Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Operations

Published byLaurel Scott Modified over 6 years ago

Similar presentations

Presentation on theme: "Information Operations"— Presentation transcript:

1 Information Operations
Steven M. Bellovin, Jason Healey, Matt Waxman Fall 2017

2 Information Operations
Attack someone using information—bits Sometimes, it’s propaganda Other times, it’s hacking During the 2016 election campaign, Russia did both of these and more cybersec

3 Hacking cybersec

4 The DNC “Someone”—the US intelligence community says, with high confidence, that it was Russia—hacked a Democratic National Committee server. They also hacked John Podesta’s . These were strategically leaked by “Guccifer 2.0” Some “leaked” documents purporting to be from the Clinton Foundation were from elsewhere or were forgeries cybersec

5 Wikileaks On October 7 at 4:00pm, the Washington Post broke the story about the Access Hollywood tape Two hours later, Wikileaks published 2,000 of John Podesta’s stolen s Clinton: “And I've no doubt in my mind that there was some communication if not coordination to drop those the first time in response to the Hollywood Access tape.” cybersec

6 Podesta’s Email Podesta received an email like this
His sysadmin said it was legit Apparently, he meant to say “not legit” The link goes to a bit.ly address The attackers didn’t secure their bitly acount… cybersec

7 Looks Legit at First Glance
cybersec

8 The Actual Hostname cybersec

9 Who Did It? Both the IC and many private security firms attributed the attack to Russia Two different hacking groups involved “Cozy Bear” (AKA APT29): the FSB and/or SVR “Fancy Bear” (APT28): the GRU cybersec

10 Election Systems Elections are composed of many different pieces
Voting machines Vote-counting computers Registration computers Electronic poll books Many more (e.g., online system to check registration status) cybersec

11 Photo courtesy Alex Halderman
Voting Machines Every independent audit has shown that computerized voting machines are very insecure It’s possible for attackers to completely replace the software Don’t forget lifecycle issues Photo courtesy Alex Halderman cybersec

12 Voting Machine Storage Before an Election
Photos courtesy Ed Felten cybersec

13 And There are Ordinary Bugs
The per-candidate totals show 84 Democratic votes and 22 Republican votes The ballot selection totals show 83 Democratic votes and 22 Republican votes Huh? cybersec

14 Paper Audit Trails Most—but not all—states now use voting machines that provide paper audit trails Few voters check the paper ballot for accuracy Some, like New York, use machine-scanned paper ballots But there are few, if any, proper audits Rhode Island and Colorado will conduct “risk-limiting audits” in the future cybersec

15 Vote-Counting Software
Bernalillo County, NM: in-person voters used DRE machines; absentee ballots used optical mark cards On Election Day in 2000, the absentee ballots appeared to go for Gore That was odd—in that jurisdiction, absentee ballots tend to skew GOP The problem: the counting program didn’t handle the “straight ticket” option properly The elections supervisor: the software was buggy The vendor: he programmed it incorrectly cybersec

16 Registration Databases
Registration databases—sometimes run by the state—are fairly complex pieces of software They often have online connectivity Upload/download from counties Let voters check their status If you’re not listed, you can’t vote… cybersec

17 Enter the Russians Voting machines are hackable—but they’re not good targets There are more than 3,000 counties in the US; most run their own voting systems There are many different types of voting machines, and most (usually) aren’t on the Internet But—what about the registration database? What about the poll books? cybersec

18 Enter the Russians DHS says that Russia probed the election systems of many different states The exact number is in dispute Were they adding voters? Deleting voters? Stealing information? Durham County, NC had electronic poll book problems— some suspect hacking, though this is hotly disputed cybersec

19 What Did Hacking Accomplish?
The release of the stolen s seems to have had some effect, though the extent isn’t clear They certainly were a distraction No credible evidence of actual attacks on voting machines It remains unclear what the purpose or effect was of registration database probes cybersec

20 And What Do We Do About It?
cybersec

21 Propaganda 2.0 cybersec

22 Take much of this with many grains of salt!
Social Media The Russians clearly used social media in an attempt to meddle with the election The stories are often vague and contradictory, and sometimes downright weird This is a moving target; there’s more news every day Did they really use Pokémon Go to fan racial unrest? Did they really tell their operatives to watch “House of Cards” to understand American politics? Take much of this with many grains of salt! cybersec

23 Tactics Use of Facebook, Twitter, and Google
Others? Bots, to post things, drive up follower counts, repost The exact number is subject to dispute Ads Bloggers; fake news Perhaps offering the Trump campaign damaging information about Clinton “Kompromat” on Trump? cybersec

24 Distraction? Create enough fake news and/or dubious news and/or targeted news to drown out the real stuff Goal: leave people uncertain where to go for reliable information cybersec

25 Russian Goals Defeat Clinton Weaken the US
Some stories claim that Putin hates her for her actions while Secretary of State Weaken the US Create or fan dissension Backed: Black Lives Matter; far right groups; Sanders; Stein Or so some stories claim Create doubts about the legitimacy of the election Weaken US allies, especially NATO cybersec

