Defending the 2018 Midterm Elections from Foreign Adversaries

Video thumbnail (Frame 0) Video thumbnail (Frame 1286) Video thumbnail (Frame 3717) Video thumbnail (Frame 7507) Video thumbnail (Frame 13110) Video thumbnail (Frame 22984) Video thumbnail (Frame 24082) Video thumbnail (Frame 25212) Video thumbnail (Frame 26227) Video thumbnail (Frame 35834) Video thumbnail (Frame 37277) Video thumbnail (Frame 38473) Video thumbnail (Frame 40303) Video thumbnail (Frame 44639) Video thumbnail (Frame 45839) Video thumbnail (Frame 47197) Video thumbnail (Frame 50040) Video thumbnail (Frame 54957) Video thumbnail (Frame 58694) Video thumbnail (Frame 65367) Video thumbnail (Frame 66673)
Video in TIB AV-Portal: Defending the 2018 Midterm Elections from Foreign Adversaries

Formal Metadata

Defending the 2018 Midterm Elections from Foreign Adversaries
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
Election Buster is an open source tool created in 2014 to identify malicious domains masquerading as candidate webpages and voter registration systems. During 2016, fake domains were used to compromise credentials of a Democratic National Committee (DNC) IT services company, and foreign adversaries probed voter registration systems. The tool now cross-checks domain information against open source threat intelligence feeds, and uses a semi-autonomous scheme for identifying phundraising and false flag sites via ensembled data mining and deep learning techniques. We identified Russian nationals registering fake campaign sites, candidates deploying defensive—and offensive—measures against their opponents, and candidates unintentionally exposing sensitive PII to the public. This talk provides an analysis of our 2016 Presidential Election data, and all data recently collected during the 2018 midterm elections. The talk also details technological and procedural measures that government offices and campaigns can use to defend themselves.
Malware State of matter Website Figurate number
Slide rule Wage labour State of matter Multiplication sign Real number Projective plane State of matter Virtual machine Mathematical analysis Survival analysis Voting Entropie <Informationstheorie> Resultant Physical system
Group action Code State of matter Multiplication sign Set (mathematics) Domain-specific language Image registration Mereology Public key certificate CAN bus Different (Kate Ryan album) Semiconductor memory Process (computing) Office suite Website Physical system Cybersex Scripting language Service (economics) Electronic mailing list Data analysis Database transaction Type theory Internet service provider Website Right angle Summierbarkeit Quicksort Physical system Resultant Web page Service (economics) Computer file Computer-generated imagery Virtual machine 2 (number) Revision control Software Software suite Energy level Software testing Metropolitan area network Mathematical optimization Form (programming) Standard deviation Dependent and independent variables Suite (music) Artificial neural network Projective plane State of matter Mathematical analysis Cartesian coordinate system Domain-specific language Word Voting Personal digital assistant Local ring
Greatest element Group action Hoax State of matter Direction (geometry) Multiplication sign Database Domain-specific language Image registration Information privacy Mereology Discounts and allowances Formal language Facebook Different (Kate Ryan album) Hypermedia Information Website Physical system Service (economics) Touchscreen Sampling (statistics) Data analysis Staff (military) Hecke operator Bit Database transaction Image registration Control flow Twitter Type theory Arithmetic mean Googol Facebook Order (biology) Interface (computing) System programming Website Right angle Cycle (graph theory) Quicksort Physical system Point (geometry) Slide rule Game controller Service (economics) Social software Open source Virtual machine Mathematical analysis Menu (computing) Heat transfer Twitter Term (mathematics) Hardy space Energy level Directed set Selectivity (electronic) Data structure Game controller Interface (computing) State of matter Database Domain-specific language Exclusive or Explosion Voting Local ring
Electric generator Rational number Distribution (mathematics) Code Projective plane Mathematical analysis Mathematical analysis Vector potential Webdesign Formal language Voting Iteration Website Cuboid Information
