Story image

Expert: Farce involving Russia’s US elections breach needs resolving

05 Mar 2018

For quite some time there has been scandal surrounding the 2016 US Presidential election, with many believing Russia was maliciously involved.

And now multiple US officials have announced the US intelligence community had substantial evidence that state websites or voter registration systems in seven states were compromised by Russian-backed cybercriminals prior to the 2016 election – and they never told the affected states.

These states as of January 2017 were reported to have been Alaska, Arizona, California, Florida, Illinois, Texas, and Wisconsin.

Some of the breaches were more serious than others and ranged from entry into state websites to penetration of actual voter registration databases.

Washington officials were reported to have informed several of those states leading up to the election that there were foreign parties delving into their systems, but none were told that it was the Russian government.

The debate about whether or not the states were notified is ongoing with the Department of Homeland Security’s acting press secretary Tyler Houlton reporting the news to be ‘inaccurate’ and ‘misleading’ in a series of tweets.

Regardless, it’s clear that there is a relationship that needs strengthening between the federal government and state governments in the electoral area to improve cybersecurity, and the same is probably true around the world.

High-Tech Bridge CEO Ilia Kolochenko says the whole farce needs to be resolved sooner rather than later.

"If these allegations are true, we are likely dealing with an unprecedented scale of attack that deserves the most rigorous technical investigation and a proportional response. However, so far we are mainly dealing with a number of isolated, often contradictory facts and testimonies from various conflicting sources,” says Kolochenko.

“For example, the breach of a state website will unlikely have any direct consequences on the election outcomes. Many adduced facts - are excerpts from secret reports and thus can hardly be used to derive a reliable conclusion without reading the entire report.”

Kolochenko says for obvious reasons, or even technically impossible, to know who is pulling the strings of the attacks. But otherwise, such news stories may just give valuable hints to the attackers to destroy some unexpected evidence and hinder the investigation.

"The alleged interference with the elections - is a matter of public interest and society deserves to know the truth about it,” Kolochenko says.

“I think a close cooperation between federal agencies can shed some light on the scope and material consequences (if any) of the alleged attacks. In the meantime, Federal and State governments should enhance their cybersecurity strategy and urgently allocate additional budget for national defense against cyber-attacks."

Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.