Hacking Goes Mainstream—Banks Rob Customers, Olympians Discredited and Potential for Election Fraud

It seems not a single day passes without a 21st Century version of the World War II era radio game show “Can You Top This,” broadcasting how the latest data hack tops yesterday’s breach, making our society much more vulnerable than the one that existed 50 years ago. While all of today’s technological innovations have made our lifestyle easier, those same advances have made us less secure than the coldest days of the Cold War.

The transition from a paper-based system to an electronic information system holds us hostage to some of the worst violations of our personal information including credit card numbers, bank accounts, driver’s license identification, Social Security digits, and even sexual preferences, salary details, religious and political beliefs, shopping purchases and more.

The concept of “secret information” now harkens back to a time when only top spymasters knew and kept secrets. Now everyone seems to want to keep them. When you make a phone call, how often do you hear, “This call may be monitored…” This phrase often really means the call can and will be used against you in court, sometimes for simply calling your phone carrier.

Just how vulnerable is our personal information?

When the Bank Robs You

Approximately 5,330 Wells Fargo employees were fired for hacking customer data that enabled them to secretly create millions of unauthorized bank and credit card accounts without their customers knowing it. This has been going on since 2011. The phony accounts earned the bank unwarranted fees and allowed employees to boost their sales figures and make extra money. Employees created phony PIN numbers and fake email addresses to enroll customers in online banking services.

"Wells Fargo employees secretly opened unauthorized accounts to hit sales targets and receivebonuses," Richard Cordray, director of the Consumer Financial Protection Bureau, said in a statement.

Care to Dance With A Fancy Bear?

Fancy Bear is a Russian cyber espionage group believed to be associated with GRU, Russia’s largest military intelligence agency. The organization is believed to have penetrated the World Anti-Doping Agency’s (WADA) athlete database and publicly revealed private medical information about three of the United States’ most famous athletes—Serena Williams, Venus Williams and Simone Biles.

The agency published documents showing that Biles and the Williams sisters received medical exemptions to use banned drugs during the Summer 2016 Olympics in Rio, Brazil. WADA recently confirmed the authenticity of those documents.

Fancy Bear has also been tied to breaches against government agencies, nonprofit organizations and corporations. The group is also suspected of involvement in the recent theft of emails and documents from the Democratic National Committee (DNC) and Hillary Clinton campaign chairman John Podesta.

Even former Secretary of State Colin Powell’s email account has been hacked, which proved embarrassing for Powell and those mentioned in the emails, including presidential candidates Hillary Clinton and Donald Trump.

These hacks have spurred concerns over the security of the US election system, and have spurred mounting fears that the election results cannot be trusted.

Who is behind the distrust—Vladmir Putin and his apparent surrogate WikiLeaks? Putin says he doesn’t know or care who hacked the DNC, but he thinks it was a public service. Julian Assange, the ubiquitous WikiLeaks founder told CNN there will be more election related material coming. The picture is getting murkier.

Is the Election Vulnerable to Attack?

The US Department of Homeland Security (DHS) is urging state and local election officials to seek assistance from the federal government to fend off cyberattacks that could be used to manipulate the results of the November presidential election.

So far the agency isn’t aware of any manipulation of data, but there have been signs that hackers have been probing multiple state voting systems. DHS has already received requests from 33 states and county or local election agencies, with multiple states expressing interest in a general “cyber hygiene” scan of key websites which is akin to ensuring that windows in a home are properly closed.

Bethany Salzarulo, director of Elections and Voter Registration for Cumberland County, Pennsylvania, said there is "absolutely no" chance one of her voting machines could be hacked, since the voting machines cannot be connected to the Internet. 

However, the real harm is the appearance of election tampering, which could call into question the results, especially in a close race, and trigger demands for time consuming recounts. Despite assurances from government officials, the FBI’s Cyber Division released an alert in August to warn election officials of potential voting booth attacks.

The FBI has detected a variety of “scanning activities” that are early indications of hacking. Arizona, Illinois and both the Democratic and Republican parties have been the victims of either attempted or successful cyber attacks. FBI agents with expertise in Russiangovernment hacking are currently investigating the attacks.

Federal law enforcement and local election officials say the decentralized nature of the voting process, which is run by states and counties, makes it impossible to ensure a high level of security in each district. There is particular concern about electronic balloting from overseas that travels on vulnerable networks before landing in the United States and about efforts to use cyber attacks to disrupt vote tabulations being transmitted to state-level offices.

Encryption, secure paper backups and backup computers will be critical.

The question remains: Should we just dig deeper moats and build higher walls?

Are Hackers Just Crackers?

Upon examination, some attacks are not as sophisticated as one might think. Two North Carolina millennials were recently arrested for allegedly hacking into the computer systems of several senior government officials, according to an affidavit released by a Virginia district court.

Using playful Twitter names like "INCURSIO" and "D3F4ULT," the two youths are accused of conspiring with a hacking collective who calls itself "CRACKAS WITH ATTITUDE" (CWA) to breach government accounts and publish personal information online. Earlier this year, CWA was credited with attacks targeting CIA director John Brennan, FBI Deputy Director Mark Giuliano and the Miami Police.

The hackers used a technique known as "social engineering" to target members of the US government and their families, communicating to each other via direct messages on Twitter. Members of CWA utilized several different handles, including @GENUINELYSPOOKY, @CRACKA, and @PORNG0D.

Further investigations have revealed that the modus operandi is often surprisingly simple. Terms such as Typosquatting, social engineering and Bitcoin have been associated with these attacks. Technically none of the attacks can be called criminal activities; however, they remain at the fringe of legitimacy.

Out-Sleuthing the Hackers

The US has enough cybersecurity expertise to counter these emerging threats. Innovative new cybersecurity technology is providing a path forward to end our national anxiety over the vulnerability of US election systems to attack. The security domain of artificial intelligence and “expert systems,” machine learning, data analytics and predictive analytics are being investigated in new ways to stop hacks. In fact, technology has moved way ahead in safeguarding our cyber space with the use of artificial intelligence and machine learning systems.

Technology is available now that can effectively safeguard the elections. One of those technologies is “Ambient Cognitive Cyber Surveillance,” a platform which deploys a virtual intelligent eye, combining artificial intelligence with advanced machine learning algorithms to provide real-time behavior analysis and anomalous user access monitoring. Baselines of normal user behavior are set up to identity any activities that breach those parameters.

The eye works by creating a digital “fingerprint” that identifies the login behavior of every election official who logs into any application. This behavioral information records every detail of an official’s interaction with voter data and the systems it resides in. If the user’s behavior violates a baseline parameter, the system can easily identify irregularities in user activity and send out the appropriate alerts to IT officials immediately.

The eye works by generating a digital “fingerprint” based on behavior for every single login, by every single user, in every single application and election voter data across various districts. This information is a recording of the “who, what, when, where, why, and how” data being accessed within an election organization. Once a baseline for behavior is established, the system can easily identify anomalies in user activity and send out the appropriate alerts immediately when there are deviations from normal behavior.

There can be no doubt that effective cybersecurity measures are required to counter these threats. US elections are sacrosanct and no one should be allowed to meddle with them.

Santosh Varughese is president of Cognetyx, whichdelivers Ambient Cognitive Cyber Surveillance to protect information assets against cyber security threats, data breaches and privacy violations.

(Visited 4 times, 1 visits today)

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Leave a Reply