Ransomware Attacks Take On New Urgency Ahead of Vote (nytimes.com) 37
A Texas company that sells software that cities and states use to display results on election night was hit by ransomware last week, the latest of nearly a thousand such attacks over the past year against small towns, big cities and the contractors who run their voting systems. From a report: Many of the attacks are conducted by Russian criminal groups, some with shady ties to President Vladimir V. Putin's intelligence services. But the attack on Tyler Technologies, which continued on Friday night with efforts by outsiders to log into its clients' systems around the country, was particularly rattling less than 40 days before the election. While Tyler does not actually tally votes, it is used by election officials to aggregate and report them in at least 20 places around the country -- making it exactly the kind of soft target that the Department of Homeland Security, the F.B.I. and United States Cyber Command worry could be struck by anyone trying to sow chaos and uncertainty on election night.
Tyler would not describe the attack in detail. It initially appeared to be an ordinary ransomware attack, in which data is made inaccessible unless the victim pays the ransom, usually in harder-to-trace cryptocurrencies. But then some of Tyler's clients -- the company would not say which ones -- saw outsiders trying to gain access to their systems on Friday night, raising fears that the attackers might be out for something more than just a quick profit. That has been the fear haunting federal officials for a year now: that in the days leading up to the election, or in its aftermath, ransomware groups will try to freeze voter registration data, election poll books or the computer systems of the secretaries of the state who certify election results. With only 37 days before the election, federal investigators still do not have a clear picture of whether the ransomware attacks clobbering American networks are purely criminal acts, seeking a quick payday, or Trojan horses for more nefarious Russian interference. But they have not had much success in stopping them. In just the first two weeks of September, another seven American government entities have been hit with ransomware and their data stolen. "The chance of a local government not being hit while attempting to manage the upcoming and already ridiculously messy election would seem to be very slim," said Brett Callow, a threat analyst at Emsisoft, a security firm.
Tyler would not describe the attack in detail. It initially appeared to be an ordinary ransomware attack, in which data is made inaccessible unless the victim pays the ransom, usually in harder-to-trace cryptocurrencies. But then some of Tyler's clients -- the company would not say which ones -- saw outsiders trying to gain access to their systems on Friday night, raising fears that the attackers might be out for something more than just a quick profit. That has been the fear haunting federal officials for a year now: that in the days leading up to the election, or in its aftermath, ransomware groups will try to freeze voter registration data, election poll books or the computer systems of the secretaries of the state who certify election results. With only 37 days before the election, federal investigators still do not have a clear picture of whether the ransomware attacks clobbering American networks are purely criminal acts, seeking a quick payday, or Trojan horses for more nefarious Russian interference. But they have not had much success in stopping them. In just the first two weeks of September, another seven American government entities have been hit with ransomware and their data stolen. "The chance of a local government not being hit while attempting to manage the upcoming and already ridiculously messy election would seem to be very slim," said Brett Callow, a threat analyst at Emsisoft, a security firm.
Why? What part of our (Score:3)
Re: (Score:2)
Re:Most of it (Score:5, Informative)
We're already finding boxes of completed mail-in ballots in dumpsters behind the office of the people who were supposed to count those votes - and we haven't even had the election yet.
LOL, "boxes" of mail in ballots in dumpsters? You mean the nine ballots [go.com] found in the trash in a single Pennsylvania district? Must have been pretty small boxes.
Yeah Pennsylvania too (Score:1)
That's true, there were also the ones in Pennsylvania.
Several boxes of mail-in ballots in Wisconsin found in different places, including big tubs full that the post office left sitting around and never delivered, hundred returned by the post office for no reason (the post office admits there was nothing wrong with them), a box full found in a ditch by the side of the road ...
In Colorado, when they started stacking up ballots for this year's election, they found 500 uncounted ballots cast *last year*.
I'd go
Re: (Score:3, Insightful)
That's true, there were also the ones in Pennsylvania.
You mean there's other places where boxes of mail-in ballots have been found in dumpsters behind election offices? Do tell.
Several boxes of mail-in ballots in Wisconsin found in different places, including big tubs full that the post office left sitting around and never delivered, hundred returned by the post office for no reason (the post office admits there was nothing wrong with them), a box full found in a ditch by the side of the road ...