Group action Thread (computing) Code State of matter Graph (mathematics) Process modeling Domain-specific language Coma Berenices Function (mathematics) Formal language Direct numerical simulation Malware Radio-frequency identification Information Office suite Endliche Modelltheorie Website Physical system Area Software developer Web page Moment (mathematics) Open source Bit Flow separation Type theory Process (computing) Different (Kate Ryan album) Website Self-organization Right angle Ideal (ethics) Quicksort Reading (process) Geometry Web page Domain name Open source Virtual machine Webdesign Template (C++) Twitter Revision control Goodness of fit Computer hardware Representation (politics) Graph drawing output Computing platform Hydraulic jump Graph (mathematics) Interface (computing) Projective plane Information and communications technology State of matter Code Cartesian coordinate system Domain-specific language Template (C++) Sign (mathematics) Computing platform Office suite Routing Äquivalenzprinzip <Physik>
Inclusion map Computer icon Domain name Namespace Weight Website Bit Function (mathematics) Domain-specific language Resultant Spacetime
Web page Ocean current Machine vision Multiplication sign Coma Berenices Domain-specific language Arithmetic mean Website Speech synthesis Quicksort Freeware Physical system Form (programming) Physical system
Point (geometry) Greatest element Statistics Implementation Gradient Multiplication sign Cellular automaton Gradient Numbering scheme Port scanner Bit Skewness Function (mathematics) Demoscene Formal language Optical disc drive Goodness of fit Website Quicksort Figurate number Belegleser Relief Address space
Point (geometry) Group action State of matter Image registration Number Formal language Revision control Whiteboard Googol Energy level Information Physical system Dot product Transport Layer Security State of matter Total S.A. Domain-specific language Explosion Googol Voting System programming Website Whiteboard Resultant Local ring
Time zone Group action State of matter Image registration Image registration Formal language Revision control Web application Graphical user interface Voting Malware Voting Military operation Operator (mathematics) Website Speech synthesis Information Office suite Physical system Address space Physical system Vulnerability (computing) Self-organization
Email State of matter Gradient Image registration Parameter (computer programming) Mereology Formal language Malware Type theory Different (Kate Ryan album) Office suite Website Physical system Vulnerability (computing) Service (economics) Email Gradient Transport Layer Security Sound effect Bit Image registration Type theory Internet service provider Order (biology) Website Configuration space Right angle Quicksort Whiteboard Physical system Resultant Web page Sine Service (economics) Transport Layer Security Revision control Voting Goodness of fit Robotics Computer hardware Address space Dependent and independent variables Dot product Scaling (geometry) Weight Leak Voting Software Point cloud
Intel State of matter Gradient 1 (number) Combinational logic Domain-specific language Coma Berenices Web 2.0 Malware Information security Vulnerability (computing) Physical system Social class Cybersex Purchasing Intel Digitizing Transport Layer Security Open source Electronic mailing list Internet service provider Bit Digital library Type theory Internetworking System programming Website Encryption Quicksort Information security Point (geometry) Slide rule Implementation Open source Numerical digit Authentication Goodness of fit Internetworking Energy level Lie group Implementation Standard deviation Suite (music) State of matter Civil engineering Grass (card game) Domain-specific language System call Personal digital assistant Speech synthesis Video game
Web 2.0 Word Arithmetic mean Voting Scaling (geometry) Algebraic closure Hacker (term) Maxima and minima Maxima and minima Information security Field (computer science) Physical system
because everyone. democracy little rough and you know when the morning hero has a shot on freedom birds fish. lovett yes so you know i'm just franklin. in franklin you know we're going to talk about some of the like like online election high jinks that we've been seeing since twenty twelve and basically talk about our efforts to protect the twenty eighteen midterm elections will i basically be seeing some some type of squash. writing on like a large was well known to have a little figures political parties also take a look at malware inside of. the campaigns and state state election websites.
so this is a real important discovery murder on this this work really does not represent the opinions of our employers are this is personal work we do this on personal time working out of the basement he's working on the basement it is intended to the party of no stinking despite my. i do like colors. a blue one. now if only. so not doing that.
