Data Sheet—Saturday, November 5, 2016
When it comes to cyber-security and Tuesday’s election, “God protects idiots, children, and the United States.” That’s a variation of a quote by Bismarck put forth by former NASDAQ CISO Mark Graff at a recent event to defuse fears that the election will be swayed by cyber-attacks on US voting machines.
He has a point. While there is no shortage of stories (many of them pumped up by security consultants) about hacks on voting machines, the threat is mostly theoretical since the U.S. votes in such a heterogeneous way—different states and counties all have different machines and methods, including some paper only polls, that would make it very hard to pull off a large scale hack.
But more importantly, according to Graff, the 11 swing states that will decide the election do not use voting methods that can be compromised by hackers—such as voting machines with no paper trial. Meanwhile, at least 48 states have taken up an offer by Homeland Security for help in tightening up their cyber-security.
So breathe easy when it comes to the technical integrity of the country’s polling booths. Alas, that doesn’t mean the country’s political system is safe from cyber havoc—far from it.
If you want to worry, be wary of hacks on America’s media outlets—which are a likely election day target—and appear ill-prepared for a major cyber-attack. And more broadly, worry that those around you may succumb to dezinformatsiya, which is the Russians’ name for their system of trolls, lies, and weaponized information that seeks to confuse and discredit democracy.
But we trust our readers are smarter than that, and are people who cherish their opportunity—which those in Russia and China don’t have—to vote in democratic elections. So, if you’re American, go out there and do your civic duty on Tuesday.
Thanks as always for reading—as usual you’ll find some fun fintech nuggets and other tidbits below. Robert and I will be back next week when all this craziness is over.
Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett can be reached via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.
Department of Chromeland Security. Yup, that's what they call it. The team of bad-ass ladies who crusade for Chrome security keep on naming and shaming sites that fail to implement HTTPS, and are going to ramp up those efforts even more in 2017. (Wired)
Mirai mashes Liberia? Not so fast. The zombie army known as Mirai is still on the march. In a new twist, hackers directed Mirai (a botnet of captured Internet of things devices) to attack the infrastructure of Liberia. Hacker News and others said the attack knocked the whole country off-line, but Brian Krebs has doubts. (Krebs on Security)
Blockchain is a bust. Well sort of. We went to a blockchain-for-bankers panel this week, and the vibe was definitely different than what you hear among fintech fanatics. This crowd was quick to pour cold water on the hoopla and "hype cycle" that prevailed a year ago—but they also said real use cases are finally emerging. (Fortune)
Pay me my bug bounty! You know how we at Fortune feel about bug bounties—we love 'em. But we should add they work best when companies honor their promise to pay. Encrypted messaging service Wickr caught some flak for allegedly stiffing those who supplied security tips. (SecurityWeek)
Hey, Microsoft, your bugs are showing... Is it good or bad etiquette to talk about someone's poor habits? We know how Google feels. The company again called out its rival for sloppy security practices, telling the world about an "actively exploited" zero day bug. Microsoft came clean the next day—and blamed the Russians. (Fortune, Fortune)
Oh, and did you hear the FBI says it will take two weeks to separate those emails? It's hard to disagree with the Anonymous person who said "Somebody could have written a script for this in 15 minutes after smoking a joint."
Share today's Data Sheet with a friend:
Looking for previous Data Sheets? Click here.
Watch out for security reporting that is sensationalist or flat-out wrong. A Slate story this week about a secret server linking Trump and Moscow is a case in point, as Fortune explains:
The introduction to the piece sets up the reader for a damning exposé showing Donald Trump in secret communication with Russia over a computer server, presumably operated by one of the businessman’s hotels ...
In this case, the Slate story by Franklin Foer has taken a number of fatal bullets by actual cybersecurity experts, but it’s worth adding one more quick explanation of why the publication got it so wrong. Read more on Fortune.com
Light Bulbs Flash "SOS" in Scary Internet of Things Attack by Jeff John Roberts
NSA-Hacking 'Shadow Brokers' Reveal Spy-Penetrated Networks by Robert Hackett
Fintech Startup Ripple Just Named a New CEO by Robert Hackett
ONE MORE THING
America's dumbest hacking criminals. If you have the skills to tamper with accounts at JP Morgan and the US government, you've obviously got some hacker savvy. But that will do little good if you're too dim to change your name and email address when you commit the crimes. (The Registrar)