election hacking | Breaking Cybersecurity News | The Hacker News

The U.S. government on Thursday  unsealed  an indictment that accused two Iranian nationals of their involvement in cyber-enabled disinformation and threat campaign orchestrated to interfere in the 2020 presidential elections by gaining access to confidential voter information from at least one state election website. The two defendants in question — Seyyed Mohammad Hosein Musa Kazemi , 24, and Sajjad Kazemi , 27 — have been  charged  with conspiracy to commit computer fraud and abuse, intimidate voters, and transmit interstate threats, voter intimidation, transmission of interstate threats, with Kazemi additionally charged with unauthorized computer intrusion. Both the individuals are  currently at large . The influence campaign's goal was to erode confidence in the integrity of the U.S. electoral system and to sow discord among Americans, the Department of Justice (DoJ) said in a statement, characterizing the two individuals as "experienced Iran-based computer hackers&qu

An election campaigning website operated by Likud―the ruling political party of Israeli Prime Minister Benjamin Netanyahu―inadvertently exposed personal information of all 6.5 million eligible Israeli voters on the Internet, just three weeks before the country is going to have a legislative election. In Israel, all political parties receive personal details of voters before the election, which they can't share with any third party and are responsible for protecting the privacy of their citizens and erasing it after the elections are over. Reportedly, Likud shared the entire voter registry with Feed-b, a software development company, who then uploaded it a website (elector.co.il) designed to promote the voting management app called 'Elector.' According to Ran Bar-Zik , a web security researcher who disclosed the issue, the voters' data was not leaked using any security vulnerability in the Elector app; instead, the incident occurred due to negligence by the softw

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Fair elections are the lifelines of democracy, but in recent years election hacking has become a hot topic worldwide. Whether it's American voting machines during the 2016 presidential election or India's EVMs during 2014 general elections, the integrity, transparency, and security of electronic voting machines remained questionable, leaving a wound in the minds of many that is difficult to heal. Many countries, including the largest democracy in the world i.e., India, believe the best way to ensure the security of EVMs is to make its technology opaque to bad actors, but in recent years a large section of the population is losing trust in any system that has been certified by a closed group of experts only. To make a balance between transparency and security, in May 2019, Microsoft released a free, open-source software development kit (SDK) called ElectionGuard that aims to enable end-to-end verification of voting. Microsoft's ElectionGuard SDK can be integra

A former NSA contractor, who pleaded guilty to leaking a classified report on Russian hacking of the 2016 U.S. presidential election to an online news outlet last year, has been sentenced to five years and three months in prison. Reality Winner , a 26-year-old Georgia woman who held a top-secret security clearance and worked as a government contractor in Georgia with Pluribus International, initially faced 10 years in prison and a $250,000 fine. However, in the U.S. District Court in Augusta, Georgia on Thursday, Winner agreed to a plea agreement that called for five years and three months in prison with three years of supervision after release. Back in May 2017, Winner printed out a top-secret document detailing about the Russian hacking into U.S. voting systems, smuggled the report out of the agency in her underwear, and then mailed it anonymously to The Intercept. The Intercept, an online publication that has been publishing classified NSA documents leaked by Edward Snow

Microsoft claims to have uncovered another new Russian hacking attempts targeting United States' Senate and conservative think tanks ahead of the 2018 midterm elections. The tech giant said Tuesday that the APT28 hacking group—also known as Strontium, Fancy Bear , Sofacy, Sednit, and Pawn Storm, which is believed to be tied to the Russian government—created at least six fake websites related to US Senate and conservative organizations to trick its visitors and hack into their computers. Three fake web domains were intended to look as if they belonged to the U.S. Senate, while one non-political website spoofed Microsoft's own online products. The two other phony websites were designed to mimic two U.S. conservative organizations: The Hudson Institute — a conservative Washington think tank hosting extended discussions on topics including cybersecurity, among other important activities. The International Republican Institute (IRI) — a nonprofit group that promotes

Microsoft said it detected and helped the US government to block Russian hacking attempts against at least three congressional candidates this year, a Microsoft executive revealed speaking at the Aspen Security Forum today. Although the company refused to name the targets but said, the three candidates were "people who, because of their positions, might have been interesting targets from an espionage standpoint as well as an election disruption standpoint." According to the company, the Russian hackers targeted the candidates' staffers with phishing attacks, redirecting them to a fake Microsoft website, in an attempt to steal their credentials. "Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks," said Tom Burt, Microsoft's vice president for customer security. "And we saw metadata that suggested those phishing attacks were being directed at three candidates who are all sta