yes of this you know this is your typical voting machine it is something of folks have been spending a lot of really good time looking at in of estimating sensing your tooth thousand two thousand to we're not talking about these we are. going to be talking about the stuff that actually has been attacked for going to be taken a look at all the things survival ending. like the systems to make these things function. here's the agenda that will cover today we're going to talk about the history of our project it's been a labor of love for us will talk about the methodology of of how we do what we do we're going to spend some time trying to educate you and inform you about the elections infrastructure will look at some. results of some campaign analysis that we've done will look at some state results will look good results of scanning vendors on who will have some recommendations and will have some can conclusions of the very end. ok so on the slide i get a whole disorder.
it was a big deal for me so. i wanted to have a white hat how white top had but some cabin franklin yet and i'm just frank land and so i've been in the game since over for since i started in college i've been working with no election systems in some form or fashion ever sense i helped set up in. you know run in re pair of voting machines in the state of georgia for about six years five years on was in college and then moved to the u.s. election assistance commission where i am basically did testing and certification of voting systems and then i moved to the. national institute of standards and technology where i've been basically leading some of the cyber so a cure the aspects of the voting project where i have recently worked there and i'm not speaking for any of those folks and. in my background is i.t. have been ninety for about thirty years. my my history really isn't performance in optimization of code transactions per second think of it that way too early on i did some work with would like he did what nasa been in big data for about the last twenty years and i work for a financial institution a word for word. yeah the this one as this one hears man so what is election buster on getting getting terminology right is is often a very difficult thing we tend to overuse the word election buster it is a python application that we've written we called that election buster is also a software suite. that we've written that's called election buster and it's the project itself but everything that we do is to is all about protecting the u.s. election ecosystem. the scope of this scope is very large there are lots of candidates there there's tons of election officials many different voting system manufactures service providers the initial rest of of this effort started with trying to find think presidential sites and currently we're assessing. in different campaign infrastructure and the online state and local infrastructure. and we are identifying think sites for candidates paxson states.
yeah this all started in twenty twelve as a as a george mason project to go to hackers. you know this was just something that i needed a semester project for a thought it would be interesting to take a look at you know who is basically type was squatting on mitt romney and oh. and obama we were basically just hunt and peck typing trying to find various a fake sites a shout out to you know robert in matt who basically i were you know really in on the on the ground floor and we actually preez into our initial results. set schmuck on in fort in twenty fourteen after that we we release the first version of our code at besides the sea in twenty fifteen since then we've been basically collecting shuja amounts of data looking at all the infrastructure that we can. find and we were really focusing on basically having a no measurable impact for twenty eighteen and i i think that will see that we basically got there. our this is this is how we do our election buster work this is this is the way we do it what say we are interested in a specific office and analyzing that will attain a list of candidates for that are buying for that office. it will also get state election website said we may be interested in as well to process all of that through our election buster tool and we have another assessment tools integrating rubbery rubric that we use at the end on we do a lot of manual analysis we've automated allow. not have that we we we've thrown a lot out but they're still a time to do their been several nights where he said in the basement day and i paged through a thousand different result sir are web pages that night we went found on once we find issues we do attend to. the practice responsible disclosure and and then we sets were in vegas we are like rock stars like you guys didn't nine. yes so i know to basically bring down another level in the like top left with basically can. can it names which basically first same last name party office year in state that the candidates from within put that into election buster which and outputs results files and those re results files going to go into some phantom j s scripts those phantom g.s. scripts basically take pictures of those websites in. like in memory and the medieval crap kind of screenshots those screenshots the in need either manual analysis on but we are also implementing some fairly simple neural networks to basically take out some of the obvious things that we don't really need to look at things like part domains. at the same time we are getting tons of candidate websites alongside voter registration and state websites there are no lists for those out there so it's basically me watching thirteen marvel movies making those giant lists from within basically do who is look up says and then sent him through based the online. the purity of assessment tools that and then we take those rees rees all smiles and emmanuel re of you at. they're on and if i basically something fun really talking about here if not throw it on the pile and it's a giant pile yes so what's the sums are actually out there i like to think about it as basically being in three separate groups of those kind troll by some sort of the election official someone from the government to know these are just.