In Colorado, when they started stacking up ballots for this year's election, they found 500 uncounted ballots cast *last year*.
I don't think any of those ballots were found in dumpsters behind election offices. But I'm sure you know better.
Oh wait...I get it now. You're one of those people sowing FUD about the use of mail-in ballots in the upcoming Presidential election. Carry on.
I'd go in, but I'm going to watch Nev on DWTS with my wife now.
Whatever keeps you off Slashdot is fine by me - even if it's just for an hour or two.
Re: (Score:2)
> I get it now. You're one of those people sowing FUD about the use of mail-in ballots
Try reading the first two thirds of my post. The part where I said out in-person voting machines suck, our information security in general sucks.
There's no need to choose EVERY fact based in which politiball team you're a fan of. Just in the last few days, just here in Slashdot, we've seen multiple articles of companies and government organizations getting shut down by hackers this week - some related to elections, som
Re: (Score:2)
Try reading the first two thirds of my post. The part where I said out in-person voting machines suck, our information security in general sucks.
LOL! YOU try reading it. Your OP makes ZERO mention of in-person voting machines.
There's no need to choose EVERY fact based in which politiball team you're a fan of.
I'm not a fan of either politiball team. I'm also not a fan of people who post misleading or outright false information. Your OP had two "facts" in it; the rest was just your opinions. One fact was "Just earlier today we had a security thread". The other "fact" wasn't a fact at all, and that's the one I disputed. My dispute has nothing to do with politiball teams and everything to do with people using misinformation to s
Re: (Score:2)
Try the ENTIRE post is about electronic voting other than the single sentence you freaked out about.
> > What part of our voting system is run on uncontrolled/secured systems?
My reply, which you freaked about:
--
Most of our election security sucks.
The whole attitude about security in the US is crap. From end users on up.
Just earlier today we had a [IT] security thread and most comments *from Slashdotters*, who know better than the average person, consisted of whining about having __IT security___ at th
Re: (Score:2)
Try the ENTIRE post is about electronic voting other than the single sentence you freaked out about.
LOL, you don't even know what you wrote, do you? Are you a drinker by any chance?
Bud, the only thing you can say about your ENTIRE post is it's a troll. You wanna count sentences? OK. If you don't count the first or last sentences, your ENTIRE post has nothing to do with election security or voting at all. It was a rant about Slashdot users in a different article that had nothing to do elections or voting, and it constituted HALF your post (all sentences included).
As far as "freaking out" goes, I'm
Re: (Score:1)
All of it since the Department of Home Security signed that contract with Microsoft.
Re: (Score:2)
Until western companies realize that outsourcing to India, means ZERO CONTROL of security, this shit will continue.
Re: (Score:2)
Actually the second they mentioned Putin, I switched off, that silly shite has just become silly shite. The corporate Democrats are already pushing the Russia shite, which means they are expecting to lose and they will launch a whole series of riots blaming Russia for hacking the elections on behalf of Trump and they have all the evidence, bad evidence which they fabricated by launching attacks from servers they rent in Russia. Russian security services should watch for corrupt US deep state agents, trying
Re: (Score:2)
voting system is run on uncontrolled/secured systems?
All of it. It has to be cheap after all. And the people in charge are clueless.
Blackmail (Score:1, Troll)
What about blackmail? Trump is up to his eyeballs in debt. They normally don't let people with so much debt take important jobs or get security clearance.
Re:Blackmail (Score:5, Interesting)
No, no, you're not using the terminology correctly. It's only called debt when poor people spend money they don't have. When rich people do it, it's called a leveraged position. :-D
Yes, I'm being snarky. Most people would kill to earn a tenth as much money in their entire lives as President Trump has lost. That's why he wants so badly to hold on to this job. He can charge the American people huge fees for the use of his personal properties and make previous presidents' salaries look like chump change, which helps make up for the fact that most of his properties normally just lose value. :-/
Re:Blackmail (Score:5, Interesting)
Just remember, as the question asks, what's classy if you're rich but trashy if you're poor?
Getting money from the government.
Or, as one brilliant person on Twitter said:
The con artist is nothing more than a broke father of five kids by three different women, living in public housing.
Re: (Score:3, Insightful)
At this point ripping off the government is the only way Trump is staying afloat.
Next term if re-elected there will be creditors banging on the door of the Whitehouse. What is he going to do then? What will be offer them to protect himself?
