Security on the Ballot
In case you somehow missed the ubiquitous reminders, today is Election Day, where you get to exercise your civic rights at the polls (make sure to stretch first). Much has been made recently of the security of voting machines, and their susceptibility to outside cyber intrusion. Stories about Russian hackers targeting government agencies have only seemed to heighten those fears in the weeks leading up to the election. Couldn’t hackers intercept signals sent from machine to network and tamper with the election results? Theoretically, perhaps. Fortunately, these cyber security anxieties are not as realistic as others. Electronic voting machines connected to the Internet would be the only type at risk, and about 75% of the country still uses paper ballots; many electronic machines are also still set up to leave a paper trail.
There will obviously always be risks when it comes to IoT voting machines, as exploitable vulnerabilities in any software can attest. Since government organizations are a particularly favored mark for hackers, it’s important for those states which don’t have a paper trail to be proactive in securing their polling places, and maintaining the integrity of people’s votes. Slipping up is far too easy.
Even organizations dedicated to security can have hiccups. Look at Cisco. Recently, the tech company had to alert users of one of its mobile sites of data exposure, where lax security settings following system maintenance allowed improper access. This is a minor case, of course, since all Cisco had to do was reset passwords and nullify related security questions. However, it speaks to the importance of vigilance for any entity seeking to prevent accidents, and the challenge that can be. But it must be done, to avoid the repercussions that follow. Especially when it comes to the vote, and a campaign as volatile as this one.
Speaking of campaigns, we’re now seeing the effects of the 2012 LinkedIn breach. Credentials stolen from that incident are being used, as expected, in multiple spam and phishing campaigns. Users have been receiving fake emails from “LinkedIn” that ask for driver’s licenses, passport photos, or payment information. Please don’t fall for such an obvious trick, by the way; if someone asks you to share your license online, it’s a scam. This bogus campaign has also extended to Skype, another Microsoft-owned platform, in which users have been getting fake links from LinkedIn and other domains.
Ultimately, problems like these are fixable with a mere credential change. The problems facing the country, however, will take a substantial deal more than that, so please remember to vote.