Story image

Expert: Farce involving Russia’s US elections breach needs resolving

05 Mar 18

For quite some time there has been scandal surrounding the 2016 US Presidential election, with many believing Russia was maliciously involved.

And now multiple US officials have announced the US intelligence community had substantial evidence that state websites or voter registration systems in seven states were compromised by Russian-backed cybercriminals prior to the 2016 election – and they never told the affected states.

These states as of January 2017 were reported to have been Alaska, Arizona, California, Florida, Illinois, Texas, and Wisconsin.

Some of the breaches were more serious than others and ranged from entry into state websites to penetration of actual voter registration databases.

Washington officials were reported to have informed several of those states leading up to the election that there were foreign parties delving into their systems, but none were told that it was the Russian government.

The debate about whether or not the states were notified is ongoing with the Department of Homeland Security’s acting press secretary Tyler Houlton reporting the news to be ‘inaccurate’ and ‘misleading’ in a series of tweets.

Regardless, it’s clear that there is a relationship that needs strengthening between the federal government and state governments in the electoral area to improve cybersecurity, and the same is probably true around the world.

High-Tech Bridge CEO Ilia Kolochenko says the whole farce needs to be resolved sooner rather than later.

"If these allegations are true, we are likely dealing with an unprecedented scale of attack that deserves the most rigorous technical investigation and a proportional response. However, so far we are mainly dealing with a number of isolated, often contradictory facts and testimonies from various conflicting sources,” says Kolochenko.

“For example, the breach of a state website will unlikely have any direct consequences on the election outcomes. Many adduced facts - are excerpts from secret reports and thus can hardly be used to derive a reliable conclusion without reading the entire report.”

Kolochenko says for obvious reasons, or even technically impossible, to know who is pulling the strings of the attacks. But otherwise, such news stories may just give valuable hints to the attackers to destroy some unexpected evidence and hinder the investigation.

"The alleged interference with the elections - is a matter of public interest and society deserves to know the truth about it,” Kolochenko says.

“I think a close cooperation between federal agencies can shed some light on the scope and material consequences (if any) of the alleged attacks. In the meantime, Federal and State governments should enhance their cybersecurity strategy and urgently allocate additional budget for national defense against cyber-attacks."

How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Why data backups should be a part of daily operations
"Disaster recovery needs to address complete system failure and provide a set of security policies to govern disaster incidents."
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.