Feb 10, 2020

Analysis | The Cybersecurity 202: Democrats fret about another tech disaster in Nevada caucuses following the mess in Iowa

By Joseph Marks

Precinct captain Carl Voss of Des Moines displays the Iowa Democratic Party caucus reporting app. (Nati Harnik/AP)
Democrats who are still reeling from last week’s Iowa debacle are increasingly worried about another technology disaster in the next caucus state: Nevada.
Nevada Democrats initially forswore using apps after a coding error and rushed design choices threw the Iowa contest into chaos. They backpedaled over the weekend, though, and said precinct leaders will be given an iPad-based tool to sync early voters’ preferences with choices from people who come to the Feb. 22 caucuses, the Nevada Independent’s Megan Messerly reported.
And in an echo of Iowa that is giving heartburn to some, the state party hasn’t said who built the app or how it’s being tested and vetted for security vulnerabilities.
“I volunteered to do this because I’m a loyal Democrat, and there’s nothing more I want to do than defeat Donald Trump,” Seth Morrison, a caucus volunteer, told Megan. “But if we allow this to go down and it’s another Iowa, what does this do for my party?”
The concerns come as Democrats are struggling to prove they have the tech and cybersecurity savvy to endure another presidential race four years after Hillary Clinton’s campaign was upended by a Russian hacking and disinformation campaign focused on smearing her and aiding Donald Trump.
The chaos in Iowa — which officials say was caused by shoddy technology rather than hacking — was a major blow to Democrats, and another chaotic night in Nevada could do lasting damage to the party.
Nevada is already working with one strike against it because officials there were initially planning to use an app designed by Shadow Inc. to report results -- the same company launched by veterans of Clinton’s 2016 campaign that botched the Iowa count. And before Nevada officials jettisoned those plans, the app was already failing in beta tests, Joseph Cox at Motherboard reported.
Democratic strategist Simon Rosenberg called it “jaw dropping” that Nevada officials were planning to use an app that was malfunctioning that close to their caucus and called for an independent investigation.
Missed this story ­čĹç about the Nevada Shadow app also not working just a few days ago.
Just jawdropping that this close to the caucus the thing still wasn’t working.
DNC must allow independent investigation into what happened, and release it to the public. https://t.co/dSj8x9Upkk
— Simon Rosenberg (@SimonWDC) February 9, 2020
In post-caucus audits, security experts determined the Iowa app was not only buggy but also had serious security vulnerabilities, Jack Gillum and Jessica Huseman at ProPublica reported. The Iowa Democratic Party released corrected results from that race last night — nearly a week after caucus night — showing former South Bend, Ind., mayor Pete Buttigieg maintaining a narrow lead over Sen. Bernie Sanders (I-Vt.) in delegates.
Nevada party officials unveiled the new digital tallying system — which they insisted should be described as a “tool” rather than an “app” — in a video message to volunteers Saturday, Megan reported.
“What we’ve done after Iowa is consult with a group of tech and security folks who are helping us through this process and making sure that we’re doing this in a way that is simple and efficient and secure for all of you so that we’re giving you the best tools we can...on caucus day,” a staffer said in that video.
Volunteers told Megan, though, that they “got very little information” about how the app will work and no hands-on training.
“All we have were a few slides to look at while they told us that they’re planning to develop it further,” one volunteer said. They also didn’t get a plan for how to manually include early voters’ preferences if the app fails.
Party officials did not respond to questions Sunday about whether the new tool had been vetted for security flaws or if testing is planned before caucus day.
In an earlier statement, spokeswoman Molly Forgey said Nevada officials "continue to work around the clock to evaluate and test a process that will support our nearly 3,000 trained volunteers. As we had always planned, we will have a paper backup and redundancies in place for our process. Our caucus will be secure, simple and efficient.”
Nevada Democrats are also running short on volunteers to run caucuses at more than 2,000 sites across the sparsely populated state, as my colleague Holly Bailey reported.
There’s slightly less concern in New Hampshire, which on Tuesday will hold the first 2020 primary, and other early primary states, as the Wall Street Journal’s Alexa Corse reported. That’s largely because primaries are typically managed by state election officials rather than party leaders and rely on the same voting technology used in general elections.
Primary voters in New Hampshire won’t deal with apps and will vote mostly by hand, marking paper ballots read by a scanning machine. Adversaries could still create problems, however, by manipulating voter registration data or county websites that share polling times and locations, Politico's Eric Geller reports.
Democratic officials in the caucus states of North Dakota and Wyoming have also sworn off using apps, Alexa reports.


