Latest Post | Last 10 Posts | Archives
Previous Post: Rauner says he won’t be involved in Murphy replacement
Next Post: Derren and Darwin Sorrells’ arrest record
Posted in:
* The Michael Isikoff elections board hacking story is getting a lot of traction out there. But cyber security specialist John Bambenek has read the FBI “Flash” memorandum that Isikoff wrote about (and which admonishes against release to the media and general public) and says Isikoff got it wrong…
The Isikoff article takes great liberties with both the details of the FBI Flash Bulletin and the facts of the matter to claim dangerous “foreign adversaries” are attacking boards of elections.
I have seen some of those IPs attack one of my own servers and it’s unlikely sophisiticated foreign adversaries are really that interested in data from my unsuccessful 2012 State Senate run.
The use of a foreign IP has no relationship to the nationality of the attacker. I personally have infrastructure in many countries, that doesn’t make me Chinese, Russian, Brazilian, American, German and French all at the same time.
A cursory exam of the data shows the IP addresses involved are commodity web scanners that constantly scan the entire internet for basic web vulnerabilities.
While it is important to highlight the risks of these threats and practice basic web application security, we ought not to stretch the truth and engage in fear mongering where none is warranted. We have the defenses required for these types of attacks, they need only be implemented.
Bambenek also told me, “Nation states don’t SQL inject through Tor.” I’ve added explanatory hyperlinks to help you parse what he’s saying.
*** UPDATE *** The FBI alert is here.
* From the Tribune…
[Ken Menzel, general counsel for the elections board] said there is a “reasonable suspicion” that the cyberattack was foreign.
“We know foreign servers were used, but it’s not conclusive that foreign actors were involved,” Menzel said. He said the FBI has “their reasons for suspecting foreign involvement, other than just some foreign servers were used.”
posted by Rich Miller
Monday, Aug 29, 16 @ 1:15 pm
Sorry, comments are closed at this time.
Previous Post: Rauner says he won’t be involved in Murphy replacement
Next Post: Derren and Darwin Sorrells’ arrest record
WordPress Mobile Edition available at alexking.org.
powered by WordPress.
isikoff got it way wrong.
everyone knows nation states don’t sql inject through tor. what a dummie.
Comment by peets Monday, Aug 29, 16 @ 1:22 pm
I never thought I’d say this but upon initial glance I’m inclined to agree with John Bambenek.
Comment by The Captain Monday, Aug 29, 16 @ 1:29 pm
For an even better explanation of a SQL injection attack…
https://xkcd.com/327/
Little Bobby Tables.
Comment by OneMan Monday, Aug 29, 16 @ 1:32 pm
This seems like script kiddie stuff, actually.
The fact that they used SQL injection was probably just a test — and then they discovered — shocked, I bet — that it worked.
Comment by Bobby Catalpa Monday, Aug 29, 16 @ 1:33 pm
Doesn’t mean an organization or group conducting this or other hacks doesn’t have ties to a government.
Comment by Jorge Monday, Aug 29, 16 @ 1:34 pm
BTW — if you want to learn what actual “nation state” hackers do, I highly recommend the new flick ‘Zero Day’. It’s out now — and (I’ll bet) you can torrent it, too, if you’re inclined and able.
But what it shows — and documents — is what real hackers can do. And none if it is SQL injection.
Comment by Bobby Catalpa Monday, Aug 29, 16 @ 1:37 pm
The issue is that they were hacked. The who is secondary. We need to start demanding that our governments do more to protect data.
Comment by Norseman Monday, Aug 29, 16 @ 1:49 pm
===The issue is that they were hacked. The who is secondary.===
We covered “the issue” back in July. “The who” is today.
Comment by Rich Miller Monday, Aug 29, 16 @ 2:17 pm
Nation States don’t use Tor, period.
Comment by Stuff Happens Monday, Aug 29, 16 @ 2:22 pm
=== Nation States don’t use Tor ===
People who work for Nation States, especially if they don’t want to look like Nation States, just might try it. It is unlikely that a sophisticated hacker would use an SQL injection - but sometimes you don’t bring your A game intentionally, when you aren’t certain if you don’t need to. It may all be a non-story, but I would not jump to conclusions either way just yet.
Comment by Mr. Smith Monday, Aug 29, 16 @ 3:02 pm
Thank God John Bambenek is there to protect the IBHE with his terrible swift swo….computer.
Comment by Blue Bayou Monday, Aug 29, 16 @ 3:03 pm
There’s another issue in that most election computers aren’t directly linked to the internet. Most have cards that are physically taken to a computer that is not on the net and then counted. They could screw with the statewide system, but that still leaves the base level data protected in most jurisdictions.
Louisiana is fully networked, and there may be more states, but most are not.
Comment by ArchPundit Monday, Aug 29, 16 @ 3:14 pm
Bambenek’s analysis is good from the security aspect.
Comment by ArchPundit Monday, Aug 29, 16 @ 3:15 pm
=…we ought not to stretch the truth and engage in fear mongering where none is warranted.=
Tell that to the GOP investigative committees waving their arms in panic about 4 phishing emails sent to HRC’s personal server by “the Russians.”
Comment by MSIX Monday, Aug 29, 16 @ 3:37 pm