Study: Hackers Will Exploit Upcoming U.S. Election

CYBERSECURITY

Study: Hackers Will Exploit Upcoming U.S. Election

12/2/2015
By Yasmin Tadjdeh

Hackers and cyber criminals will use the upcoming U.S. presidential election to attempt to trick unsuspecting citizens into giving away personal data as well as breach online accounts of candidates, election staffers and media outlets, a study released Dec. 2 said.

The annual report, released by Raytheon/Websense — a joint venture between Raytheon and Vista Equity Partners — outlined looming cyber threats and offered predictions of what might lie ahead in 2016.

“For the next year there’s going to be a heightened risk to anybody involved in this political process,” said Bob Hansmann, director of product security at Raytheon/Websense.

“Anybody participating in the campaign process — which goes for news agencies, private bloggers as well as the candidates and all of their staff — are potential targets,” he said. “Some of this could be just a hack … [to] cause disruption, other attacks could be extremely tactically planned to occur, say, the night before a particular state caucus takes place, a debate [or] around the convention.”

These hackers may just want to cause a harmless annoyance, but some may attempt to torpedo particular campaigns. Others may employ phishing scams to try and make money, he said.

Social media will be the “primary vehicle to raise awareness of campaign messages and events,” the report said. That will give hackers ample opportunities to strike.

“Attackers will use the 2016 election and related campaign issues to craft email lures and misdirects in order to push malware payloads with the intent to compromise,” the report said. “Expect lures made to look like political party or candidate email, advocating an online petition or survey about specific election issues, linking to a supposed news story, or relaying information about voter registration or debates.”

Hackers may also create confusion by hacking into candidates' Twitter accounts and sending false information, Hansmann said. For instance, the night before an election an infiltrator could hack into a candidate’s account and say that he or she has suddenly withdrawn from the election. That could have major ramifications, he said.

Additionally, hackers might try to break into candidates' private accounts to look for embarrassing information that could be made public, he said.
Campaigns must have a dedicated person on staff to help balance security with distributing information, he said.

“Anybody engaged in elections, they’ve got to have somebody responsible for it,” he said. “It’s got to be a senior member of their staff who is constantly thinking of the security angle.”

Another prediction is an increase in financial data being stolen from people using mobile wallets.

“As adoption and the types of transactions capable on mobile phones increases, malware authors will also increase their efforts to steal from a digital wallet,” the report said. “Mobile malware will evolve to use these payment methods to commit fraud. As the cell phone continues to become the preferred two-factor source of authentication for many financial transactions, it has also increased the value of exploiting the mobile device or its applications to empower much more theft than currently seen.”

Additionally, there are vulnerabilities as Americans continue to connect more and more devices to the Internet, the report said.

“The websites, apps and electronic devices that comprise the 'Internet of Things' … make navigating personal and business tasks more convenient than ever, but their popularity also means a wider attack surface, expanse of data and range of vulnerabilities for threat actors to exploit,” the report said.
Phishing attacks are still a major problem, Hansmann said. In the last four or five months, many software systems designed to block such emails have been challenged by hackers' changing tactics, he said.

“The bad guys are getting more innovative about how they formulate the content of the emails to make it look more and more legitimate” he said. “Now they’re getting very specific.”

Topics: Cyber, Cybersecurity

Comments (0)

Name *

Email *

Comment *

Please enter the text displayed in the image.

Characters *

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

I have read the legal notice.

Find an Article VIEW ALL ARTICLES