* The Michael Isikoff elections board hacking story is getting a lot of traction out there. But cyber security specialist John Bambenek has read the FBI “Flash” memorandum that Isikoff wrote about (and which admonishes against release to the media and general public) and says Isikoff got it wrong…
The Isikoff article takes great liberties with both the details of the FBI Flash Bulletin and the facts of the matter to claim dangerous “foreign adversaries” are attacking boards of elections.
I have seen some of those IPs attack one of my own servers and it’s unlikely sophisiticated foreign adversaries are really that interested in data from my unsuccessful 2012 State Senate run.
The use of a foreign IP has no relationship to the nationality of the attacker. I personally have infrastructure in many countries, that doesn’t make me Chinese, Russian, Brazilian, American, German and French all at the same time.
A cursory exam of the data shows the IP addresses involved are commodity web scanners that constantly scan the entire internet for basic web vulnerabilities.
While it is important to highlight the risks of these threats and practice basic web application security, we ought not to stretch the truth and engage in fear mongering where none is warranted. We have the defenses required for these types of attacks, they need only be implemented.
Bambenek also told me, “Nation states don’t SQL inject through Tor.” I’ve added explanatory hyperlinks to help you parse what he’s saying.
*** UPDATE *** The FBI alert is here.
* From the Tribune…
[Ken Menzel, general counsel for the elections board] said there is a “reasonable suspicion” that the cyberattack was foreign.
“We know foreign servers were used, but it’s not conclusive that foreign actors were involved,” Menzel said. He said the FBI has “their reasons for suspecting foreign involvement, other than just some foreign servers were used.”