Tag Archive for: System

Switzerland’s e-voting system has predictable implementation blunder

/in


Last year, I published a 5-part series about Switzerland’s e-voting system.  Like any internet voting system, it has inherent security vulnerabilities: if there are malicious insiders, they can corrupt the vote count; and if thousands of voters’ computers are hacked by malware, the malware can change votes as they are transmitted.   Switzerland “solves” the problem of malicious insiders in their printing office by officially declaring that they won’t consider that threat model in their cybersecurity assessment.

But the Swiss Post e-voting system (that Switzerland uses) addresses the malware-in-voter-computer problem in an interesting way that’s worth taking seriously.  Each voter is sent a piece of paper with some special “return codes” that are never seen by the voter’s computer, so any potential malware can’t learn them.  And each voter is instructed to follow a certain protocol, checking the return codes shown on their screen against the return codes on the paper.

I described how it works here.  And then here I described some attacks and vulnerabilities, “threats that their experts didn’t think of”.   And one of those I wrote as,

The hacked app can change the protocol, at least the part of the protocol that involves interaction with the voter, by giving the voter fraudulent instructions.  There could be a whole class of threats there; I invite the reader to invent some.

When I say “predictable implementation blunder”, well, I predicted something like this.  But it’s a bit worse than I thought.

Andreas Kuster is a Swiss computer scientist living abroad, and a few months ago he received his election packet in the mail from his home canton of St. Gallen.  He discovered that the Swiss Post e-voting system had made a basic blunder:  the instructions to the voter about how to perform the return-code-checking protocol are not printed on the paper, they are only on the voting website itself.   That means if the voter’s computer is hacked by malware, the malware can direct the voter to a fake website that has different instructions, with a useless protocol. Or, as Kuster demonstrates, the malware can install a browser…

Source…

APTs, botnets combated by new AWS system

/in


Nation state-sponsored advanced persistent threats Sandworm and Volt Typhoon and various distributed denial-of-service botnets were noted by Amazon Web Services to have been thwarted using its new MadPot internal threat intelligence decoy system, reports SecurityWeek.

Over 100 million possible threats are being tracked by MadPot using sensors and automotive response functionality, with nearly half a million of which being categorized as malicious, according to AWS.

Russian APT operation Sandworm was discovered by MadPot after attempted exploitation of a WatchGuard network security appliance vulnerability, with further examination of the payload yielding unique threat actor attributes and IP addresses.

On the other hand, MadPot was able to avert Chinese APT Volt Typhoon following an attack against U.S. territory Guam.

“Through our investigation inside MadPot, we identified a payload submitted by the threat actor that contained a unique signature, which allowed identification and attribution of activities by Volt Typhoon that would otherwise appear to be unrelated,” said AWS, which added that data and findings from the MadPot system have been leveraged to strengthen its security offerings.

Source…

County spending more than half a million after system hack

/in


More than two weeks after a cyberattack on Hinds County’s computer system, the board of supervisors voted to spend just over $600,000 to restore it.The board voted Friday to contract with two companies to help fix the problem.The system has been offline since Sept. 7, when it was hit with a Ransomware attack, shutting down many county agencies. The Department of Homeland Security, as well as the FBI, were called to investigate.Earlier this week, Hinds County Attorney Tony Gaylor said the crippled computer servers could be resolved within days.Gaylor said during a news conference Wednesday that the county hopes to focus on reopening the Tax Collector’s Office first, where so many people have complained they have been unable to get renewals for car tags or handicapped parking cards.Central Mississippi Realtors, who represent more than 1,600 real estate professionals, said the disruption has caused a significant impact on the real estate business. They said property tax payments have been delayed. There have been challenges in Title searches, and there has been disruption in real estate transactions.County officials said residents would not be penalized by late fees as a result of the attack.A prior version of this article attributed information to Hinds County Administrator Kenny Wayne Jones, who was wrongly identified as Kenny Wayne Smith. He was not the source of the information.

HINDS COUNTY, Miss. —

More than two weeks after a cyberattack on Hinds County’s computer system, the board of supervisors voted to spend just over $600,000 to restore it.

The board voted Friday to contract with two companies to help fix the problem.

The system has been offline since Sept. 7, when it was hit with a Ransomware attack, shutting down many county agencies. The Department of Homeland Security, as well as the FBI, were called to investigate.

Earlier this week, Hinds County Attorney Tony Gaylor said the crippled computer servers could be resolved within days.

Gaylor said during a news conference Wednesday that the county hopes to focus on reopening the Tax Collector’s Office first, where so many people have complained they have been unable to get renewals for car tags…

Source…

Virginia Retirement System hack demands transparency and accountability – Daily Press

/in


Through no fault of their own, thousands of Virginians are learning that their names, social security numbers, birthdates and partial addresses may have been exposed on the internet as part of a massive data breach affecting millions of Americans.

Most of those whose personal information may have been compromised are retired public employees who receive pension benefits through the Virginia Retirement System. VRS initially told Channel 8 News in Richmond that active members of the retirement system were not affected by the hack, but later backed away from that blanket statement. The hack compromised personal information of some survivors and beneficiaries of retirees, a group that includes some current teachers and other state employees. As many as 230,000 people may be affected.

Retirement systems in other states have also been targeted by the hackers, as have other public pension and private-sector retirement plans, state and federal agencies. California’s public employee retirement system, the largest in the nation, announced in June that hackers had stolen confidential data of about 769,000 retirees and beneficiaries.

How did this happen? After all, those in the commonwealth’s retirement system don’t have a choice about giving their personal information to VRS. Was VRS careless with the data in its files? The answer is complicated.

Like many other retirement systems, VRS contracts with a company called Pension Benefits Information to verify information about retirees and guard against overpayment. PBI, like many organizations around the world, uses the MOVEit Transfer software to share data, supposedly securely.

In May, a Russian ransomware group calling itself Clop apparently discovered a flaw in the MOVEit Transfer software and exploited it to gain access to a great deal of confidential personal information before the flaw was discovered and repaired.

Clop and similar cyber criminals steal data and then demand ransom in exchange for not making the information public. Clop wasn’t zeroing in on retired Virginia public employees, but all those whose personal details are now in the hands of unscrupulous crooks should be concerned.

It’s a fact of 21st century life:…

Source…