Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
CISA has recently observed advanced persistent threat (APT) actors exploiting multiple legacy vulnerabilities in combination with a newer privilege escalation vulnerability—CVE-2020-1472—in Windows Netlogon. The commonly used tactic, known as vulnerability chaining, exploits multiple vulnerabilities in the course of a single intrusion to compromise a network or application.
This recent malicious activity has often, but not exclusively, been directed at federal and state, local, tribal, and territorial (SLTT) government networks. Although it does not appear these targets are being selected because of their proximity to elections information, there may be some risk to elections information housed on government networks.
CISA is aware of some instances where this activity resulted in unauthorized access to elections support systems; however, CISA has no evidence to date that integrity of elections data has been compromised. There are steps that election officials, their supporting SLTT IT staff, and vendors can take to help defend against this malicious cyber activity.
It's up to the appropriate people to take action to protect their systems and our election support systems, as they put it. Just in case...
It's difficult for these "foreign players" to have a direct impact on the vote, as in changing voting outcomes (we hope). They can and have been trying to influence voters in other ways, through indirect means. We just have to be smart enough to recognize it and block it out.
Much to do about nothing as far as we are concerned.
I have no concerns about voting and accurate results in Colorado.
Every ballot is paper.
Every county counts separately.
Government at all levels is competent.
I think the thing that bothers me the most about this is that the government has made an effort to move towards digital processing of a great deal of things internally, but don't want to commit to keeping them up to date. There's still a ton of paper stuff going on, but there is a significant amount of digital processing happening now, and that isn't going to change.
That being said, What is in that article is nothing new to internet facing systems. every single internet facing system with a unique IP address or an access point receives something between 100 and 5000 lock checks per day from automated software that is looking for a variety of conditions to exploit.
If these computers aren't patched regularly with security updates, they WILL be accessed by people who don't have permission to look at or modify the computers or their data. That is a simple fact of operating in a computerized industry.
That article talked about these attacks as leveraging 'Legacy' exploits, which is the language you'd use if these computers had not been receiving regular maintenance.
That article goes on on provide instructions for migrating the computers to a secured network, but goes on to say that you must change the passwords for the accounts that are being accessed on these computers, why? Because some of those computers WERE compromised by automated attacks that could have done anything at all, including sending an exact copy of the hard drives of these systems to a remote location for later analysis.
analysis which should provide a variety of things, like user accounts and passwords to things that people are going to be using on the new secured network, which means that the new secured network isn't really secure if that complete password reset doesn't happen first.
So I ask you-- If the people responsible for maintaining that network of computers aren't even applying software updates, what makes anyone think they are going to reset every single password on the system?
CO might be protected with an all paper system (insofar as you can trust the handlers of the paper, just like we try to trust the computers as handlers of data), but it doesn't matter - if Florida isn't, or Iowa isn't, or any of the other battleground states.
I think the problem is just that there either isn't enough money to keep these digital systems up to date and secure, or the people who make the decisions want them to be exposed and vulnerable.
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
