Bots & Ballots Make A Sophisticated Threat

The recent indictment of 12 Russian intelligence officers seeking to influence the outcome of the 2016 presidential election may have come as a surprise to many US citizens. But a leading cybersecurity expert believes it shows just how sophisticated the threat is to democracy.

“One of the most striking things in the indictment is really how much of a campaign it is, and how many hundreds of people and how much of an assembly line operation it is. And that speaks to the nature of the hacking and what it really takes to be successful,” Oren Falkowitz, CEO of cybersecurity firm Area 1 Security, told Yahoo News’ podcast

“Bots & Ballots.” “Cyber offensive operations, or stealing or hacking, it’s a numbers game and it requires large campaigns. We often talk about these things as if they’re ultra-targeted, and that’s simply not the case.”

Falkowitz, who held senior positions at the National Security Agency, told TV show “Bots & Ballots” host Grant Burningham that the threat from bad “cyber actors” is continually evolving.

“The goals have really shifted significantly, from website defacement to stealing data to manipulating data to some sort of financial gain to now larger and more thematic or outcomes that really challenge society, like elections,” Falkowitz said.

At the same time, however, the Justice Department indictment showed what Falkowitz knew all too well. Hillary Clinton’s campaign chairman John Podesta was hacked because he fell for a phishing expedition disguised as a Google login page.

“That is a technique that is used by all cyber actors; over 95 percent of the campaigns start with these types of phishing,” Falkowitz said. “Sometimes it looks like it comes from the CEO and it says, ‘Hey, could you call me,’ or ‘Could you send me this?’ So there’s a variety of lures or visual or authentic cues, but it’s always targeting a user.”

Having broken into Podesta’s computer and the DNC’s server, the Russian agents are alleged to have launched a variety of tools to widen what Falkowitz calls “data access” to further compromise Clinton’s presidential bid.

The operation played out in a predictable way, Falkowitz says, but it shows just how effective the hacking techniques are. More worrisome is just how vulnerable elections in the United States remain.

“There’s a lot of discussion about what might happen from a cybersecurity perspective in the 2018 midterms and the 2020 presidential election just following that,” Falkowitz said.

“And, as of late, what I’ve been observing is that people are talking about voting machines and some of the infrastructure that’s run on a state-by-state basis. But candidates are increasingly targets for these types of cyber-campaigns, and we’re not doing enough early to get in front of it and we’re likely to see more of this going forward. I think we really only saw the tip of the iceberg.”

Yahoo Finance

You Might Also Read:

The Mueller Investigation Identifies Russian Spies:

Hillary Clinton’s Cyber Warfare Warning:

« COSCO Cyber Attack And The Importance Of Maritime Cybersecurity
Law Firms Are Uneducated & Exposed »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CERT.br

CERT.br

The Brazilian national Computer Emergency Response Team

AEI Cybersecurity

AEI Cybersecurity

AEI brings together companies, Research Centres, Universities, and other organizations interested in promoting new cybersecurity technologies.

Global Station for Big Data & Cybersecurity (GSB)

Global Station for Big Data & Cybersecurity (GSB)

GSB is an interdisciplinary research hub to cover big data, information networks, and cybersecurity.

Komodo Consulting (KomodoSec)

Komodo Consulting (KomodoSec)

Komodo Consulting specializes in Penetration Testing and Red-Team Excercises, Cyber Threat Intelligence, Incident Response and Application Security.

Claranet

Claranet

Claranet are experts in modernising and running critical applications and infrastructure through end-to-end professional services, managed services and training.

Cycuity

Cycuity

Cycuity (formerly Tortuga Logic) is a cybersecurity company that is transforming the way we secure silicon with comprehensive hardware security assurance.

Deep Mirror Automotive Cybersecurity

Deep Mirror Automotive Cybersecurity

Deep Mirror Automotive Cybersecurity make Cars & Infrastructures Cybersecure.

Diateam

Diateam

Diateam is an R&D company specializing in computer security. Diateam develops highly innovative cyber range platforms and Industry-leading systems for cybersecurity training and testing labs.

Curtail

Curtail

Curtail keeps businesses running by using live traffic analysis to identify defects before software goes live, and detect and isolate security threats before they impact systems.

L3Harris Technologies

L3Harris Technologies

L3Harris Technologies is a global aerospace and defense technology innovator, delivering solutions to meet mission-critical needs across air, land, sea, space and cyber domains.

AutoRABIT

AutoRABIT

AutoRABIT provides DevSecOps tools built specifically for Salesforce developers to increase release velocity, produce consistently high-quality code, and enhance data security.

CorePLUS Technologies

CorePLUS Technologies

CorePlus solutions are designed to empower organizations with the tools they need to ensure the utmost protection for their assets, people, and information.

BeamSec

BeamSec

BeamSec is a cybersecurity solutions provider committed to addressing the human element of risk against the evolving landscape of email-based cyber threats.

Vivid Computing Solutions

Vivid Computing Solutions

At Vivid Computing Solutions we provide comprehensive solutions that keep your business running efficiently and securely.

EpicCyber

EpicCyber

Since 2011, Epic Cyber has pioneered the integration of enterprise cloud technology.