various a samples know you have abscam in touch screen systems ballot marking devices you have the poll books are basically check in voters' you have state election websites on and then you have voter registration systems with online interfaces you also have systems that our own in control. by candidates and those are basically going to be no canada in party websites and also all of the wired data bases where they're taking an information from a whole heck of a lot of different sources and then finally you have basically third party site stuff like packing suffer non profit so you know rock the vote that sort of stuff. this you know in for graphic what it's trying to really show here is basically how information flows from a new voter into various parts of the election system. others no three main ways about really say that you know no information leaves a voter here voluntarily give information to a candidate websites and parties know that's going to like first name party affiliation in money and that's no a you know that's a. that's a voluntary transfer of information that's what blue represents here and then candidate websites you know put that information into the campaign voter information data bases in the bottom left hand corner. order to vote you you must give information to your state or low. or locality and then that information is in pro by the to the state wide voter registration systems it is at it like that point there is something a little bit interesting there and that's basically campaigns can basically asked for information from the from the state wide voter registration system and then also. on the may have to pay for it but is like a in order to vote you like essentially have to give your personal information to these you know large candidates and parties on the right hand side basically have a whole different type of of information transaction and that's basically going to be voter selections the. stuff you put on ballots put into voting systems which you know ultimately get aggregated in tabulated in make their way to basically states like iowa state election websites. and for me it came as a surprise that we gather all this information and then we offered for sale are they gathered it for free or they gathered at the register you but than that it's offered for sale as someone who works in big date and news is very interested in that. yes so what sort of attacks happen in the twenty sixteen elections on this in a really helps to frame how we approach to this effort especially in the past two to two years we have a lot more detail in the back of our slides. so you can buy catch that later on but you know what we really sauce like i think summed up into one its slide is basically fishing of campaigns voting service in pro fighters in menu fractures alongside election officials we also saw typo squatting on campaign fund raising sites and then. hardy kind tractor controlled domains and so like basically you know whatever id company is basically helping some party we also saw social media mother population and this information when do anything with that is actually data breaches at the federal state and local levels of of you know. private data essentially and then we also side data breaches in canada and campaign systems and so basically you know if there was dated to be breached over the past couple of years it has at least happen once and one of them was here at death khan inside of the on you know but are hacking village in a big big. shout out to the to the voter hacking village right really cool if you haven't stopped by you should. they basically found a you know county the voter information databases essentially like on any public and it was just part of the voting machines that they got a a hold up and there is basically direct attacks on online voter registration systems and campaign in. the structure. and here's my campaigns one on one side. or for his mid term on our election cycle there are thousands of candidates that are running with scandal lot of with skin most of them but i'm sure that we've not scanned all of them on we've we've got it we got a ton of information. you know as you might expect most of these campaigns are are pretty small and these guys have little or no i.t. experience and then you have just the opposite of that the larger campaigns which might have a sophisticated staff and. a huge ninety staff we we did observe campaigns that are being around purely from facebook or twitter instruments nam chat and maybe that's what the future holds is hard or small campaigns like that or are cheap in their secure. maybe so. yeah back in twenty twelve years some of art you know if really early to twenty twelve findings and no the really big thing that we that we found was like a fake d.n.c. in fake are in see excepting donations. and then you know we also found a couple in infected political action committee sites where you can see here at the at the bottom is a screen shot from a google search breeze old called our country deserves better packed and i'm not sure if they really want to be selling my agra what they're trying to say. they are in a country need to get better at but on you know. so basically they have been compromised and they are basically actively hawking farmer pharma a pharmaceuticals this is no this is the fake d.n.c. site that we that we found at this point in time in twenty twelve the d.n.c. did not own democratic national committee dot org someone else did.
there was also a i know like an r n c corollary as well and this is a it's ok sites i mean he doesn't super look if she or on and on but there is a nice big make it go nation button there and those on from what we could tell they were actively taking contributions and. not passing along to the d.n.c. we reported this to the f.b.i. and they were no so subsequently taken taken down.
