General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsThe Microsoft security hole at the heart of Russian election hacking
Why isn't the fact that having election official's access ability during an election not equated with the ability to change vote totals? Phished election official's access codes can be used to access more than voter registration databases and delete voters. Why not just change the election results?
The Microsoft security hole at the heart of Russian election hacking
Were reliving the Visual Basic-spawned bad times of 1999
Preston Gralla - Contributing Editor, Computerworld - Jun 20, 2017
The Intercept published a top-secret National Security Agency document that shows exactly how the Russians did their dirty work in targeting election hardware and software. At the heart of the hack is a giant Microsoft security hole that has been around since before 2000 and still hasnt been closed. And likely never will.
Before we get to the security hole, heres a little background about how the Russian scheme worked, spelled out in detail by the secret NSA document. Allegedly, Russias military intelligence agency, the GRU, launched a spearphishing campaign against a U.S. company that develops U.S. election systems. (The Intercept notes that the company was likely VR Systems, a Florida-based vendor of electronic voting services and equipment whose products are used in eight states.) Fake Google Alert emails were sent from noreplyautomaticservice@gmail.com to seven of the companys employees. The employees were told they needed to immediately log into a Google website. The site was fake; when at least one employee logged in, his credentials were stolen.
Using those credentials, the GRU hacked into the election company, the NSA found, and stole documents for a second, far more dangerous spearphishing attack. In this second attack, launched either on Oct. 31 or Nov. 1, 2016, spearphishing emails were sent to 122 email addresses associated with named local government organizations, which probably belonged to officials involved in the management of voter registration systems. In other words, the Russians targeted people who maintain voter registration rolls. ..................
DK504
(3,847 posts)"At the heart of the hack is a giant Microsoft security hole that has been around since before 2000 and still hasnt been closed. And likely never will. "
Once again no one is responsible for this kind shit that happens. This has to land directly in the laps of the government, this is FEC and their incompetence. I put this on ALL the administrations refusal to make our elections safer. The state and county agencies must demand their systems be updated and secure.
Maybe the guy that built Hillary Clinton's email server could be hired to build something that can't be hacked, becasue her server was never hacked. Maybe that's why the Rethugs we so upset, no one could get in.
L. Coyote
(51,129 posts)Kinda bites you know where when the tables are turned on our own elections.
Control-Z
(15,682 posts)and also in my browser.
This appears to have the potential to give us some concrete answers.
"In this second attack, launched either on Oct. 31 or Nov. 1, 2016, spearphishing emails were sent to 122 email addresses associated with named local government organizations, which probably belonged to officials involved in the management of voter registration systems. In other words, the Russians targeted people who maintain voter registration rolls. ............."
I wanted to bold that last sentence but still no formatting options.