A display for 5G services from Chinese technology firm Huawei. (Mark Schiefelbein/AP)
PINGED: Chinese diplomats urged French officials to treat Huawei fairly as they select suppliers for their 5G next-generation mobile network, Sarah White, Mathieu Rosemain and Elizabeth Pineau at Reuters report. 
France's decision later this month on whether to allow the Chinese-owned telecommunications company to build part of its 5G networks could make it the next flashpoint in the ongoing conflict between Beijing and Washington, where officials have launched an international campaign warning allies that Huawei would allow backdoors for Chinese spying.
The Chinese Embassy was “shocked and worried” by reports that France was considering banning Huawei from parts of its network, it said in a statement on its website yesterday. The Chinese government has defended Huawei against allegations it has assisted with Chinese spying.
Some French carriers have already opted for Huawei competitors Nokia and Ericsson, Reuters reports. Shares in those Huawei rivals rose last week after U.S. Attorney General William P. Barr floated the idea of the United States investing in the companies, the Wall Street Journal reported. European telecom giant Vodafone also initiated removing Huawei equipment from core parts of its network last week.

A passenger stretches on the balcony of a cabin on a cruise ship. (Kim Kyung-Hoon/Reuters)
PATCHED: Scammers are using concerns about the impact of coronavirus on global shipping in an effort to hack targets in the manufacturing and transportation industries, researchers at Proofpoint tell The Cybersecurity 202. This follows earlier reports of phishing scams preying on health concerns about the virus.
The email-based phishing scam instructs the recipient to click open a word document that is laced with information-stealing malware.
“This underscores that the threat potential around Coronavirus remains broad and everyone should exercise extra caution when dealing with Coronavirus-themed emails, links and attachments,” Sherrod DeGrippo, senior director of threat research at Proofpoint, said in a statement. “While this recent effort was narrow in focus, we are seeing coronavirus email lures increasingly mixed in with regular ones.”
The hackers appear to be from Russia and Eastern Europe though it doesn't seem like they're backed by any nation-states, Proofpoint said.

Facebook logo. (Loic Venance/AFP/Getty Images)
PWNED: Several of Facebook's corporate Twitter and Instagram accounts were compromised by hackers on Friday, Jay Peters at the Verge reported
Saudi-based OurMine took responsibility for the posts that referred the account's followers to the group's security services. The same group took credit for infiltrating the Twitter accounts of several NFL teams earlier this month.
In both cases the group compromised the accounts through a third-party platform, Khoros, Twitter confirmed. OurMine used the same platform to spam Facebook's Instagram page.
Twitter locked out the hackers within 30 minutes, but researcher Jane Manchun Wong caught this video of Facebook struggling to delete the hackers' posts in real time:
It was fun watching this battle between Facebook and hackers where hackers keep posting tweets and Facebook keeps deleting them pic.twitter.com/c7APEJn38I
— Jane Manchun Wong (@wongmjane) February 8, 2020


Election technology and security's so hot even Hollywood can't stop talking about it.
Election tech is Oscar fodder now:
Steve Martin: “A couple of years ago, there was a big disaster here at the #Oscars where they accidentally read out the wrong name...they have guaranteed that this will not happen this year because the Academy has switched to the new Iowa caucus app.” https://t.co/NumPNVQVlJ pic.twitter.com/Ep86JEGlmN
— ABC News (@ABC) February 10, 2020
Saturday Night Live also took aim at Democrats' app woes in Iowa:
The candidates talk Iowa at the New Hampshire Democratic Debate. #SNL pic.twitter.com/18ZDr5k5q4
— Saturday Night Live - SNL (@nbcsnl) February 9, 2020


— Cybersecurity news from the public sector:
US officials talk about all the methods the Chinese government and its agents have been using to target US companies and universities to steal intellectual property.
The Trump administration has been using a database that maps the movements of millions of cellphones to monitor the Mexican border and make immigration arrests, according to people familiar with the matter.
Wall Street Journal
The U.S. government is raiding little known tech companies for citizens’ medical data. And it appears innocent people are having their most private information put at risk.


— Cybersecurity news from the private sector:
"Phishing" is a type of scamming tactic that tricks vulnerable users into giving out sensitive information like credit card numbers.
Fox Business
Hackers are locking people out of their networks and demanding big payments to get back in. New data shows just how common and damaging the attacks have become.
The New York Times


— Cybersecurity news from abroad:
Names, identification numbers and addresses of over 6 million voters were leaked through the unsecured Elector app.
A cyber-attack against Iranian infrastructure said to be behind Internet downtime lasting several hours
The North has evaded America’s “maximum pressure” campaign with a 300 percent increase in internet use that has opened up new opportunities for cybercrime.
The New York Times

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Latest Post Published

From The Desk Of Fernando Guzmán Cavero

 Dear Friends:  I would like to express hereby my apologies for couldn't fulfill to be with you with my "Daily Financial News Blog&...