If China really wants some leverage they should simply buy more Trump debt, then they will literally own him.
Re: (Score:2)
What about blackmail? Trump is up to his eyeballs in debt. They normally don't let people with so much debt take important jobs or get security clearance.
Sadly, this doesn't really apply to elected officials. The only requirements for being a US president are (according to usa.gov):
The president must:
This is my unsurprised face (Score:5, Insightful)
These are the same idiots whose shit court management software was literally keeping people in jail when they weren't supposed to be (see this article [arstechnica.com]). No surprise that they're too stupid to protect themselves from ransomware or anything else.
The right solution for Tyler Technologies is the corporate death penalty, and the right mitigation for the clients is to stop using the software.
Re: (Score:2)
Where's the technical details, even minimal? (Score:2, Interesting)
Are you paid to silence which operating system was impacted by the attack?
Re: (Score:3)
Their online support incidents website is https://tylertech.microsoftcrmportals.com/support/ so that should point you in the right direction...
Re: (Score:2)
"Their online support incidents website is https://tylertech.microsoftcrm... [microsoftcrmportals.com] so that should point you in the right direction..."
Oh, what a surprise! Who could imagine!
And yet, despite 100% ransomware cases being incurred against systems vendored by ONE single company, you won't find the name of that company in any headline or briefing.
Re: (Score:2)
That isn't true, Linux is a target, and has been for several years:
My hopes for a fair upcoming election.. (Score:1)
What do Trump voters think about these web sites? (Score:1)
Donald Trump Research [trumpresearchbook.com]
99 Reasons to Dump Trump [nydailynews.com]
A Catalog of Trump's Worst Cruelties, Collusions, Corruptions, and Crimes [mcsweeneys.net]
A Closer Look [youtube.com], Late Night with Seth Meyers TV show. The jokes are usually not funny. The videos of Trump show what he has said and done.
President Trump has made more than 20,000 false or mis [washingtonpost.com]
Re: (Score:1, Flamebait)
The non-fanatic Republicans, on the other hand? There's been microfractures forming in their ranks for quite some time now. Many of them have come t
Re: (Score:2)
Oh a
Re: (Score:2)
To answer your question directly, I clicked on the last link, skipped over the partisan diatribe to choose one of their examples.
Obama and former vice president Joe Biden “spied” on his campaign and “knew everything that was going on.” Trump has made allegations of Obama spying since 2017, based on little or no evidence.
Except, we now know that Obama and Biden were in the infamous Feb 5 meeting where this investigation was discussed, and Biden recommended using the Logan Act against Flynn. Multiple government documents have shown clearly that the Obama administration was in fact spying on the Trump campaign, and documents have shown that there was not basis for that spying.
I would have to say th
Re: (Score:2)
Grievous spelling errors and a complete bastardization of the English language to construct a number of unoriginal non-sequeturs that were probably lifted from a Breitbart or Infowars comment section to begin with.
Yeah dude, they're turning the frogs gay with chemicals. Get on it.
Re: (Score:2)
Cons are fine with Russia now.
Haven't you heard? We've always been at war with Eastasia.
where's the accountability? (Score:1)
Still no one is talking about holding responsible the manufacturers/distributors of the software and operating systems that are being compromised by these attacks. Yes, some of this is on IT/networking personnel and practices at the companies being attacked, but the attacks often succeed due to defects in 3rd party packages that they just happen to be running. Particularly when an attack comes through a hole that was only recently patched by a vendor (or not patched at all), the vendor should really still
Brett Callow (Score:3)
This "Brett Callow" guy is interesting. He's all over the place on google as a source for Emsisoft, being cited as anything from a malware analyst to cybersecurity expert.
His linkedin profile shows that he has worked for Emsisoft as a "threat analyst" for two years.
Prior to that, he's completely wiped his resume, and the guy looks like he's in his mid to late 40's.
He actually seems to be a PR / Marketing dude that has been hired by Emsisoft to write a bunch of stuff regarding election hacking and bitcoin - whatever they tell him to write about.
He seems to be some sort of paid journalist for this company, making this sort of content most likely just inflammatory clickbait.
The one solution (Score:1)
Paper votes.
Manual counting.
As a minimum as a backup for check against fraud.
Works in many democracies.