Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security United States Politics

Ransomware Attacks Take On New Urgency Ahead of Vote (nytimes.com) 37

A Texas company that sells software that cities and states use to display results on election night was hit by ransomware last week, the latest of nearly a thousand such attacks over the past year against small towns, big cities and the contractors who run their voting systems. From a report: Many of the attacks are conducted by Russian criminal groups, some with shady ties to President Vladimir V. Putin's intelligence services. But the attack on Tyler Technologies, which continued on Friday night with efforts by outsiders to log into its clients' systems around the country, was particularly rattling less than 40 days before the election. While Tyler does not actually tally votes, it is used by election officials to aggregate and report them in at least 20 places around the country -- making it exactly the kind of soft target that the Department of Homeland Security, the F.B.I. and United States Cyber Command worry could be struck by anyone trying to sow chaos and uncertainty on election night.

Tyler would not describe the attack in detail. It initially appeared to be an ordinary ransomware attack, in which data is made inaccessible unless the victim pays the ransom, usually in harder-to-trace cryptocurrencies. But then some of Tyler's clients -- the company would not say which ones -- saw outsiders trying to gain access to their systems on Friday night, raising fears that the attackers might be out for something more than just a quick profit. That has been the fear haunting federal officials for a year now: that in the days leading up to the election, or in its aftermath, ransomware groups will try to freeze voter registration data, election poll books or the computer systems of the secretaries of the state who certify election results. With only 37 days before the election, federal investigators still do not have a clear picture of whether the ransomware attacks clobbering American networks are purely criminal acts, seeking a quick payday, or Trojan horses for more nefarious Russian interference. But they have not had much success in stopping them. In just the first two weeks of September, another seven American government entities have been hit with ransomware and their data stolen. "The chance of a local government not being hit while attempting to manage the upcoming and already ridiculously messy election would seem to be very slim," said Brett Callow, a threat analyst at Emsisoft, a security firm.

This discussion has been archived. No new comments can be posted.

Ransomware Attacks Take On New Urgency Ahead of Vote

Comments Filter:
  • by oldgraybeard ( 2939809 ) on Monday September 28, 2020 @05:00PM (#60551870)
    voting system is run on uncontrolled/secured systems?
    • It can really depend on the state. Some states will have laws saying what equipment to use others will set certain requirements. Then depending on the state some will do centralized purchases and others will leave it to the county election officials to do it.
    • > Why? What part of our voting system is run on uncontrolled/secured systems?

      All of it since the Department of Home Security signed that contract with Microsoft.
    • No, it is outsourced to India, who is close friends with Russia.

      Until western companies realize that outsourcing to India, means ZERO CONTROL of security, this shit will continue.
      • by rtb61 ( 674572 )

        Actually the second they mentioned Putin, I switched off, that silly shite has just become silly shite. The corporate Democrats are already pushing the Russia shite, which means they are expecting to lose and they will launch a whole series of riots blaming Russia for hacking the elections on behalf of Trump and they have all the evidence, bad evidence which they fabricated by launching attacks from servers they rent in Russia. Russian security services should watch for corrupt US deep state agents, trying

    • by gweihir ( 88907 )

      voting system is run on uncontrolled/secured systems?

      All of it. It has to be cheap after all. And the people in charge are clueless.

  • Blackmail (Score:1, Troll)

    by AmiMoJo ( 196126 )

    What about blackmail? Trump is up to his eyeballs in debt. They normally don't let people with so much debt take important jobs or get security clearance.

    • Re:Blackmail (Score:5, Interesting)

      by dgatwood ( 11270 ) on Monday September 28, 2020 @05:09PM (#60551902) Homepage Journal

      No, no, you're not using the terminology correctly. It's only called debt when poor people spend money they don't have. When rich people do it, it's called a leveraged position. :-D

      Yes, I'm being snarky. Most people would kill to earn a tenth as much money in their entire lives as President Trump has lost. That's why he wants so badly to hold on to this job. He can charge the American people huge fees for the use of his personal properties and make previous presidents' salaries look like chump change, which helps make up for the fact that most of his properties normally just lose value. :-/

      • Re:Blackmail (Score:5, Interesting)

        by quonset ( 4839537 ) on Monday September 28, 2020 @05:19PM (#60551930)

        Just remember, as the question asks, what's classy if you're rich but trashy if you're poor?

        Getting money from the government.

        Or, as one brilliant person on Twitter said:

        The con artist is nothing more than a broke father of five kids by three different women, living in public housing.

      • Re: (Score:3, Insightful)

        by AmiMoJo ( 196126 )

        At this point ripping off the government is the only way Trump is staying afloat.

        Next term if re-elected there will be creditors banging on the door of the Whitehouse. What is he going to do then? What will be offer them to protect himself?

        If China really wants some leverage they should simply buy more Trump debt, then they will literally own him.

    • What about blackmail? Trump is up to his eyeballs in debt. They normally don't let people with so much debt take important jobs or get security clearance.

