2008, voters in several states received text messages urging them to put off voting until November 5, due to long lines. Another scam from that year focused on 35,000 George Mason University (GMU) students, faculty and staff.

They each got an email informing them that the election had been moved to November 5, and it was sent in a way that made the message appear as if it came from the school’s provost. The university said the email was the result of someone hacking the school’s email system.

This year, Clinton supporters have reported seeing images on social media designed to look like campaign signs. The messages encourage voters to avoid the line and vote from home, adding that they can text Hillary to 59925 – something that isn’t possible in today’s election process.

The 59925 short-code is owned by iVision Mobile, and is currently linked to the Oklahoma Blood Institute.

A voter in Riviera Beach, Florida reported a possible scam after getting a text message informing her where to vote this morning. The problem is, the address was not even close to her actual polling center. She posted a warning on Facebook, and soon discovered a friend who had gotten a similar message.

06:00 AM EST:

Each update today will contain a mix of the latest election developments, and topical elements. As this update is being written, the polls are just starting to open. We'll start today's post with a question: Can you hack an election?

In October, CSO Online, along with other IDG publications, ran a series of articles on the topic.

The overall conclusion was that while possible, hacking voter systems and messing with an election would be a massive undertaking, so it’s easier to influence the election by targeting the voters themselves.

As of Monday, the Department of Homeland Security has assisted election officials in all fifty states with baseline security assessments of their systems.

The DHS assessment includes scans on internet-facing systems; on-site risk and vulnerability assessments; access to the NCCIC 24x7 incident response center; information sharing; and access to field-based cybersecurity and protective security advisers.

This is all well and good, and while assessments like this are sorely needed, the soft target isn’t a machine - it’s a person.

Donald Trump has already started the ball rolling by suggesting that if he loses key states, it’s because the election was rigged. His supporters have carried that narrative since September.

That’s influence. If a malicious actor wanted to “hack” an election, they don’t have to tamper with a machine; they just have to remove faith in the process.

Another example of this happened last Friday. A hacker going by the name Guccifer 2.0, warned that Democrats would rig the election, and asked fellow hackers to monitor things form the inside.

The security firm Cylance released a report last week disclosing a physical attack on the popular Sequoia AVC Edge voting machine.

The timing of the report couldn’t have been worse, because those who were already distrustful of the process, or concerned that the election could be hacked, now have proof it’s possible if someone has physical access to a system.

In an interview with The Verge, Katie Moussouris, founder of Luta security, and a renowned bug-bounty expert said the report’s release undermines the democratic process.

“This disclosure seems political in nature. Releasing this publicly, after DHS and states have been aware of these types of attacks for years, only serves to fuel the fires of doubting the election results. This is a case of not helping security while simultaneously undermining the democratic process.”

The video from Cylance is below:

The polls just opened here in Indiana, so this reporter is off to vote. Check back often, as there will be more updates to follow.

Copyright © 2016 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 hot cybersecurity trends (and 2 going cold)