Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Iowa Fiasco Highlights Security Risks in US Vote, Officials Say

US officials and cyber experts warned Tuesday that the voting debacle in the Democratic caucuses in Iowa underscored the vulnerabilities in the country’s election infrastructure in everything from hacking to trust-eroding conspiracy theories.

US officials and cyber experts warned Tuesday that the voting debacle in the Democratic caucuses in Iowa underscored the vulnerabilities in the country’s election infrastructure in everything from hacking to trust-eroding conspiracy theories.

The technology problems which have prevented a complete vote count in the first test for the 2020 election were founded on what experts described as a poorly-tested, poorly performing vote reporting smartphone app.

“We have every indication that our systems were secure and there was not a cyber security intrusion,” the Iowa Democratic Party said in a statement.

But specialists said that the episode has shown how vulnerable state-based voting is to unproven systems.

“Given the amount of scrutiny that we have on election security these days, this is a concerning event. It really goes to the public confidence of our elections,” acting Homeland Security Secretary Chad Wolf told Fox News.

– ‘Continuing chaos’ –

“The continuing chaos in Iowa is illustrative of our overall failure to take sufficient steps to protect the integrity of our election systems,” said Democratic Senator Mark Warner, co-chair of the Senate Cybersecurity Caucus.

“We need to look holistically at protecting the security, integrity, and resiliency of election systems — from registration systems, to e-poll books, voting machines, tabulation machines, and election night reporting systems.”

The 2016 national election hangs over the coming November presidential and Congressional contests.

The US government says Russian hackers broke into Democratic party communications and systems, stealing documents and emails which were released on WikiLeaks to embarrass the party.

The hackers, which US intelligence says were tied to Russian spy agencies, also made repeated efforts, some partly successful, to break into systems in all 50 states, according to a Senate investigation.

The activity exposed a large gulf between federal cybersecurity efforts and those in the states — where distrust of federal involvement, even assistance, was widespread.

– 2020 threat –

US intelligence officials believe that Russia and other countries are preparing to interfere in the 2020 election, from hacking to disinformation.

And weaknesses are still widespread, especially at local levels.

The McAfee cybersecurity group reported that “significant majorities” of the official election websites in the 13 states viewed as crucial battlegrounds in the presidential race had fundamental security issues.

Many of the websites do not use “https” encryption, McAfee said.

Many also do not use the US government-vetted “.gov” address which can assure users that it is an authentic election website.

Both measures help “prevent malicious actors from launching copycat web domains posing as legitimate county government sites,” McAfee said.

Out of 1,117 counties, 83 percent of websites didn’t use “.gov” and 46 percent lacked “https” protection.

Alex Stamos, director of the Stanford Internet Observatory and former Facebook security chief, describes risks from voter registration rolls to failing voting machines to the possible injection of ransomware into voting systems.

All of that, he says, can be exacerbated by online distortion and false news reporting.

“The largest external risk to American democracy is an attack that combines a technical assault against our widely distributed and poorly secured election infrastructure with disinformation that American partisans will happily amplify,” he said on Twitter Tuesday.

– ‘Rampant’ misinformation –

The issue of fake news was present Tuesday with widespread rumors and conspiracy theories swirling around the Iowa vote.

“This chaos has created an environment where misinformation is now running rampant online, further undermining confidence in the democratic process,” Warner said.

“As we get further into the 2020 primaries, what happened in Iowa is an early warning sign that Congress, local officials, and the social media platform companies have much more work to do to ensure the integrity of our elections.”

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.