Salted Hash Live Blog – Election Day 2016

Salted Hash will be providing continuous coverage of today’s election. From the time the polls open in the east, until the election is called later this evening, we’ll keep things updated with the latest news and analysis, as well as a recap of related events.

This year’s election is one of the first in living memory (for me anyway) where the topic of hacking isn’t just a passive subject – it’s a reality. Throughout 2016, someone (the top suspect is Russia) has been hacking political targets in the Democratic Party and it’s clear the goal is disruption.

This year the fear of security incidents, including network compromise or denial-of-service, are stacked-up alongside concerns over voter suppression and rigged counts, which has voters, pundits, and election officials on edge.

0320 AM EST (November 9):

As mentioned earlier, the concerns over DDoS attacks or other Election Day problems never really presented themselves, and that’s a good thing.

Research released by Biscom earlier this week showed that 14-percent of the registered voters who responded to questions believed the election would be hacked. Another 28-percent believed it was a possibility.

Earlier this evening, in an emailed statement, someone who knows a thing or two about the topic commented on the state of voting systems and probability of hacking the vote.

“Voting computers have been shown to be very vulnerable​if you have physical access to them,” commented Tenable Network’s Strategist, better known to some as Space Rogue.

“There are over 9,000 jurisdictions and a handful of different types of equipment, which makes the probability of swaying a​national​election extremely low. These variables help promote the resilience​and integrity​of our electoral system. In addition to getting unobserved physical access to a voting computer for several minutes, an attacker would also need to execute the attack in such a way that any vote manipulation would go unnoticed.

“While most voting computers do provide a paper audit trail there are additional checks and balances in the process for those systems that don’t. It is extremely unlikely that anyone would be able to sway a national election by tampering with voting computers well enough that it went unnoticed. No matter what happens, starting on November 9th, we need to work on improving the overall security of our voting process.”

0300 AM EST (November 9):

During Trump’s acceptance speech, someone in the crowd shouted what sounded like “Kill Obama!” – but a watching the speech a second time makes it sound like “repeal Obama!”

Listen for yourself, the call is at 09:48 in this video.

The possibility of such a hateful sentiment reminded me of something captured by a Reuters photographer earlier this week:

REUTERS/Jonathan Ernst

0231 AM EST (November 9):

The Associated Press is calling the election for Donald Trump:

0230 AM EST (November 9):

A statement released by Julian Assange addresses some of the questions surrounding the publication of Democratic documents and emails (such as those from John Podesta), which many said were a direct attempt to influence the election.

“The right to receive and impart true information is the guiding principle of WikiLeaks—an organization that has a staff and organizational mission far beyond myself. Our organization defends the public’s right to be informed. This is why, irrespective of the outcome of the 2016 U.S. Presidential election, the real victor is the U.S. public, which is better informed as a result of our work,” Assange said.

“At the same time, we cannot publish what we do not have. To date, we have not received information on Donald Trump’s campaign, or Jill Stein’s campaign, or Gary Johnson’s campaign or any of the other candidates that fulfills our stated editorial criteria. As a result of publishing Clinton’s cables and indexing her emails we are seen as domain experts on Clinton archives. So it is natural that Clinton sources come to us.”

The full statement is online.

0200 AM EST (November 9):

It’s early morning on Wednesday here in Indiana. John Podesta, Chairman of the Clinton campaign, is saying goodnight to supporters – encouraging them to go home and get sleep, as the Clinton team will have nothing further to say until all the votes are counted.

Podesta is also known as one of the political giants to have been hacked this year, resulting in the public exposure of thousands of emails, offering deep insight into the Clinton camp.

So while the world watches the election move into the early hours of a new day, some voters are viewing the results with a mixture of shock and fear.

The predicted DDoS attacks are a thing of the past now. No one is concerned with them, because the reality of a President Trump – backed by a Republican controlled House and Senate – is chilling.

Democrats are watching their hopes fade, and the markets fall, as Donald Trump flips states that were lost by the Republicans in 2012, putting Hillary Clinton in a position to where she needs to win all of the remaining states in order to become the 45^th President of the United States.

While listening to the news, someone pointed out an interesting item on Twitter – the fake Rudolph Giuliani account. Normally parody accounts are amusing, but sometimes they’re used to promote a topic or agenda.

Here, @rudygiulianiGOP provides a good example of how social media can drive people and issues. Early on the account was tweeting pro-Trump propaganda to the delight of his supports. Then, as the race started to wind-down, the account flipped, and expressed dismay at the results.

6:52 PM EST:

There are reports of an active shooter in a suburb of Los Angeles. LA County Sheriff’s Department said they are dealing with a single, heavily armed suspect.  According to the LA Times, one person was killed and three others were injured. The shooting took place near a polling location in Azusa.

5:00 PM EST:

Well, things are still quiet, but that is changing. Earlier this afternoon, someone posted an image showing high-levels of latency on CenturyLink and Level3. This isn’t proof of anything, but it is something worth watching. However, as this update is being written, Rook’s SOC was able to confirm that there were issues with Level3 in the North East and West Coast.