The United States Department of Justice has reportedly gathered enough evidence to charge at least six Russian government officials for allegedly playing a role in hacking DNC systems and leaking information during the 2016 presidential race. Earlier this year, US intelligence agencies concluded that the Russian government was behind the hack and expose of the Democratic National Committee (DNC) emails in order to influence the 2016 presidential election in Donald Trump's favour. Now, citing people familiar with the investigation, the Wall Street Journal reported on Thursday that United States federal prosecutors could bring charges against the alleged unnamed Russian officials early next year. The US federal intelligence investigators also believe that "dozens" of other Russian officials may have also participated in the DNC hack, which was allegedly ordered by Russian President Vladimir Putin himself. However, both Putin and Russian government officials ha

Germany's democracy is in danger, as the upcoming federal elections in the country, where nearly 61.5 million citizens are going to vote on September 24th, could be hijacked. Hackers have disclosed how to hack the German voting software to tamper with votes and alter the outcome of an election. Yes, election hacking is no theory—it is happening. A team of researchers from German hacking group Chaos Computer Club (CCC) has discovered several critical vulnerabilities in PC-Wahl—software used to capture, tabulate and transfer the votes from local polling centres to the state level during all parliamentary elections for decades. According to the CCC analysis, vulnerabilities could lead to multiple practicable attack scenarios that eventually allow malicious agents in the electoral office to change total vote counts. Critical Flaws Found In German Voting-Software The hacker collective found that the automatic software update module of PC-Wahl downloads packages over in

Image Credit: @tjhorner Today, election hacking is not just about hacking voting machines, rather it now also includes hacking and leaking dirty secrets of the targeted political parties—and there won't be a perfect example than the last year's US presidential election . But, in countries like America, even hacking electronic voting machines is possible—that too, in a matter of minutes. Several hackers reportedly managed to hack into multiple United States voting machines in a relatively short period—in some cases within minutes, and in other within a few hours—at Def Con cybersecurity conference held in Las Vegas this week. Citing the concern of people with the integrity and security of American elections , for the first time, Def Con hosted a " Voting Machine Village " event, where tech-savvy attendees tried to hack some systems and help catch vulnerabilities. Voting Machine Village provided 30 different pieces of voting equipment used in American election

Information on more than 198 Million United States citizens, that's over 60% of the US population, was exposed in what's believed to be the largest ever known exposure of voter-related to date. This blunder was caused by Deep Root Analytics (DRA) , a data analytics firm employed by the US Republican National Committee (RNC), who "mistakenly" left sensitive personal details of more than 198 million US voters exposed on an unsecured Amazon S3 server. Chris Vickery, a security researcher at UpGuard, who discovered the exposed database said anyone could have downloaded more than a Terabytes of files containing voters data without the need for any password from the Amazon S3 server maintained by DRA. Vickery is the same security researcher who discovered over 191 million voter records stored in an unsecured database in late 2015. In April, Vickey also reported information on 93 million Mexican voters. Vickery discovered the exposed databases on June 12, which

The FBI arrested a 25-year-old NSA contractor on Saturday (3rd June) for leaking classified information to an online news outlet which published its report yesterday (5th June) — meaning the arrest was made two days before the actual disclosure went online. Reality Leigh Winner , who held a top-secret security clearance and worked as a government contractor in Georgia with Pluribus International, was arrested from her home in Augusta on charges involving the leak of top-secret NSA files to 'The Intercept,' an online publication that has been publishing NSA documents leaked by Edward Snowden since 2014. The Intercept published a report on Monday, 5th June, based upon a classified document it received anonymously, which claims in August 2016, Russia's military intelligence agency "executed a cyber attack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials days before [the] election." The

President Donald Trump has abruptly fired James Comey, the director of the Federal Bureau of Investigation (FBI) who was leading an investigation into alleged links between Trump and Russia. The White House announced on Tuesday that Comey was fired on the "clear recommendation" of Deputy Attorney General Rod Rosenstein and Attorney General Jeff Sessions, citing the reason that he was no longer able to lead the bureau effectively. "While I greatly appreciate you informing me, on three separate occasions, that I am not under investigation, I nevertheless concur with the judgment of the Department of Justice that you are not able to effectively lead the Bureau," Trump wrote in a termination letter to Comey. Later a memo from the US deputy attorney general Rod Rosenstein explained that Comey was fired as director of the FBI over mishandling of the inquiry into Hillary Clinton's emails, including his decision to close this investigation without prosecution .