      Sadly, this doesn't really apply to elected officials. The only requirements for being a US president are (according to usa.gov):

      The president must:

      • Be a natural-born citizen of the United States.
      • Be at least 35 years old.
      • Have been a resident of the United States for 14 years.
  • by Hizonner ( 38491 ) on Monday September 28, 2020 @05:04PM (#60551880)

    These are the same idiots whose shit court management software was literally keeping people in jail when they weren't supposed to be (see this article [arstechnica.com]). No surprise that they're too stupid to protect themselves from ransomware or anything else.

    The right solution for Tyler Technologies is the corporate death penalty, and the right mitigation for the clients is to stop using the software.

  • Are you paid to silence which operating system was impacted by the attack?

    • https://www.tylertech.com/ [tylertech.com]

      Their online support incidents website is https://tylertech.microsoftcrmportals.com/support/ so that should point you in the right direction...

      • "Their online support incidents website is https://tylertech.microsoftcrm... [microsoftcrmportals.com] so that should point you in the right direction..."

        Oh, what a surprise! Who could imagine!

        And yet, despite 100% ransomware cases being incurred against systems vendored by ONE single company, you won't find the name of that company in any headline or briefing.

        • by _merlin ( 160982 )

          And yet, despite 100% ransomware cases being incurred against systems vendored by ONE single company, you won't find the name of that company in any headline or briefing.

          That isn't true, Linux is a target, and has been for several years:

          • https://hacked.com/linux-ransomware-notorious-cases-and-ways-to-protect/
          • https://www.zdnet.com/article/this-new-ransomware-is-targeting-windows-and-linux-pcs-with-a-unique-attack/
          • https://invenioit.com/security/linux-ransomware-attacks-rise/
  • ..are seriously wavering. :-(
    • I'm interested to know what Trump supporters think about these web sites. What is the response to the unprecedented negativity toward a president? These are links posted in other places.

      Donald Trump Research [trumpresearchbook.com]

      99 Reasons to Dump Trump [nydailynews.com]

      A Catalog of Trump's Worst Cruelties, Collusions, Corruptions, and Crimes [mcsweeneys.net]

      A Closer Look [youtube.com], Late Night with Seth Meyers TV show. The jokes are usually not funny. The videos of Trump show what he has said and done.

      President Trump has made more than 20,000 false or mis [washingtonpost.com]
      • Re: (Score:1, Flamebait)

        The hard-core support base, I imagine, won't even look at any of that, conviced it's just 'fake news' and 'liberal conspiracy', and are more interested in 'sticking it to the liberals', keeping non-white people from entering the country, and (in their wildest dreams) deporting even legal non-white immigrants, LGBTQ, and anyone else they decide is 'un-American'.
        The non-fanatic Republicans, on the other hand? There's been microfractures forming in their ranks for quite some time now. Many of them have come t
        • I see the Trump trolls of Slashdot have mod points again and I'm challenging their denial about the state of thigns: Trumps' support has been falling away for some time now as he shows his ass over and over again. Only the most hardcore supporters, strong in their ability to deny reality and strong in their hatred of so-called 'leftists' (read as: 'Democrats' and 'Progressives' and other level-headed people) are still firmly in the Trump camp. Scream and throw things all you want, won't change reality.
          Oh a
      • by Shotgun ( 30919 )

        To answer your question directly, I clicked on the last link, skipped over the partisan diatribe to choose one of their examples.

        Obama and former vice president Joe Biden “spied” on his campaign and “knew everything that was going on.” Trump has made allegations of Obama spying since 2017, based on little or no evidence.

        Except, we now know that Obama and Biden were in the infamous Feb 5 meeting where this investigation was discussed, and Biden recommended using the Logan Act against Flynn. Multiple government documents have shown clearly that the Obama administration was in fact spying on the Trump campaign, and documents have shown that there was not basis for that spying.

        I would have to say th

  • Still no one is talking about holding responsible the manufacturers/distributors of the software and operating systems that are being compromised by these attacks. Yes, some of this is on IT/networking personnel and practices at the companies being attacked, but the attacks often succeed due to defects in 3rd party packages that they just happen to be running. Particularly when an attack comes through a hole that was only recently patched by a vendor (or not patched at all), the vendor should really still

  • by sonoronos ( 610381 ) on Tuesday September 29, 2020 @02:16AM (#60552946)

    This "Brett Callow" guy is interesting. He's all over the place on google as a source for Emsisoft, being cited as anything from a malware analyst to cybersecurity expert.

    His linkedin profile shows that he has worked for Emsisoft as a "threat analyst" for two years.

    Prior to that, he's completely wiped his resume, and the guy looks like he's in his mid to late 40's.

    He actually seems to be a PR / Marketing dude that has been hired by Emsisoft to write a bunch of stuff regarding election hacking and bitcoin - whatever they tell him to write about.

    He seems to be some sort of paid journalist for this company, making this sort of content most likely just inflammatory clickbait.

  • Paper votes.
    Manual counting.

    As a minimum as a backup for check against fraud.

    Works in many democracies.

Reality must take precedence over public relations, for Mother Nature cannot be fooled. -- R.P. Feynman

Working...