26 Targeting Stealing voter rolls from state election sites?
Cambridge Analytica? (per vox.com) Internet Research Agency, in St. Petersburg? Machine learning from Twitter feeds? Geographical targeting, e.g., swing states cybersec

27 Are They Going Elsewhere?
Some reports allege links to the Brexit campaign Fake news in France, just before the election Germany? Elsewhere? cybersec

28 And What Do We Do About It?
cybersec

Download ppt "Information Operations"

Similar presentations

2010 ELECTION TRAINING POLL CLERK. PRECINCT OFFICIALS The precinct team consists of: The precinct team consists of:  Republican  One Inspector  One.

2010 ELECTION TRAINING POLL CLERK. PRECINCT OFFICIALS The precinct team consists of: The precinct team consists of:  Republican  One Inspector  One.
Good or Bad?.  One of the closest contests in US history  Florida was the pivotal state  Neither Democrat Al Gore nor Republican George W. Bush had.

Good or Bad?.  One of the closest contests in US history  Florida was the pivotal state  Neither Democrat Al Gore nor Republican George W. Bush had.
Purpose To provide preliminary training to both Republican and Democratic poll workers – Competent, responsible election officials – Knowledgeable about.

Purpose To provide preliminary training to both Republican and Democratic poll workers – Competent, responsible election officials – Knowledgeable about.
The Citizen in Government Electing Leaders ~~~~~ The Right to Vote

The Citizen in Government Electing Leaders ~~~~~ The Right to Vote
Registration Must register at least 25 days before the election You can register by mail, or at post offices, DMVs, libraries, and schools Must submit.

Registration Must register at least 25 days before the election You can register by mail, or at post offices, DMVs, libraries, and schools Must submit.
By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.

By Varun Jain. Introduction  Florida 2000 election fiasco, drew conclusion that paper ballots couldn’t be counted  Computerized voting system, DRE (Direct.
Charlie Daniels Arkansas Secretary of State HAVA Compliant Voting Systems Security Considerations General Recommendations to Enhance Security and Integrity.

Charlie Daniels Arkansas Secretary of State HAVA Compliant Voting Systems Security Considerations General Recommendations to Enhance Security and Integrity.
1 J. Alex Halderman Security Failures in Electronic Voting Machines Ariel Feldman Alex Halderman Edward Felten Center for Information Technology Policy.

1 J. Alex Halderman Security Failures in Electronic Voting Machines Ariel Feldman Alex Halderman Edward Felten Center for Information Technology Policy.
VOTING AND ELECTIONS. T YPES OF E LECTIONS Primary Election: Members of political parties nominate candidates Republicans can only vote for their favorite.

VOTING AND ELECTIONS. T YPES OF E LECTIONS Primary Election: Members of political parties nominate candidates Republicans can only vote for their favorite.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Voting Machines Failing the World *Voting machines around the world are failing in Colorado as well as 34 other states. *This could be crucial in the upcoming.

Voting Machines Failing the World *Voting machines around the world are failing in Colorado as well as 34 other states. *This could be crucial in the upcoming.
Vote By Mail A County Perspective Dolores Gilmore, Elections Manager

Vote By Mail A County Perspective Dolores Gilmore, Elections Manager
Chapter 10 Section 3: The Right to Vote

Chapter 10 Section 3: The Right to Vote
This is group I have made.  Deleted all the emails we didn’t need to clear out our email.  Then created folders for the emails we would receive.

This is group I have made.  Deleted all the s we didn’t need to clear out our .  Then created folders for the s we would receive.
Presidential Election Process. Voters Must be eligible Must be eligible (REQUIREMENTS) 1.Citizenship 2.Minimum age of 18 3.Meet your state requirements.

Presidential Election Process. Voters Must be eligible Must be eligible (REQUIREMENTS) 1.Citizenship 2.Minimum age of 18 3.Meet your state requirements.
CPS 82, Fall 2008 8.1 Illustrated History of Voting l l.

CPS 82, Fall Illustrated History of Voting l l.
California Secretary of State Voting Systems Testing Summit November 28 & 29, 2005, Sacramento, California Remarks by Kim Alexander, President, California.

California Secretary of State Voting Systems Testing Summit November 28 & 29, 2005, Sacramento, California Remarks by Kim Alexander, President, California.
Electronic Voting: The 2004 Election and Beyond Prof. David L. Dill Department of Computer Science Stanford University

Electronic Voting: The 2004 Election and Beyond Prof. David L. Dill Department of Computer Science Stanford University
Idaho Procedures M100 OPTICAL SCAN PRECINCT TABULATOR.

Idaho Procedures M100 OPTICAL SCAN PRECINCT TABULATOR.
 Primary Election  General Election  An election in which members of a political party nominate candidates.

 Primary Election  General Election  An election in which members of a political party nominate candidates.

Similar presentations

Ads by Google