Hackers still prowling, no Firewall in sight

russiaThere were no clocks on CNN counting down to Jeh Jonson’s appearance in front of the House Intelligence Committee in June. The former Homeland Security (DHS) chief’s testimony did not draw curious and committed spectators to pubs and coffeehouses serving spiked java or “Im-PEACH-mints” so they could watch a heavyweight showdown like the one between a sitting president and the FBI director he fired. Johnson met those low expectations while contributing little to the discussion about alleged collusion and obstruction aimed at the Trump campaign and a rookie president. He was on Capitol Hill to talk about another president who is under fire for ordering an “influence campaign” to interfere with the 2016 presidential election and defuse a related assertion. In the process Johnson reintroduced another aspect of this alleged attempt to assist the former Celebrity Apprentice host that has been relegated to the undercard of public interest by cloak-and-dagger intrigue.

Cyber-attacks aimed at private networks are not new. Several retailers have been hit — Target and Macys are two well-known examples — as have insurance providers and hospitals like Anthem Blue Cross and the UCLA Medical Center. In this context, breaches of voter registration databases in Arizona and Illinois would not be shocking, just another example of how common this kind of theft is. But the Grand Canyon state and Prairie state were not alone. By October of 2016 the reported total jumped to 21, Bloomberg News has since pegged the total at 39 states, and the hackers are not thieves looking for credit card numbers. In Illinois, intruders tried to alter or delete voter data and accessed software used by pollworkers; an unnamed state’s campaign finance records were compromised in a way that could have identified donors. These intrusions could have been a one-time effort or part of a larger campaign, but they still exposed vulnerabilities.

That campaign could have started when there was still a viable Republican field. A December 2015 piece by Forbes reporter Thomas Fox-Brewster echoed the widely-reported discovery of an Internet-connected, “leaky database” containing the names, addresses, and other relevant information regarding 191 million voters. At the time it was unclear who was responsible, but the discovery is a sign of something more important than the data, most of which is publicly available to political campaigns and advocacy groups. At its heart the hackergate story is about attacking trust in the process. The emails pilfered from Hillary Clinton’s campaign chairman and the Democrat National Committee shouldn’t have undermined it; people who believed she was two-faced and corrupt in April voted against Clinton in November. Team Trump’s dodgy answers about Russia’s role could, but not as evidence of collusion — they’re a sign the president is intent on dismissing this matter and taking shots at his predecessor.

williams-voter-registration

The Trump administration has continued to advertise its priorities by doggedly pursuing the white whale of massive vote-fraud and badgering state officials who have been reluctant to provide gigabytes of data to an “Election Integrity” commission. Colorado Secretary of State Wayne Williams was one of 37 holed up at an Indianapolis hotel in early July grappling with a different problem: they cannot get intelligence officials to identify all the states targeted. Matt Dunlap’s description was fairly blunt — the Maine secretary of state compared the silence with being tied to a chair and blindfolded. That could change after a series of private meetings between members like Dunlap and representatives of the FBI and DHS, but there is a sense that state officials need to know more than how many states were hit and which of the 50 were not. The most important revelation would have to be how the hackers broke in and what weaknesses they exploited in the process.

The clock is ticking in state capitols either way: primary elections are roughly a year away, potentially pivotal midterms will follow 16 weeks later, and there could be a sequel to hackergate. University of Michigan computer scientist Alex Halderman identified a potential point of entry that could be exploited with an infected email and spread to precincts on programmed memory cards. Halderman’s scenario is not a great threat to sates like California that use ballots and scanners; they can still verify the results without relying on digital data. The 14 states that do not are on the front lines now. Reintegrating paper-and-ink ballots with machines one consultant described as “connected to something…connected to the internet” may sound like a step backwards, but that’s the point. Ultimately, states and counties will have to take charge. That could mean hiring IT personnel or rethinking how voter registration and campaign finance data is handled and distributed. The alternative? There is always trust, in this case that the hackers won’t return. The odds of winning are better in Las Vegas.

photos courtesy of kbc.co.ke and coloradopolitics.com

Advertisements

Leave a comment

July 20, 2017 · 8:27 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s