Update (Tuesday, April 11):  The arrest of a Russian man in Spain was apparently for his role in Kelihos botnet responsible for sending hundreds of millions of spam emails worldwide. A Russian computer hacker and alleged spam kingpin was arrested in Barcelona, Spain, on Friday reportedly over suspicion of being involved in hacking attacks linked to alleged interference in last year's United States presidential election process . 36-year-old Peter Yuryevich Levashov  from St. Petersburg was detained by police in Barcelona after US authorities issued an international arrest warrant for his arrest. While the Russian embassy in Madrid announced Levashov's arrest on Sunday, it did not confirm the reason for his arrest. This is the second arrest made by the Spanish authorities since the US 2016 election. In January, the police detained Stanislav Lisov , 32, on suspicion of creating and operating the NeverQuest Banking Trojan and possibly influencing the presidential elec

It's just two weeks into the Trump presidency, but his decisions have caused utter chaos around the country. One such order signed by the president was banning both refugees and visa holders from seven Muslim-majority countries (Iraq, Iran, Libya, Yemen, Somalia, Syria, and Sudan) from entering the United States, resulting in unexpectedly arrest of some travelers at airports. Now, it seems like some anti-Trump protesters have publically declared their fight against the president by exploiting a known flaw in low power FM (LPFM) radio transmitters to play a song the radio stations didn't intend to broadcast. Radio stations in South Carolina, Indiana, Texas, Tennessee and Kentucky, were hacked recently to broadcast the Bompton-based rapper YG and Nipsey Hussle's anti-Trump song " Fuck Donald Trump ," which was already a radio hit in some parts of the country last year, several sources report. The song was repeatedly played on Monday night, according to the R

The United States has expelled 35 Russian spies in response to Russia's alleged interference in last month's presidential election, further escalating tensions between the countries. The US state department has declared 35 diplomatic intelligence officials from the Russian embassy in Washington DC and the consulate in San Francisco "persona non grata," giving them and their families 72 hours to leave the country. President Barack Obama has also announced the closing of two Russian compounds, in New York and Maryland, used by the Russian officials for intelligence-gathering, from noon on Friday. "I have sanctioned nine entities and individuals: the GRU and the FSB, two Russian intelligence services; four individual officers of the GRU; and three companies that provided material support to the GRU's cyber operations," President Obama said in a statement . "In addition, the Secretary of the Treasury is designating two Russian individuals for

A group of unknown hackers or an individual hacker may have breached voter registration databases for election systems in at least two US states, according to the FBI, who found evidence during an investigation this month. Although any intrusion in the state voting system has not been reported, the FBI is currently investigating the cyberattacks on the official websites for voter registration system in both Illinois and Arizona, said Yahoo News . The FBI's Cyber Division released a " Flash Alert " to election offices and officials across the United States, asking them to watch out for any potential intrusions and take better security precautions. "In late June 2016, an unknown actor scanned a state's Board of Election website for vulnerabilities using Acunetix, and after identifying a Structured Query Language (SQL) injection (SQLi) vulnerability, used SQLmap to target the state website," the FBI alert reads. "The majority of the data exfiltr

A security researcher responsibly disclosed vulnerabilities in the poorly secured web domains of a Florida county elections, but he ended up in handcuffs on criminal hacking charges and jailed for six hours Wednesday. Security researcher David Michael Levin, 31, of Estero, Florida was charged with three counts of gaining unauthorized access to a computer, network, or electronic instrument. On 19 December last year, Levin tested the security of Lee County website and found a critical SQL injection vulnerability in it, which allowed him to access site's database, including username and password. Levin was reportedly using a free SQL testing software called Havij for testing SQL vulnerabilities on the state elections website. According to Levin, he responsibly reported vulnerabilities to the respective authorities and helped them to patch all loopholes in the elections website. Video Demonstration of the Elections Website Hack Meanwhile, Levin demonstrates his finding via