There were also reports of people who went to polls in California, only to discover that someone had stolen their ID and used it to vote by mail. According to an image of a text conversation, such incidents have been “happening a lot today.”

3:30 PM EST

Salted Hash has spent most of the afternoon at Rook Security’s SOC, watching various channels and chatting with those watching the day’s events unfold.

This afternoon has been, for the most part, quiet. At least as far as security issues are concerned. There have been no confirmed reports of DDoS attacks, or other threats. Given the fears and hype surrounding the day, this is a good thing.

When it comes to glitches and errors however, the day has been filled with frustrating examples. In Durham, North Carolina, officials requested polling extensions after a failure in the electronic voter check-in system required the county to switch to paper roll books.

With luck things will stay quiet.

Earlier updates can be located on page two.

10:30 AM EST:

On Twitter, there have been reports of power outages at polling places, but by far the largest issue this morning is broken scanners. Hundreds of voters have taken to social media to vent their frustrations over long lines and broken machines.

Here is an example from Brooklyn. The video was taken earlier this morning by Molly Rubin (@mrubez) and posted on Twitter by Beth Ponsot (@bponsot), both work for Quartz (qz.com), which is running a live blog today covering the election.

Let’s talk Spam:

Election-related spam spiked in October, which is to be expected, as criminals never fail to capitalize on current events. Symantec says they’ve caught more than eight million election-based spam emails in the last month.

The messages were mostly of the generic variety; however some of them contained malware. The malicious emails used Donald Trump as a lure, and promised “secret emails” if the user opened the attachment. Hillary Clinton was also used as a lure in August, when malicious Java files were circulated under the pretense that they were videos proving Clinton was meeting with ISIS leaders.

Earlier this morning, we talked about hacking an election in a machine vs. voter since. In a statement emailed to Salted Hash, Michael Harris, the CMO of Guidance Software, shared his views on the matter:

“The undecided voter is the target, not the voting machine. Human error, like incorrectly completing a ballot, is probably going to change more physical votes than hacking. Generally, voting machines are not connected to the Internet. Any attempt to manipulate actual machines would require massive on-the-ground coordination and would still be incredibly risky and unlikely to change the outcome of a nationwide election, with more than 100 million votes, in a meaningful way.”

Compromised / Exposed Voter Data:

Last week, thirty laptops were stolen from an office in Orange County, which was occupied by Republican Assemblywoman Young Kim.

The laptops were password protected, which is to say, not-encrypted, and they held voter records and issues-based data collected during neighborhood canvassing. A spokesperson speculated that the theft was targeted, given that the offices were on the fourth floor and the equipment wasn’t visible from the outside.

In Duluth, Minnesota, a city clerk fell for a Phishing scam that compromised their email account. However, while the incident happened in August, word of the attack surfaced last week.

The account compromise could have impacted 55,184 voters, because of a registration list that was present in the compromised account. In addition, the account contained job applications for 14 people, and business records with tax ID numbers and Social Security numbers. City officials are confident the exposed voter records would have no impact on today’s election.

These two incidents are just the most recent in a number of security incidents that have impacted voter records this year. In September, MacKeeper’s Chris Vickery discovered 2.9 million Louisiana voter records. A few weeks later, he discovered more than 350,000 records for voters in Montana, New Jersey, California, and Virginia.

Earlier this year, Vickery discovered a poorly configured MongoDB instance that contained 191 million voter records. This discovery was followed by a second set of voter data, which contained detailed issued-based data on 18 million voters.

This summer, the voter registration databases in Illinois and Arizona were compromised, exposing hundreds of thousands of voters.

The concern is that the leaked or compromised voter records could be used for targeted spam or Phishing campaigns – or worse – the data could used to access registration records and alter data, which could prevent people from voting.

Fortunately, there have been no reported links between registration issues and the compromised records.

07:57 AM EST:

Heading to the polling place was an interesting adventure. It’s within walking distance of my house, so I left at shortly after the polls opened this morning at 06:00 a.m.

Given the turnout during the primaries, I wasn’t expecting much this early in the morning. However, when I arrived at 06:10, the doors were locked and there were about forty people standing around.

At 06:30, the doors were opened, and we’re told that the machine that will scan my district’s ballots is broken. The line took about thirty minutes to clear, but by the time I’d finished my ballot, the machine was fixed.

A scan of Twitter shows that there are broken systems and long lines all over the Midwest and East Coast, so voters are in for a long day.

County to pay ransom demand, after systems bricked by Ransomware:

In Madison County, Indiana, officials have said they will pay an undisclosed ransom in order to recover from a Ransomware attack, which has left county computers unusable.

Madison County Commissioner Jeff Harden told local media that investigators advised a ransom payment, but Harden didn’t disclose the reasoning behind this choice, or why backups were not an option. The county has insurance that should cover the total ransom demand, but they wouldn’t disclose the cost.

