Photo: Thomas Trutschel/Photothek via Getty Images
Three of every 10 candidates running for the U.S. House of Representatives have websites with significant security vulnerabilities, according to research unveiled at cybersecurity conference DEF CON this weekend, per Reuters.
The big picture: Campaigns don't benefit from the kind of federal assistance that states are receiving from Congress to handle election security, and candidates often run on tight budgets and can't always pay for cybersecurity expertise.
- There are a few free services available to campaigns to help protect against attacks that can flood sites with too much traffic and force them to shut down, including offerings from Cloudflare and Google-owned Jigsaw.
- Otherwise, they can contact party officials when they suspect they've been targeted, or work with nonprofit groups such as the Defending Digital Democracy Project (D3P) at Harvard. That, or they can hope to have volunteers on board with cyber know-how.
Why it matters: Director of national intelligence Dan Coats has warned that Russian hackers are targeting both candidates and government officials. Midterms are less than 100 days away.
- The researchers found problems with websites’ digital certificates that are supposed to verify secure connections.
- Vulnerabilities were found for Democrats and Republicans alike.
- The researchers said they are working to contact all the candidates implicated so they can better secure their websites.
- The group also found several websites built to trick users by changing just a few letters of candidates’ names. The tactic can be used to build fronts for spearphishing campaigns.
- Joshua Franklin, who used to work at the U.S. Commerce Department’s National Institutes for Standards and Technology and who led the research team, used automated scans and test programs to identify vulnerabilities.