Free support to election commissions

Today, Rendition Infosec is pleased to announce that we are offering a free breach detection evaluation for city and county election commissioners nationwide.  Rendition understands that these offices face a changing threat landscape in which they need to evaluate security, but find themselves in the middle of a budget cycle without allocated budget to address the new challenges. Information security has effectively become an unfunded mandate for these offices.

The sanctity of our election process is a fundamental principal in our country.  However, it has recently been revealed that Russian hackers were actively targeting local election officials just days before the 2016 election.  According to the article in The Intercept, Russian hackers compromised a voting software manufacturer and tried to obtain login credentials from local election officials.  The latter is particularly concerning since credentials are often reused across many systems.  Additionally, attackers may have performed lateral movement to other systems which may store voter information or are used to program electronic voting machines.  As Jake Williams, founder and president of Rendition Infosec said in an  “I’ll take credentials any day over malware – I can use that data to compromise corporate VPNs, email, or cloud services that they employee may use.”

According to The Intercept’s reporting, Russian hackers sent emails to people who worked at a company that provides state and local election offices with voter registration systems, trying to trick them into giving up their user credentials. The Intercept reports, “At least one of the employee accounts was likely compromised, the agency concluded.” The Intercept reported that the Russians then used information from that account to launch a separate phishing attack targeting at least 122 local election officials. It is clear that no government body is too small to be targeted by nation state attackers.  There is clearly an imbalance between the resources put into offense (national level resources) and defense (limited if any budget at the local level).

While there are no confirmed reports of Russians (or other) hackers compromising local election commissions, at Rendition Infosec we are convinced that this is most likely due to two things:

  1. A lack of real time security monitoring that would detect such an attack.
  2. A lack of resources to conduct post hoc digital forensics on machines that are suspected to have been at risk for hacking.

Rendition Infosec recommends that local governments implement real time security monitoring overseen by qualified information security professionals, especially given the change in the threat landscape.  However, recommending this to detect Russian activity during the election is like asking someone to close the barn door after all the animals have escaped.  It will help going forward, but we need a better plan for today.

To that end, Rendition Infosec is offering a free breach assessment of the election commissioner’s work machine to look for indicators of compromise. Rendition’s analysts are familiar with the Russian hacking group reported to be targeting the election officials and can conduct an assessment, at no cost to the organization, as to whether the commissioner’s machine has been compromised.

Contact Rendition Infosec at elections@renditioninfosec.com for more information and to get started.

Frequently asked questions:

The report you reference says hacking happened last year – can you still detect that?

Yes. While it would be ideal to examine the machines in question immediately after a compromise, we can still find evidence of compromise months to years after a compromise. Our oldest confirmed infection was discovered more than seven years after the initial compromise.  With today’s refresh rates of computers and an increase in cyber security awareness, we hope that number is never beat.

Shouldn’t you examine at all the computers in the network and not just the election commissioner’s computer?

Sure, that would be ideal, but for a free offer it just isn’t practical.  Rendition wishes we could extend this offer further, but it is simply not practical to do so at scale.  However, based on the reporting available it seems likely that attackers would have targeted the election commissioner as a chief election official in each municipality.  This makes their computer a logical place to look.

What happens if you find something?

If Rendition finds evidence of hacking or malware on any computer, we will report that ASAP to the machine owner/point of contact.  From there, the organization should begin an incident response process.  Of course we would prefer them to consider Rendition for the incident response process, but there is no requirement to do so.

How does this work?

You sign a master service agreement and nondisclosure with Rendition Infosec. Rendition will then vet that we are communicating with a real local government official (no Gmail, Yahoo, etc. email addresses please).  Once we’re satisfied that you are for real, you will be provided with a download link for a data collection tool.  You (or a systems admin) will run the tool on your system and upload the results to Rendition.  Rendition will then analyze the collected data and provide you results.

How long will it take to get results?

The short answer is as soon as possible. The long answer is that we’ll conduct the analysis on a time available basis where we have to prioritize our paying customers.  For this free public service our goal is to get the analysis completed within five business days, with no analysis taking longer than 10 business days.

What will you do with the data once you’re done?  Will you tell anyone if we’ve been compromised?

Your data will never be shared with a third party.  Some anonymous data points from your submitted data will be reported in aggregate.  Rendition never discusses the status our clients’ security.  What they choose to tell others is up to them.

Okay, I’m sold – let’s get started!

Great! Contact Rendition Infosec at elections@renditioninfosec.com or call 888-409-5811 and we’ll get you started in the process.