2016: The year of election tampering?

Justin Fier, Director of Cyber Intelligence | Friday November 4, 2016

After the high-profile hack of the Democratic National Committee, and after attacks on voter registration databases in 20 states, these fears are certainly justified. After all, we live in a new era of threat, where foreign powers don’t hesitate to use cyber-tools for economic and political gain. The White House has now formally blamed Russia for the DNC hack, but they’re hardly the only nation-state willing to engage in cloak-and-dagger cyber-warfare.

Further complicating matters is that our voting machines are in desperate need of an overhaul. In 2006, computer scientists proved that in less than a minute, an e-voting machine could be hacked and installed with vote-changing malware, and it can even be done remotely. But intentional manipulation may not even be our biggest concern — in 2004, North Carolina lost 4,438 votes because of a system error.

If you’re thinking paper ballots are the answer, I don’t blame you. Most states would agree: only five states currently use digital voting alone, and 75 percent of all voting is done on paper ballots.

But after the 2000 election, when the infamous ‘hanging chads’ forced millions of votes to be invalidated, it became clear that paper ballots are not only cumbersome, but inaccurate. Two years later, Congress passed the Help America Vote Act and introduced digitized voting and registration databases across America. Unfortunately, the new machines were plagued with errors, and many of them are still in use today.

Growing concern over election tampering prompted 33 state election agencies to petition the Department of Homeland Security for aid. The DHS responded by offering “cyber hygiene scans on Internet-facing systems as well as risk and vulnerability assessments.”

This is a good start, but hardly a long-term solution. Cyber-security for the future has to go beyond one-off scans and retrospective assessments. The answer has to involve intelligently monitoring and analyzing millions of devices — from voting machines to vulnerable IoT devices — in order to mitigate risk from unknown threats. Whether it be a state-sponsored hack or tampering from a politically motivated insider, the integrity of our elections is at stake, and its security deserves the utmost attention.

To hear more of my thoughts on the modern threat landscape, sign up for my webinar on November 9.

Justin Fier

Justin is one of the US’s leading cyber intelligence experts, and holds the position of Director for Cyber Intelligence & Analytics at Darktrace. His insights on cyber security and artificial intelligence have been widely reported in leading media outlets, including the Wall Street Journal, CNN, The Washington Post, and VICELAND. With over 10 years of experience in cyber defense, Justin has supported various elements in the US intelligence community, holding mission-critical security roles with Lockheed Martin, Northrop Grumman Mission Systems and Abraxas. Justin is also a highly-skilled technical specialist, and works with Darktrace’s strategic global customers on threat analysis, defensive cyber operations, protecting IoT, and machine learning.

6 emerging cyber-threats you didn’t see in the news

Justin Fier, Director of Cyber Intelligence | Monday October 24, 2016

But what about the attacks that never make the news?

Here at Darktrace, our worldwide deployments find early-stage threats every day. While these developing threats never make the headlines, they often emerge in fascinating and unexpected ways.

Here’s a selection of what we’ve found for our customers:

  1. An attacker hacked into a biometric fingerprint scanner used for physical access at a major manufacturing company.
    This company used network-connected fingerprint scanners, allowing the attacker to use Telnet connections and default credentials to gain access. There were strong indiciators that the attacker was able to use the device to breach other servers.
  2. A cyber-criminal gained access to a video conferencing system of a multi-national corporation.
    Using a backdoor Trojan Horse, the attacker used six external computers to collect data from the camera, presumably in an attempt to steal video from confidential meetings.
  3. A new strain of malware forced the computers of a security company to visit explicit websites.
    Using random, algorithmically-generated websites, the attackers tried to plant incriminating evidence on the network by generating illegal web activity.
  4. A threat-actor hacked a ‘Lost and Found’ computer at a major European airport.
    To gain entry, the attacker used DNS servers, an essential capability for internet communication though rarely used for information transfer.
  5. A hacker tried to compromise an industrial power network using default codes.
    After penetrating the SCADA energy network, the attacker tried to establish a remote control link by using access codes listed as factory defaults online.
  6. A phishing email launched a ransomware attack on a non-profit charity.
    Using a fake email, the attacker claimed to have an invoice from a legitimate supplier. The attached pdf contacted a server in Ukraine and downloaded malware attempting to encrypt the non-profit’s network.

Our ‘immune system’ technology caught each attack at an extremely early stage, giving us a rare look at how modern threats are able to bypass legacy systems. Traditional security solutions can only detect attacks with pre-determined signatures. But in each case, threat-actors used signature-less attacks to blend into the noise of the network.

By harnessing the power of unsupervised machine learning, the Enterprise Immune System learned ‘normal’ for each of these networks, and detected the threats as anomalous behavior. Our threat analysts then determined the nature of the attack and counseled the organization to take appropriate action.

If you’re interested in learning the full story behind these emerging cyber-threats, check out our Threat Use Cases page.

We look forward to sharing more of our industry insights with you in the future.

Justin Fier

Justin is one of the US’s leading cyber intelligence experts, and holds the position of Director for Cyber Intelligence & Analytics at Darktrace. His insights on cyber security and artificial intelligence have been widely reported in leading media outlets, including the Wall Street Journal, CNN, The Washington Post, and VICELAND. With over 10 years of experience in cyber defense, Justin has supported various elements in the US intelligence community, holding mission-critical security roles with Lockheed Martin, Northrop Grumman Mission Systems and Abraxas. Justin is also a highly-skilled technical specialist, and works with Darktrace’s strategic global customers on threat analysis, defensive cyber operations, protecting IoT, and machine learning.