in two thousand fourteen that's that's really what i was brought under the project by josh the he brought me into to look at some of the code or to give him a hand with some analysis was really are first generation of election busters on we did find some interest in r.c.c. sites that. could potentially can use voters so you might be thinking that you're donating to a certain candidate but you really given to the other guys on we found that some of the candidates sites were more actively distributing mall where on we also found some leakage of of sensitive who is information and it did. it did highlight the need to focus on on our analysis yasmina us to do this looks to to be a pro and kirkpatrick website it's got great web design it's got to know very nice picture on a very large donate but murray that's like one eighth of the whole pages that.
but one donate button and but you know what you don't realize that is if you don't read that small black text you actually voting for her opponent and we saw twelve other sites like like these and there is a little box at the very very bottom of all the sites is had owned and operated by the national republican kind rational come. city. yeah and as we're really interesting.
we have we found another one here this is still gingrich think is his first name he was running for senate in georgia. his site was just basically did the stripping malware to anyone who happened to stop by and probably not the best way to get campaign contributions on this to you have a nice trapper there yet. we try to actually contact him over twitter to no avail on this or he first ran into you know responsible the disclosure being a big big problem in saying hey actually is kind of difficult to contact these folks and let them know that that is snow sort of stuff out there. in this is the output from our election buster application on its it's a direct the graph is on the representation here perhaps the text is very difficult for you to read the audience but at the center here you can see hillary's main site hillary for president dot com this is dated that we gathered on election day of two thousand. thousand sixteen i get that data inputted into our there's an eye graph package in our that's good for network diagrams mahmoud some of the some of the nodes around it are. job for president rubio two thousand eighteen on the walker got boat and. through sucks ok you got in my really well on the boy you can see is you can see how she is. i saw gambles on both sides but how she is squatting on the domain names of several of her competitors which is a common practice certainly not illegal. and here's one for down trump and the two thousand sixteen election he did the same thing or for someone to the same thing i don't know if it was that if he did this but jeb bush is being redirected to donald a trump. we have president cruise and we have jumped for president ted two thousand sixteen is going there as well. these are the fund wraps the draw. and this was really tiny so this is two thousand eighteen this is on middle of july of this past month on food. gillibrand for president route twenty twenty way the right shots lane on monday. and. i jump for the presence of friends of them. but not as exciting. area so here's where you know we've been doing this for a little while and we saw one of our biggest failures in our in our project i think that's ok it's you know you're good to take lessons learned but it was unfortunate this is such a big lessons learned moment so we took. election posture and made a a version of it made for packs on and like other in geo type organizations in the actually pointed it at act blue which is the primary funding platform for the new for the democratic party and what you would you like what. we do is if you're a candidate you basically take action to and you know in bed there with you in your site and you take money on your recent in tight minutes though from mahler show that when the foreign adversaries got into the d.n.c. and the c.c.c. systems they actually read. what did the main you know you are well on their website for act loot to act blues dot dot com we actually a month ago we found out that we had found act blues dot com in our searches back in twenty sixteen so. so while was going on fresh look at that site in the face with said the site looks reasonable it seems to have good web design there's nothing immediately eyes of the know who is information is normal and i seemed to be hosted in a different spot but no big deal a hardware. you know. and so we basically stared the stuff street in the face and twenty sixteen in did not realize it goes to show how hard the technician actually is. so far this year in two thousand eighteen are we took the python code that we had in the us by pointed out five and older. about seven and. and put into python three. the reading model that we were using in in the previous version is different than the process model that we're using now in the country so we also has a new variants of templates for packs. we included election websites and manufacturers websites we started correlating election buster data with open sourced read intelligence information and we started writing a version of evil your around dns twist and then realized there's something there already and we read. decided not to not to continue that development just take advantage of the good work that folks have already done and and utilize those tools. we did start looking for some homo graphic attacks. now you do and and said linda home and so when the coalmine he's a is someone running for state office in north carolina who since she was stage was generally a little bit under our radar should previously ran for lieutenant governor on i should. her old lieutenant governor domain had its coach trip from way back machine hurled the domain was actually purchased in someone named even on who suffer or even to seven saying around and i've been lucky as you say arriving group said. he left his name in the who is information there i'm we did a little bit of research is as a soon to be a fake name not necessarily politically motivated motivated on but you can see this is no lenders old on you know lou lieutenant governor the page story domain and page on this was linda for in see diet.
