Think about this story being published four years from now with the National Research Council being replaced by the words City of Thunder Bay Online Voting Results Tabulating.
What do you do if, after the election has come and gone, it is found that the computer system that tabulates the online voting results was hacked? The security was compromised? What do you do?
Online voting is a very bad idea. Yes, some jurisdictions are using online voting BUT, security is still a very big issue. Something that needs to be discussed BEFORE a problem arises.
There is no such thing as a secure computer network. Not a network that is connected to the internet anyway. Previous post here.
Chinese hackers installed malware on National Research Council computers
By Jim Bronskill — CP — Dec 13 2014
OTTAWA – Chinese hackers used tempting emails, malware and password theft to worm their way into National Research Council computers in pursuit of valuable scientific and trade secrets, a newly released federal analysis reveals
The attack, which prompted a shutdown of the government research council’s computer network in July, relied on textbook moves commonly seen in state-sponsored digital assaults, says the case study by the Canadian Cyber Incident Response Centre.
Highly skilled perpetrators used complex techniques to infiltrate the council and “establish a foothold” within its networks, says the study, released under the Access to Information Act.
Portions of the document remain secret because they deal with computer-system vulnerabilities or methods used to protect networks.
The council carries out advanced research — often with outside partners — in fields including aerospace, health, mining and physics.
Government officials publicly confirmed the attack in late July and took the unusual step of openly blaming the intrusion on a highly sophisticated, Chinese state-sponsored player. Beijing has denied involvement, accusing Canada of making irresponsible charges.
The cyber response centre’s report details the “exploitation cycle” of the attack, saying it began with the collection of valid email addresses for research council employees. Messages containing malicious links were then sent to the employees’ inboxes — a tactic known as spear phishing.
Those who unwittingly clicked on the innocent-looking links set the next phase in motion by leading them to what cyber-sleuths call a “watering hole website” — a site of likely interest to people working in a specific organization or industry.
“In this case, malware was downloaded onto the victims’ system after users, using a vulnerable version of Internet Explorer, visited compromised websites,” the report says.
Installation of the malware then allowed the hackers to set about stealing credentials such as usernames and passwords, the keys to the corporate network. This allowed the hackers to connect the compromised research council system to their computers abroad.
“The apparent objective of this activity is the theft of intellectual property, trade secrets, and other sensitive or proprietary information,” the centre’s report says.
However, the report does not say what if any secrets were stolen, perhaps because it was written while officials were still assessing the damage.
At the time, the federal privacy commissioner’s office said the hackers had infiltrated a system containing personal information.
Despite the exposure of personal data, the commissioner’s office said last month it had not received any complaints.
“It is also unclear as to whether any personal information has been compromised,” said Tobi Cohen, a spokeswoman for the privacy commissioner.
“We are satisfied that the organization took appropriate steps to notify employees and other parties about the cyber-intrusion and that efforts are underway to update (information technology) systems and security procedures to prevent this from happening again,” she added.
“At present, our review of the incident is complete. However, this does not preclude us from investigating should we receive a complaint or should new information come to light.
“Following the breach, the cyber incident response centre distributed two technical notices to increase awareness of telltale signs associated with the malicious activity.
It has also recommended steps to detect, respond to and recover from these threats.
However, given the success of such cyber-operations, the centre “expects that these types of attacks will continue,” the report says.”Most often, attacks of this type are detected by diligent and well-informed users,” the centre adds, calling for better education about the risks.
“Organizations and users are encouraged to be cautious when receiving emails that contain suspicious attachments or links.”