The attack happened Friday, but the county expects that systems will be restored by Wednesday.

The Ransomware attack has forced law enforcement to use pen and paper when processing inmate information at the local jail, and officers out on patrol have to contact other agencies in order to lookup a person’s criminal records. Calls to 911 are coming in normally, but police and fire have been impacted.

According to WISH TV, voting in Madison County will not be affected by this attack, and reminded viewers that county offices were closed for Election Day.

DDoS attacks disable heating in Finland:

Metropolitan.fi is reporting that DDoS attacks disabled heating access to at least two properties in the city of Lappeenranta, which is located in eastern part of Finland.

In both cases, the DDoS disabled the computers that controlled building heating. The attack lasted from late October until November 3.

“At this time of the year temperatures in Finland are below freezing and a long-term disruption in heat will cause both material damage as well as the need to relocate residents elsewhere. Thankfully in this case the fix was easy to do by limiting network traffic,” the post stated.

More about influence:

To continue the discussion about influence, there’s more to it than just distrust in the system. What about shaping distrust in the people who will work within, or oversee the system?

Over the last few months, a number of high-profile hacks targeting Democratic email have generated tons of news coverage. WikiLeaks has been publishing the compromised messages non-stop, exposing the inner workings of the Clinton camp, the DNC, and how they interact with the media and other top officials.

In October, the Office of the Director of National Intelligence (ODNI), citing recent Democratic Party compromises, named Russia as the likely suspect, and suggested that Guccifer 2.0 and DCLeaks were their puppets.

On Monday, Flashpoint Intelligence suggested that WikiLeaks may be a pawn – witting or unwitting – “that has been leveraged by the Russian government as an outlet for stolen information damaging to the Democratic National Party.”

 Even after WikiLeaks founder Julian Assange was punished by the Ecuadorian Embassy for the leaks, the media organization kept publishing content. But have the leaks surrounding Clinton and her inner circle had an impact? Even if Trump wins, we may never know.

Headline generating scandals and shattered faith in the system are the major types of negative influence an attacker could have on an election, another trick is to target the uninformed.

In 2008, voters in several states received text messages urging them to put off voting until November 5, due to long lines. Another scam from that year focused on 35,000 George Mason University (GMU) students, faculty and staff.

They each got an email informing them that the election had been moved to November 5, and it was sent in a way that made the message appear as if it came from the school’s provost. The university said the email was the result of someone hacking the school’s email system.

This year, Clinton supporters have reported seeing images on social media designed to look like campaign signs. The messages encourage voters to avoid the line and vote from home, adding that they can text Hillary to 59925 – something that isn’t possible in today’s election process.

The 59925 short-code is owned by iVision Mobile, and is currently linked to the Oklahoma Blood Institute.

A voter in Riviera Beach, Florida reported a possible scam after getting a text message informing her where to vote this morning. The problem is, the address was not even close to her actual polling center. She posted a warning on Facebook, and soon discovered a friend who had gotten a similar message.

06:00 AM EST:

Each update today will contain a mix of the latest election developments, and topical elements. As this update is being written, the polls are just starting to open. We’ll start today’s post with a question: Can you hack an election?

In October, CSO Online, along with other IDG publications, ran a series of articles on the topic.

The overall conclusion was that while possible, hacking voter systems and messing with an election would be a massive undertaking, so it’s easier to influence the election by targeting the voters themselves.

As of Monday, the Department of Homeland Security has assisted election officials in all fifty states with baseline security assessments of their systems.

The DHS assessment includes scans on internet-facing systems; on-site risk and vulnerability assessments; access to the NCCIC 24×7 incident response center; information sharing; and access to field-based cybersecurity and protective security advisers.

This is all well and good, and while assessments like this are sorely needed, the soft target isn’t a machine – it’s a person.

Donald Trump has already started the ball rolling by suggesting that if he loses key states, it’s because the election was rigged. His supporters have carried that narrative since September.

That’s influence. If a malicious actor wanted to “hack” an election, they don’t have to tamper with a machine; they just have to remove faith in the process.

Another example of this happened last Friday. A hacker going by the name Guccifer 2.0, warned that Democrats would rig the election, and asked fellow hackers to monitor things form the inside.

The security firm Cylance released a report last week disclosing a physical attack on the popular Sequoia AVC Edge voting machine.

The timing of the report couldn’t have been worse, because those who were already distrustful of the process, or concerned that the election could be hacked, now have proof it’s possible if someone has physical access to a system.

In an interview with The Verge, Katie Moussouris, founder of Luta security, and a renowned bug-bounty expert said the report’s release undermines the democratic process.

“This disclosure seems political in nature. Releasing this publicly, after DHS and states have been aware of these types of attacks for years, only serves to fuel the fires of doubting the election results. This is a case of not helping security while simultaneously undermining the democratic process.”

The video from Cylance is below:

The polls just opened here in Indiana, so this reporter is off to vote. Check back often, as there will be more updates to follow.