i'm in yellow there you can see something in french talking about purchasing pharma pharmaceuticals if you click donate you're not going to be offered an opportunity to donate her campaign going to be buying by agra that's the thread through this talk back. it was really really weird though on in some who is interfaces.
actually said the vine who said in you know this when it shows the basically a russian national. you know owns this domain we don't necessarily think this is politically motivated i just think that this person purchased us in was just trying to cast a wide net in selling their pharmaceuticals rupture.
you saw the results of the election buster output that i showed you before the graphs and on and i think some of the some of the intent was to say you need to be proactive and you need to protect your remaining space and you need to be you need to buy some. and domain names that are associated with your could be associated with you this guy carried it to the nth. the when a little nuts and he bought all of these names all around his his name space and i think it's great but but maybe it's a little bit overkill i think there's thirty seven websites there but now but that's cool to compete it be for congress.
comment. yes of. this is so this is a site that is no elect devin nunes dot com someone wasn't happy with him and made a nice tribute on you know obviously coated in the know sickle and hammering on. so if you scroll down here you would see a bunch of russian orientated no pictures with dead in some really decent photoshop second the site is still active wanted to visit your self there didn't seem to be anything wrong with that this is sort of an example of on the like a free speech issue this is necessarily illegal or you know by any means. in so we saw this time and time again folks really just wanted to. you know throughout the sorts of domains another one that we sought was. jill brand successor gillibrand sox dot dot com i think she's she's a democrat from new york and she had this system main purchased against her and it was really directed to the democratic socialists of america ph. when you know what it's like show some funny stuff from both sides they're here is carly fear.
a few arenas current page really nice looks a looks awesome nothing and nothing fishy here but then he found her old site for my two thousand is still going on all kind of campaign money you you get to purchase like i don't mean for twenty years and hosting for twenty years but its kind of it you know its kind.
interesting we saw tons of this candidates lee their old campaign website up for ever on i don't understand why it is it just kind of odd.
in salzburg a little bit about the congressional sites the to sticks on the stats are in a show include everyone running for senate that we could identify on all house incumbents are included in the stance we we included some of the race is that we need important. the there were too many candidates rest the to include in in some of this information on and likely there's some skewing towards incumbents. and a majority of these scans we took in june of this year we did rely on ballot pedia for pulling some of the candidate information. some of the just talk a little about some of these but i want us don't want to say that there's saw in this grading scheme there's an a plus a there's be as good. all the way down the tea enough and then there's no grade i wanted to put in after minus on the no grade by josh judge would let me put enough minus there but this is the output from our you know the online scanners that we are glad to mention because of licensing issues but looking at telus implementations and there's grades involved. you figure it out. yet so what's really great to mention here is that like you know over fifty percent of the folks in in the house you know over sixty percent have a score of be or better on this about thirty percent of the folks out there running for house on have either no teal s. or s. a cell. where they have a major search issue. we wanted it to trying to contact all these folks but it got really the time consuming really quickly to go to each other pages and look at the information there and find an e-mail address. they got to be really difficult if you look at the senate though tops house bottoms senate the senate there's so much better about eighty percent of folks just haven't a no four percent had some sort of issue we think that's because the u.s. senate campaigns are generally better funded and they are. yeah i mean numb i think that's just probably the answer that they're just better funded been around for six for six years if you look at some of the kind in gresham l.t. less implement patients from left to right we have no telus one point one point one one point two one point three and they know what you see is that on the.
the giant bar is the node total folks in the house who so ported that that version of the last in the tiny. bars the total number of people in the senate who so. that you know that version what you see is very small usage of the last one point three which just came out telus one going to do is awesome. most folks had he lost one point two fewer had at one point no even fewer had one point zero on the no one had s.s.l. just kind of interesting really wasn't expecting that.
