In-brief: Russian hackers aren’t the biggest threat to the security and integrity of elections says Bev Harris of Black Box Voting. Instead, it’s a more common enemy: run of the mill political corruption, mostly at the local level. Also: Eric Hodge of CyberScout talks about the challenges of helping states secure their election systems. Problem number one: recalcitrant voting machine makers.
With DEFCON’s Voting Village in the rear view mirror, Security Ledger Editor in Chief Paul Roberts talks about the security of elections systems with two experts: Bev Harris, the founder of Black Box Voting, and Eric Hodge, the director of consulting at CyberScout, which is working with the Board of Elections in Kentucky and in other states to help secure elections systems.
Policy makers may worry about so-called “Black Swan” events – low probability occurrences that ‘nobody saw coming.’ But is it ever the case that things happen that nobody saw coming? Our guest on this week’s podcast would say “no.” He is Richard Clarke, a former National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the United States and a veteran of four administrations, from President Ronald Reagan through to President George W. Bush. In his new book, Warnings: Finding Cassandras to Stop Catastrophes, Richard and co-author R.P. Eddy interview people who warned fruitlessly about pending disasters like 9/11 and the Fukashima nuclear power plant, as well as those who are warning us today about threats that elected officials, government experts and policy makers are ignoring.
Hackers working on behalf of the government of Iran are using alluring social media profiles featuring a young, English photographer to entice and then compromise the systems of high value targets in the oil and gas industry, according to a report by Dell Secureworks. In a report released on Thursday, Secureworks’ Counter Threat Unit (CTU) said that it observed an extensive phishing campaign beginning in January and February 2017 that used a polished social media profile of a young, English woman using the name “Mia Ash” to conduct highly targeted spear-phishing and social engineering attacks against employees of Middle Eastern and North Africa firms in industries like telecommunications, government, defense, oil and financial services. The attacks are the work of an advanced persistent threat group dubbed COBALT GYPSY or “Oil Rig” that has been linked to other sophisticated attacks. The attacks, which spread across platforms including LinkedIn and Facebook, as […]
In-brief: Machine learning is all the rage in the information security industry. But a study by Endgame and University of Virginia suggests that it may be vulnerable to manipulation by sophisticated AI-driven tools.
