FBI – CyberEye

Dan Gavin 16, Aug, 2024

Blog

Cyber-attacks on voting infrastructure. Is there a backup plan?

Imagine that during this upcoming election in November if no results were available until days after the election. On July 31^st the Cybersecurity and Infrastructure Security Agency (CISA), in conjunction with the Federal Bureau of Investigation (FBI) released a public service announcement stating that there is potential for a Distributed Denial of Service (DDOS) attack on election infrastructure and adjacent infrastructure that supports operations.

To better understand the situation, here is some background information. CISA was established in November 2018 to enhance the security, resilience, and reliability of the nation’s critical infrastructure. CISA is at the heart of mobilizing a collective defense to understand and manage risk to our critical infrastructure and associated National Critical Functions. Basically, CISA is charged with protecting US cyberspace as well as the nation’s critical infrastructure such as power, water, and even our elections.

A DDoS attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming it with a flood of internet traffic. Hackers do this by using many compromised computer systems as a source of attack traffic. It is like a mob of people rushing to a store to block legitimate customers from shopping. Imagine tens of thousands of computers that have been loaded with malware without the users’ knowledge. Now imagine all those computers running a program at the same time against specific sites making continuous requests against the election infrastructure.

Now back to the announcement from CISA:

“With Election Day less than 100 days away, it is important to help put into context some of the incidents the American public may see during the election cycle that, while potentially causing some minor disruptions, will not fundamentally impact the security or integrity of the democratic process,” said CISA Senior Advisor Cait Conley. “DDoS attacks are one example of a tactic that we have seen used against election infrastructure in the past and will likely see again in the future, but they will NOT affect the security or integrity of the actual election.”

CISA’s intent is to assure the public that the elections will not be affected even though there may be disruptions that may prevent the public from receiving timely information. However, if they know that adversaries may target the elections, how do they know that the elections will be safe and secure? How do they know that a DDoS against the voting tabulation network won’t block results from being collated. How do they keep a breach from occurring in the voting infrastructure? What happens if there is a major regional power outage due to cyber-attack? As we know from the CrowdStrike outage where Maricopa County’s Dominion voting machines got the blue screen of death update (see article from 2 weeks ago for more details), voting machines are on the network. Why would it just be periphery report structure and not the actual voting? As a cybersecurity professional the joint FBI and CISA statement provides more questions than answers.

Perhaps to properly secure the election system, we need to employ the same cybersecurity strategies that businesses use in case of emergencies. There should be contingency plans ready in case of a cybersecurity event. Precincts, counties and states should be ready to manually count the votes for all the races in case of a regional or national cyber-attack. The people required to perform the required functions – counters, watchers, recorders should be prepared and ready. Knowing the risks, should manual counting of paper ballots at the precinct level be the primary method with machine backup?

It seems CISA and the FBI are placating the public and telling us not to worry. Maybe they should spend more resources into hardening the infrastructure and working with the local resources on contingency planning in case of emergency.

This article was originally published in the Sierra Vista Herald found here.

Dan Gavin 14, Mar, 2024

Blog

Every Move You Make, Adware Is Watching You

How were the U.S. intelligence services able to track Vladimir Putin’s movement without a local spy, special satellites, or hacking? They simply bought advertising data for the country of Russia. Although it did not track Putin’s phone, the data tracked his entourage’s phones. The phones belonged to his drivers, security personnel, political aids and other support staff through advertising data.

With the prevalence of smartphones, who needs a map anymore? Our phones are GPS tracking devices capable of taking us anywhere in the country – just put the address into your map application and you have turn-by-turn instructions. Your phone is constantly sending your exact location to your map app … as well as almost every other application running on your phone.

There is a saying about free applications. If it’s free, then you are the product. It turns out selling your data, to include location, is a billion-dollar business called the advertising exchange. Advertisers bid on the exchange for a block of data in a particular geographic area. In 2020, for a few hundred thousand dollars a month, you could access the global feed of every phone on earth. Here’s how it works. Whether you have an iPhone or an Android phone, your device has been given an “anonymized” advertising ID. It’s a long string of numbers and letters and looks like gibberish. The advertisers don’t know your name, but they do know your location. That is helpful for them to serve up targeted ads for the local restaurants or stores. Other data includes the specifications of your device, what other applications you may have loaded on your phone, and even your browsing habits.

Even though your advertising ID is anonymized, it is relatively easy for anyone who buys the data to find out where you live, work, and shop. They can find out who you know and how often you visit them and for how long. They know what your hobbies are whether they are running, target practice, knitting, homebrewing, hiking, or biking.

The military uses of this technology are alarming. One of the companies that was developing their tools for the intelligence community began with data in the U.S. They tracked phones that were in McDill Airforce Base, FL. This is the home of the US Special Operations Command units. They watched the phones go to Canada, Turkey, and end up in a small town in Syria. Without trying, they uncovered a forward operating base of the deployed Special Forces personnel in the anti-ISIS campaign.

Some of these advertising data mining tools are being used in the United States by government agency, such as the DIA, FBI, US Customs and Border Protection, Immigration and Customs Enforcement, and the Secret Service. They would use this data for finding border tunnels, tracking down unauthorized immigrants, and trying to solve domestic crimes.

What apps can track you? Look at your privacy settings on your phone to find out.

Apple Advertising – View Ad Targeting Information is on by default which opens a wide range of information for the advertisers to see.

The biggest setting that provides advertisers your GPS location is “Location Services.” Without this, your map program will not work and many other apps that you may depend on, so it is not the greatest idea to turn this off altogether. However, you should review the apps that use it and decide for yourself what you want to share. Almost all my installed apps used to have access to my location – from weather and driving directions, to grocery stores, browsers, banking, and insurance. Set these as you see fit.

Another area inside location services is called system services. Look at those options. Significant Locations tracks your every movement. Mine is off. I would also caution against the use of the “improve analytics” for any application and “product improvement” settings. They pull even more data from your phone.

Be careful where you take your phone. Every move you make, every step you take, Adware will be watching you.

Original article can be found here.