As the US presidential election approaches, anxieties are emerging about the possibility of a cyber attack compromising voting machines. In the world of stocks, we recently witnessed a groundbreaking – and potentially problematic – investment based on an undisclosed security vulnerability. In the latest installment of This Week in Cloud, we’ll discuss election cybersecurity, the economics of hacking, and new attacks on the financial services sector.
Election Cybersecurity Gets Worse, Not Better
Since a data breach at the Democratic National Committee, the integrity of the presidential election’s technology infrastructure has come under a microscope. Now, news that Russian hackers stole data from Illinois’ state election system and attempted to access Arizona’s have stoked fears that US electronic voting systems are vulnerable. For their part, security researchers have pointed out the various ways the electronic voting system could be compromised. Many claim electronic voting systems as they currently exist simply cannot be trusted for this election.
FBI Chief Responds to Concern Over Cyberthreats to US Election System | Mike Levine, ABC News
6 Ways to Hack an Election | Eitan Bremler, Darkreading
Under the Hood of Financial Services Hacks
Financial information has always been a lucrative target for criminal hackers. The most widespread attacks go after consumer financial information, but sophisticated operations have proven successful against high profile targets such as the Bangladesh Federal Reserve and Ecuador’s Banco del Austro. This week, the global financial transaction system SWIFT revealed a barrage of new attacks on global financial institutions – some of which were successful. Security firm Kaspersky Lab published a tale from the trenches of cybercrime: an in depth description of the investigation into a group called Lurk. The “company” has an organizational structure, pays salaries, and even posts job openings online. The report offers a fascinating look into how cybercrime has become organized into big business.
SWIFT Discloses More Cyber Thefts, Pressures Banks on Security | Jim Finkle, Reuters
The Hunt for Lurk | Ruslan Stoyanov, SecureList
Turning Vulnerability Economics Upside Down
Cybersecurity has gained visibility with boards of directors and can even appear as a competitive differentiator for software and hardware companies. A research company turned this model on its head by shorting St. Jude’s stock based on cybersecurity vulnerabilities in the provider’s medical devices. Many experts criticize St. Jude for denying the evident vulnerabilities, amounting to a head in the sand response. The community, however, has also raised issues with the ethics of monetizing the vulnerability using the stock market rather than disclosing the findings to the manufacturer. The cybersecurity startup MedSec defended the action as the most efficient way to recuperate their research costs.
Carson Block’s Attack on St. Jude Reveals a New Front in Hacking for Profit | Jordan Robertson and Michael Riley, Bloomberg
Notes on That St. Jude/Muddy Waters/MedSec Thing | Rob Graham, Errata Security
By the Numbers
8 out of 10
…the FBI’s rating for the significance of Russian attacks on state election systems
…the number of Dropbox logins leaked online this week as a result of a 2012 hack.
…the number of voters whose information was accessed in an attack on a voter database.