Clavister Blog Staff

Hacking governments? It’s child’s play

In Blog post by Clavister Blog Staff

Governments’ cyber security is essential to protect their populations from the universally-acknowledged threats of cyber-attacks, and to preserve democracy and civil liberties.  Cyber-attacks are acknowledged worldwide as an existential threat to national security that is as real and pressing as the threat of terrorism, espionage and weapons of mass destruction. So why have some governments fallen behind?

In the USA, there are several elements putting national security at risk. From alarming voting system vulnerabilities to devastating data breaches, the state of US government cyber security has been described as “bleak”. A recent report from the Department of Homeland Security assessing the cyber security posture of 96 federal agencies found that 74% were either “at risk” or “high risk”, requiring urgent improvement.

The report stated that federal agencies do not have the visibility into their networks required to effectively detect data breaches and respond to cyber incidents. This is a crucial and fundamental failing. The reports also highlighted that agencies could not identify the attack vector in 38% of incidents, meaning they could not defend their networks against repeat attacks.

Outside of federal departments, there are nationwide concerns about the security of electronic voting machines used in presidential elections. Various probes confirm that these machines can be hacked without officials’ knowledge. Their weaknesses were exposed recently in an event at Las Vegas’ DEF CON hacking conference, where a mock election hackathon was held.

Hacking lessons

Voters could choose between two candidates, but one participant hacked into the same Accuvote TSX machines actively used in elections across 18 states to introduce a ‘new’ candidate and syphon votes their way. In another exercise, 39 children between the ages of six and 17 years-old were invited to break in to election site replicas. After a brief explainer, 35 of the children successfully hacked the sites, which mimicked Secretary of State websites in six swing states.

Within 10 minutes, the first successful hack was executed by an 11 year-old child. The kids tampered with vote tallies, setting them as high as 12 billion, and changed both party and candidates’ names to things like ‘Bob Da Builder’ and ‘Richard Nixon’s Head’.  One child changed a candidate name to ‘Kim Jong Un’ and gave him a billion votes. While the exercise itself was harmless fun, it highlighted a real and serious threat to democracy.

Although there have been certain moves by the White House to address the US cyber defense situation, the overall message seems mixed. Senators recently expressed concern after the Trump administration axed the position in charge of overseeing federal government cyber security. Calls for new and updated voting machines have fallen on deaf ears, with funding being denied and proposed new bills to provide federal support stalling in congress.

It’s not just the US Government that’s vulnerable. According to Dimension Data’s Global Threat Intelligence Report 2017, attacks on governments doubled in 2016, coinciding with the US Presidential Election, the Spanish General Election, the Australian Federal Election and the EU Referendum in the UK.

As Michael S. Rogers, the director of the U.S. National Security Agency said earlier this year:  “Today we face threats that have increased in sophistication, magnitude, intensity, velocity and volume, threatening our vital national security interests and economic well-being … Our adversaries have grown more emboldened, conducting increasingly aggressive activities to extend their influence with limited fear of consequences.  We must change our approaches and responses here if we are to change that dynamic.”

That’s excellent advice which governments the world over would benefit from following.