let's look to the states on those states in local jurisdictions they also have website saying they host election websites as well bomb those election websites they provide information results and and they help register voters on the sites could be hosted by the sec. terry of state on the state board of elections are or some other third party group like club player google on the overwhelming majority are use a dot gov top level domain others use a diet us or dot org deal the. about half of the voter registration systems they the move from dot gov to diet you as sir dot org just not sure why it's there is a little low chaotic there. his own.
i remain just as this is what one of those voter registration systems look like honestly there just a web app from the minute you know base to put information about who you are they basically knowledge based on a on occasion going on and this is how you register to vote in thirty seven out of fifty six states and territories.
speaking of the fifty six states and territories american so the mower is not like. unincorporated u.s. territory. actually run separate dot gulf in dot org sites which is fairly common we don't know why maybe the older dot org site gets kept alive understand i'm just i'm really unclear as to why that happens they were using drupal and they were on basically affected by a group of vulnerability. as you do and they actually were do you were distributing now where to all the folks who came to their site it was something that we you know contact them. about there's a big time difference there obviously i'm actually call them up there were a one person i t operation and i they tried to fix it and then it kept coming back. it ended up being that you could only get the malware version other side he came from the outside of the us which is really strange i don't quite understand what's going on there may be the new about us and or something i've no idea something was going on there. this is what the you know affected website look like you can see the chrome address bar in the top you know the top left saying this is this is dangerous and so this was no american samoa election office dot org is the website here and thence this stuff sir to get weird when we were reviewing everything from.
this taught the sort of realize that american samoa election office dot org was mentioned in the leak in us a reality when are many memo in that. in that memo talked about for an adversary sending malware to effect of the american samoa election office systems. really weird when they were the only election office that we found i was actively hosting malware. although strange we do believe this to be coincidental on partially the has just seems to be a random drupal lawn that was acts like exploited and the fact that you have to come from outside of the us in order to get the page but we're not quite sure. ok so there are voter registration systems and then there are still part of election websites and put those in the two different buckets the host two different types of information very very different to sin city the of the information there. so the voter registration site grades you know ever and heard about these systems being under attack over the past two years. what's really great news is that an overwhelming mussa jordi got over a score of be or better at awesome you know. it's really really sweet we did have to sit on their and we had a c. as well as as well known we think this is really cool information to have because it's sort of like a measurable thing that folks can be no graded against in the future to see if are getting better worst what have you. when we contacted the first half a state there they fixed it immediately they're extremely happy to get that information they're like worry you know cybersecurity is really in port and to us aman they fix that a.s.a.p. the other sea and the end of the other f. on it was little more complicated. we are two guys coming from node e-mail addresses so that doesn't look awesome it's probably a good thing that they were really worried and you know on on guard against people fishing them on but it took over a month to get a rather sponsor in the only way that we were able. to get a response was to go through back in channels will sort of talk about how to improve that later on all these are all thinks now which dope. yes the h s t s use inside a voter registered voter registration systems we saw on that not a lot of folks only about twenty five percent of the our systems had a just yes this is h.t.t.p. strict transports or so the purity and this basically can help stop men in the middle attacks when you're you know initially re. the requesting the h t t p version of a page versus an h t t p s version of the page no one was on the h t t start was on the h s t s preload less jenny think that would be a really great thing for voter registration systems to basically sign up for ten minutes to the show starts.
i wasn't all that reference. voter registration boehner a vulnerability there was no partly there were no poodle and we did see some robot we had difficulty parsing those results for some reason so they're not displayed here beast was a fairly common occurrence their there are a member states to have that in there at the biggest issue. if we want to see if we get that sorted and in cleaned up. you didn't know alcan most are so election sites typically i states have on a scale. the apartment of state site or a secretary of state site they might also have a state board of elections site they might just have a voter registration site to tell you where to go register to vote in to lead you to their voter registration system and they might also have our results site so you can imagine results dot pencil talk he got tough. on about twenty percent of the folks know the sites that we took a look at had some critical issue typically just nine days in feel less or having a searcher with a couple hundred sites which is a little bit weird aam that was sort of like a cloud this configuration issue we think slogan that come. that come plea sorted i think the only way you know initially we were sort of being told by states that they don't need to have t l s on their websites on it wasn't until that we said this doesn't just pro tech to you this actually pro-tax your voters as well that we started to his. see that that arguments seem to have some weight with them. and all these are quite sorted yet but we're working to get this sorted. these the these sites will get older they were a little bit worse off robot was also in about half probably beast was in half and was also poodle no one had hardly again which is awesome that's a great news people should be saying good things when we have good news right everything is not on fire. and there. so it turns out that under sites and the others have websites to so these are the people who might produce on some of the software or some of the hardware. might be some voting system resellers and it could be voter registration benders are voting service providers.
