Craig explains why DHS and the FBI are warning us about Election Hacking and why it individual State Website Security is the culprit.

For more tech tips, news, and updates, visit - CraigPeterson.com

---

FBI, DHS says hackers have gained access to election systems

The IRS Is Being Investigated for Using Location Data Without a Warrant

Clear Conquered U.S. Airports. Now It Wants to Own Your Entire Digital Identity.

5G in the US averages 51Mbps while other countries hit hundreds of megabits

IRS may put cryptocurrency question at the top of 1040 to catch cheaters

Publishers worry as ebooks fly off libraries’ virtual shelves

25% of BEC Cybercriminals Based in the US

What's Really Happening in Infosec Hiring Now?

---

Automated Machine-Generated Transcript:

Craig Peterson: [00:00:00] We've talked about the potential here of hackers getting into our election systems and what are they going to be able to do?  No, I've never been really big on this, but now FBI and DHS, well they're both disagreeing with me.

Hey everybody. Welcome back. You're listening to Craig Peterson.

I've talked about the likelihood of hackers being able to influence, I mean, in a very big way, our election here in the US and I've kind of poo-pooed it, because as a general rule with 50 state elections, it would be very difficult for a foreign adversary of some sort or somebody that just wants to mess with us to really cause havoc with our election.

Of course, it looks like we're going to cause enough havoc ourselves falls because of this lockdown that we did. All of the crazy things we're trying to change at the very last minute with our voting this time around. This is going to be one heck of an election season. Ah, I'm not looking forward to it.

I have been warning about some of the problems that have existed with  Secretary of State office websites. Some of these Secretaries of State are putting up websites that allow the local County chairs, city, et cetera, to upload the vote tallies via the web. To the Secretary of State now, on the whole, that sounds pretty good. It seems pretty reasonable.

You might remember what happened in Iowa early 20 20. Yeah. Where the Democrats decided they were going to use this app for tallying all of the votes. It wasn't being used for voting, but it was being used for the tally who won. We actually don't know who won the Iowa Democrat caucuses. Isn't that right? Just amazing, because of the technology and the problems behind it.

Well, when we're talking now about state hackers, countries that have massive hacking campaigns, ongoing. Yeah. How much could they mess up our election by getting into the Secretaries of State websites? Because not only are the 50 States responsible for running the elections. Tallying the votes, but they're also responsible to give that data, hopefully, good data, the federal government. So how does the federal government get that data?

Well, they tend to get it by going to the 50 Secretaries of State websites nowadays. And that's where my big concern comes from. Obviously, I do not like these touch screen voting machines.

I know I am a good old fashioned writing on a piece of paper or the kind of the heavier paper, a hundred-plus pound stuff. You fill in an oval for who you want and then that card you put it in the machine. The machine counts it. I love those because the bottom line it's completely auditable.

 I talk a lot about audits because so many of my customers are getting audited because of federal regulations, but this is different.

 Let's say the machine tallied, a hundred votes for Trump, and 120 votes for Biden. A spot audit could be conducted. So you take all of the cards that were fed into that machine and you manually count them.

Okay. This is obviously a Trump vote. Okay. That's obviously a Biden vote. So you're going through, you're seeing what the votes were for each person and you can now say, okay, it came up the counts the same, and you know, that machines counter right for what you were looking for was correct. Those cards can then be taken later on and you can have a Republican and a Democrat and a libertarian or whatever the parties are in your state watch as those individual ballots are counted because a physical ballot exists. That's just incredibly important. They can't hack a pencil. I love that saying. Right? I think it was our Secretary of State that said that you can't hack a pencil. I'm not sure that's not all entirely true, but it's mostly true.

But you can hack some of the systems that are behind the reporting, according to the FBI and the Department of Homeland security right now. An article by Brooke Crothers is pointing out that hackers and they're saying possibly nation-state actors, which means who China, Russia, Cuba, North Korea, Venezuela, Brazil, not so much in Venezuela, not so much nowadays, either because their economy is in shatters because they are a blank country, a socialist country. Exactly. So their economies in shatters.

