Volume 8
fully trusted reality anywhere, not just in the US.
Elections have several stages, and each of them
carries risks.
And few elections don’t include interested parties
with a vested interest in the outcome, whether it
is a local election or a large national election with
sweeping international implications, and the motivation to circumvent the law to achieve their objective.
The challenge with campaigns is sometimes re-
Oct/Nov 2016 Edition
Phishing attempts also spike around campaigns,
especially highly polarizing ones. Since phishing
attacks are a common entry point for breaking into
networks, sending out clickbait emails about candidates is a great way to trick a user into clicking
a link.
Voter systems are ideal sources for this sort of nefarious data
collection initiative
ferred to as the “weakest link” model
During the campaign season, candidates build
huge databases of voters, run internal polls, vet
and process policies, messaging, and positions,
analyze potential voter feedback, and solicit and
manage contributions.
Election campaigns are a goldmine of information
for opposing candidates, nation states w ith a vested interest in election outcomes, hacktivists, and
cybercriminals looking to access the personal information of financial supporters.
The challenge with campaigns is sometimes referred to as the “weakest link” model.
While a national campaign may have secured their
headquarters (though news of breaches this US
election cycle suggest that may not always be the
case), local offices that share data with the national
organization often do not have the IT staff or skills
to ensure they don’t become a point of compromise.
Hackers don’t need to break in through the hardened front door when there are so many potentially
soft back doors to choose from, as the hacks that
have plagued the Democratic National Committee
this year demonstrate.
Hacking Voting Machines
For many countries, the election process itself is
subject to a high degree of risk, whether it involves
tampering with voting machines, unscrupulous
vote counters, or simply hiding the vote tabulation
process from oversight and public scrutiny.
But even in the most democratically advanced
countries, many electronic voting systems are very
outdated and lack even basic security controls.
Of course, this isn’t a new problem. We were talking about this in the US during last election, calling
for a technology overhaul.
But even though researchers demonstrated that
tampering with the software used by some voting
machines is actually quite trivial, four years later
nothing has been done.
One (fortunate) problem is that we didn’t see many
breaches in the last elections. So like many companies, until there is a major breach or impact on
the service, we will likely continue to do the bare
minimum.
Of course, 75 percent of votes in the US are cast
using paper ballots.
In addition, many electronic machines print a ballot so that there’s a paper trail to compare results
against.
23