and. we we saw some failures here is well we did contact the vendors good news here is we did contact the vendors and they were able to address everything pretty pretty quickly for one simple one kind of a crappy with me. it's sort of turned into a this is not a vulnerability don't call this a vulnerability your vulnerability type type type issue. i was like listen i don't i don't care fix it fix it. they were like don't ever talk about this to anyone i'm so so we're not saying anything yet if. and i think we are where the recommendations. seven this level got this case the recommendations to camp pains you know be aware what you click everyone already knows this you know to factor for off even on personal account some i think the campaign's definitely know this now. but you know here's a big one that still isn't really. addressed if we're going to run a website you need to basically defensively typo squat on your own name you just definitely need to we have a basically a a giant list of of ones that you should purchase on in the back that we saw as being most common if you want these sites. sorry if you want the slide you can go to donald j. trump that vote. and so. seriously so if you're basically using the trust the digital cert please you know the last one point two or better strong showing site or sweets i use a chest yes especially if you're a long term in combined. get on that preload lest i consider evie certs work with i s p's an f.b.i. for domain take take downs and run speech no free no assessment tools on your own domain. four states again to have to factor off. the specially with your personal devices password hygiene all that. i purchased common domains like register pencil techie dot com because folks are out there and they're going to be doing a that you know that sort of stuff i'm maintain a trust that certain this was a big issue states just did naturist that search use t l s m that's a really reasonable baseline. web thing get on the h s t s preload less is free it is one sheet of paper online you have to fill out if you don't have a diet of sight please get out of sight because that was a big issue does anyone know the dome the domain to get a doctor of sight. gov blagojevich yak. well played. so. yet the i sat in the h s out there to basically help with that intel and remediate shun run open source tools against your own domain don't just trust other other folks but you know do get outside assessments that them first and make it easy to contact you is extremely difficult for someone in this room to contact. an election official about some sort of on in their site. also. but big new international standard out there and you can get basic talks about the best ways to make yourself available i think stage definite take a look at that standard. so you something like surrogate cured yet pencil took he died or alert a pencil talkie dot dot gov. you know the aftermath zero sites with s.s.l. zero home a grass which is very interesting we expected that as a lot of h t t p we had two big be our systems with a great effort with a great of sea bass the contact the campaigns and vendors about all sorts of issues and we contacted all and work with some states affected by. you know likely type of squats. this is a specialist domains pour the last implementation known vaughan's interest that certain the malware actively on their on the site little bit of you know some thoughts on the u.s. cyber security posture in the next two minutes of the situation is in proving it are still some commonsense ways to make things better.
states are getting some monetary assistance from congress. you know when you more of that the whole community is responding the a center for internet search cure the really stand no election focused handbook on cyber sir hugh the elections the a center for democracy and technology in the center for technology in civic life which basically work together to. make no classes for four election officials to learn cyber so to hear the basics and then the defunding digital democracy effort is no focusing on campaign cyber out of jail for center and in harvard last lied.
we need to continue defending our elections we need to do more better at larger scale and faster so we assess the bare minimum of web so so a cutie what was legal we honestly think we should know found what we know what we found. it is difficult to talk with election officials about some of the stuff aam but that doesn't mean that it's not work that responsible the closure is very important in the field of elections especially when folks are actively using these systems to run elections and listen if you don't vote you're helping the. hackers new year old them only making the system morse in my. opinion all this can be done by ordinary citizens all you know all of you all can actually help to write and if you want to help get involved work the polls folks really really need you like to woo like the word had little do so for a copy of everything you can also go to please go vote. thank you so much everyone. he said.