Brazil's in shatters looks like we might get a trade agreement by the way, with Brazil kind of interesting, but.

They are saying now that there is no evidence so far, this is a Homeland security, that the integrity of the elections data was compromised. And they're saying that it does not appear these targets are being selected because they are part of our election apparatus. In other words, wait a minute, guys. Our secretaries of state's website, other systems are being hacked just as a part of a random hack. What happens if they get ransomware? And what happens if a nation-state really does want to go after them this week.

We saw six spies arrested, Chinese spies who were stealing information critical to the United States of America. They lie on their visa applications. You know, that's why right now the State department's saying you might not want to go to China because China's threatening to kidnap Americans over there and hold them hostage in exchange for these spies. It's not like the old days where we would catch some Russian spies. They would catch some American spies and then we trade them. Right?

No, China is right now threatening to, and they already have with Canada and two other countries, they are threatening to kidnap regular old, innocent Americans off the street of China and hold them hostage until we give back there are six spies. Can you imagine that? Yeah, China is not an enemy. China is a friend, right? Well, it's a friend. If they give you one and a half-billion dollars. That's another story for a new section here.

What I have been concerned about it looks like it's happening, that these were not attacked because they're part of the election apparatus. These were attacked because they were vulnerable systems. So what vulnerabilities were used, I think everyone needs to pay attention to this cause this is a very, very big deal. This is Seesaw. This is the cybersecurity and infrastructure security agency Seesaw. They are saying that they got in through what's called vulnerability chaining.

That is a big deal and that is on my list of things as part of what we cover in my cybersecurity mastery course. This is a technique that's commonly used and it's used against businesses. It's used against federal state agencies, government critical infrastructure, elections organizations.

In this case, it targeted something that I've been talking about forever. VPN vulnerability. Don't use virtual private networks unless you really, really, really, really know what you're doing. Okay. This was a target against a VPN vulnerability and a flaw in that log on, which is a windows protocol that used to authenticate people who are connecting over the VPN.

Now what makes us even worse is that not only did the Secretary of State offices and other government offices not have adequate security to prevent this, not only did they not have properly configured VPNs, which is like 98% of them out there. So pull up your socks, people.

Patches were already available for all of the vulnerabilities. They were already out there. This is what came straight from the FBI and CISA the patches were already there and they had been disclosed and the systems were not updated. So. How safe then is, is our election infrastructure?

I go back to what I've been warning about for many, many years, our over reliance on the accuracy and security of the technology. These guys that did it are known as advanced persistent threat actors. Which usually means nation-states. They did not identify who it was most of the time lately. It's been China, no matter what these so-called news organizations have been saying, it hasn't been Russia. Russia really hasn't done much lately. It's mostly China and apparently, it looks like it's a financially motivated nation-state actor that can mean Russia. They are more financially motivated, but so is China. That's why they're stealing our business secrets as well. Okay. Very, very bad.

Microsoft. You might remember, we talked about it here in September, said it detected Russian, Chinese, and Iranian actors targeting the 2020 US elections. So this is stepped up activity. They are targeting the  2020 election, according to Microsoft and the national counterintelligence and security center director, William Evanina. It's a very big, very big deal. So something else to worry about for our elections in 2020.

It's also something you need to worry about if you are working from home. If you are a business owner or if you're an IT person, and that's why I'm here, I'm trying to help you guys understand this. That's why I have my cybersecurity mastery program. So you can ask me any questions you want to, and we can get things solved. Get them rolling.

Be sure you are on my email list so you get my newsletters. You get the training and you know, what's going on.

Hey, you're listening to Craig Peterson.

We're going to talk about the IRS being investigated this time. You've seen those CLEAR things in airports, let you pass through quickly. We're going to talk about what they're trying to do nationwide.

Stick around. We'll be right back.

---

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553