Russia (and China) might try to jack up the midterms through the net? I'm wondering how much it is they pay this "expert" to figure THAT out?:rolleyes:

https://thehill.com/policy/cybersecurity/3689912-ongoing-us-support-to-ukraine-could-prompt-russian-cyber-escalation-in-midterms-experts-warn/

Russia (and China) might try to jack up the midterms through the net? I'm wondering how much it is they pay this "expert" to figure THAT out?:rolleyes:

https://thehill.com/policy/cybersecurity/3689912-ongoing-us-support-to-ukraine-could-prompt-russian-cyber-escalation-in-midterms-experts-warn/

Well some candidates may be posting recklessly via email. Sounds familiar.

Having just retired from a 30 year cyber-security careen I can already tell you that APTs (advanced persistent threats) were already on the rise in January and things began to heat up in Ukraine. The problems most of our municipal election offices are going to face is that they cannot afford to staff their operations with guys like me who will advise and protect their communications and build out standards framework based networks.

North Korea, China, Russia, Iran, Ukraine <- these are where the bad actors in the APT landscape base themselves. It isn't a matter of if they will get in, it is a matter of when.


Russia (and China) might try to jack up the midterms through the net? I'm wondering how much it is they pay this "expert" to figure THAT out?:rolleyes:

https://thehill.com/policy/cybersecurity/3689912-ongoing-us-support-to-ukraine-could-prompt-russian-cyber-escalation-in-midterms-experts-warn/

Having just retired from a 30 year cyber-security careen I can already tell you that APTs (advanced persistent threats) were already on the rise in January and things began to heat up in Ukraine. The problems most of our municipal election offices are going to face is that they cannot afford to staff their operations with guys like me who will advise and protect their communications and build out standards framework based networks.

North Korea, China, Russia, Iran, Ukraine <- these are where the bad actors in the APT landscape base themselves. It isn't a matter of if they will get in, it is a matter of when.

Intriguing post. Are you talking about municipal election polling places? Are such places normally connected to the Internet? I'd always assumed they weren't, but you've got me wondering now.

Having just retired from a 30 year cyber-security careen I can already tell you that APTs (advanced persistent threats) were already on the rise in January and things began to heat up in Ukraine. The problems most of our municipal election offices are going to face is that they cannot afford to staff their operations with guys like me who will advise and protect their communications and build out standards framework based networks.

North Korea, China, Russia, Iran, Ukraine <- these are where the bad actors in the APT landscape base themselves. It isn't a matter of if they will get in, it is a matter of when.
probably true but
Main problem is they aren't going to be using paper ballots.

The last few elections have shown us that no matter how much they tell us there is little to no external connectivity, there is more than enough to provide a pathway for bad actors. There is always someone who simply will not abide by the disconnected status rules and connects hardware because it is easier to sFTP information in large files than to shuttle external secure data volumes.

With AI and quantum compute resources likely to be broadly available within the next 5 years encryption standards are going to fall like dead leaves off a tree in 50 mph winds too.

Any municipality that aggregates polling data electronically and transfers it on their municipal network infrastructure would be the ones I am most concerned about. They may practice a modicum of basic security but likely don't have fully fleshed out secure networking standards that are consistently followed nor are they likely to have full time security practitioners on staff to monitor and audit their compliance.


Intriguing post. Are you talking about municipal election polling places? Are such places normally connected to the Internet? I'd always assumed they weren't, but you've got me wondering now.

Bingo! Easiest way to avoid the whole mess.


probably true but
Main problem is they aren't going to be using paper ballots.

The last few elections have shown us that no matter how much they tell us there is little to no external connectivity, there is more than enough to provide a pathway for bad actors. There is always someone who simply will not abide by the disconnected status rules and connects hardware because it is easier to sFTP information in large files than to shuttle external secure data volumes.

With AI and quantum compute resources likely to be broadly available within the next 5 years encryption standards are going to fall like dead leaves off a tree in 50 mph winds too.

Any municipality that aggregates polling data electronically and transfers it on their municipal network infrastructure would be the ones I am most concerned about. They may practice a modicum of basic security but likely don't have fully fleshed out secure networking standards that are consistently followed nor are they likely to have full time security practitioners on staff to monitor and audit their compliance.

Even with sFTP (which should get someone in trouble is they use it) I would think these sites would have a private network. They should have no interface accessible directly or indirectly from the Internet.

Btw, wouldn't it be ironic if Dems were creating thousands of bogus paper mail-in ballots, and then Russia or China was just erasing them and more electronically?

computer issues been going on for a long time
neither side seems to want to own it when their team does it.
Russia and China are ok to blame though.


http://www.youtube.com/watch?v=K7tjnuG-l6g


http://www.youtube.com/watch?v=f_4kJHphEpE

computer issues been going on for a long time
neither side seems to want to own it when their team does it.
Russia and China are ok to blame though.


http://www.youtube.com/watch?v=K7tjnuG-l6g


http://www.youtube.com/watch?v=f_4kJHphEpEBlaming Russia and China for attempting to interfere in our elections is legit.

This isn't an "either or". China and Russia trying to do it doesn't negate Americans trying to do it as well. The external threat is a higher priority than the internal one. Yes, the internal people are going to deflect to the external. Each and every time. given their situation and mission it's completely logical.

The issue is to solve the problem. I'm with the paper ballot group. ID to get in the door. Even then, the bad actors would find a way. They always do.

To the original point, Americans jacking with our elections is bad enough. To have commies choosing our alleged leaders for us? Inexcusable and unnacceptable.