Sale of the Eiffel Tower and Election Phishing 
0
Dan Gavin
Sale of the Eiffel Tower and Election Phishing 

In 1925, the Eiffel Tower was in a serious state of disrepair and there were rumors that it would be dismantled.  Not to let a good rumor go to waste, con artist, Victor Lustig, posed as a government official and invited several scrap metal dealers to a confidential meeting, claiming that the government wanted to sell the Eiffel Tower for scrap. Five dealers responded to his request for a meeting and one dealer, Andre Poisson, made the highest bid for the 15,000-beam structure.  Two days later the deal was closed for an undisclosed amount.   By the time Poisson discovered he was scammed, Lustig was in Austria.   

Con men and scammers have been around for ages.  In this digital age, scammers are using technology to add credibility to their scams.   Through email and text messaging they can cast a broad net.  It is a good day for them even if they only reel in two victims out of one hundred emails or texts.    Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. Phishing is the number one entry point for ransomware. 

Hackers use whatever topics are current or in the news to entice someone to let their guard down so the victim clicks the link or gives up critical information.  As the election is less than two months away, election campaign phishing is on the rise. As I was reviewing dark web reports, I noticed an advertisement selling a phishing platform.  They had templated the faux campaign donation emails and would provide the mass email platform.  The dark web customer could choose to target either the Harris or Trump voters, or both.  Nowadays, criminals don’t have to be technically proficient, they can outsource their evil.  

These days I am receiving several text messages a day asking me to donate to or vote for a particular candidate with a link at the end of the message. From the text, it is hard to determine if the message is legitimate.  If you are interested, research on the internet for the candidate’s site and learn more.  If you are not interested, delete the message and mark it as junk.  Whether it’s email or text, don’t click on any links.  

Scammers use the same techniques whether it is a text, email, or a phone call.  If you receive a phone call, be very careful if you choose to engage the caller. If there is a campaign or a charity that you are interested in supporting, thank the caller for their time and go to a known-good website for that organization.  Do not give the caller any financial information like credit card or bank account numbers.  

Before donating to any Political Action Committee (PAC), it is a great idea to verify that the organization is legitimate.  All PACs must register and report to the Federal Election Committee (FEC).  Check out this website from the FEC to verify the organization. www.fec.gov/data/reports/pac-party  

What does the sale of the Eiffel Tower and an election have in common?  They both have con men and scammers looking for ways to take advantage of unsuspecting victims. Just as Victor Lustig duped the scrap metal magnate, scammers are phishing to see who will take their bait. 

Cyber-attacks on voting infrastructure. Is there a backup plan?
0
Dan Gavin
Cyber-attacks on voting infrastructure. Is there a backup plan?

Imagine that during this upcoming election in November if no results were available until days after the election. On July 31st the Cybersecurity and Infrastructure Security Agency (CISA), in conjunction with the Federal Bureau of Investigation (FBI) released a public service announcement stating that there is potential for a Distributed Denial of Service (DDOS) attack on election infrastructure and adjacent infrastructure that supports operations. 

To better understand the situation, here is some background information. CISA was established in November 2018 to enhance the security, resilience, and reliability of the nation’s critical infrastructure. CISA is at the heart of mobilizing a collective defense to understand and manage risk to our critical infrastructure and associated National Critical Functions. Basically, CISA is charged with protecting US cyberspace as well as the nation’s critical infrastructure such as power, water, and even our elections.

A DDoS attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming it with a flood of internet traffic. Hackers do this by using many compromised computer systems as a source of attack traffic. It is like a mob of people rushing to a store to block legitimate customers from shopping. Imagine tens of thousands of computers that have been loaded with malware without the users’ knowledge. Now imagine all those computers running a program at the same time against specific sites making continuous requests against the election infrastructure.

Now back to the announcement from CISA: 

“With Election Day less than 100 days away, it is important to help put into context some of the incidents the American public may see during the election cycle that, while potentially causing some minor disruptions, will not fundamentally impact the security or integrity of the democratic process,” said CISA Senior Advisor Cait Conley. “DDoS attacks are one example of a tactic that we have seen used against election infrastructure in the past and will likely see again in the future, but they will NOT affect the security or integrity of the actual election.”

CISA’s intent is to assure the public that the elections will not be affected even though there may be disruptions that may prevent the public from receiving timely information. However, if they know that adversaries may target the elections, how do they know that the elections will be safe and secure? How do they know that a DDoS against the voting tabulation network won’t block results from being collated. How do they keep a breach from occurring in the voting infrastructure? What happens if there is a major regional power outage due to cyber-attack? As we know from the CrowdStrike outage where Maricopa County’s Dominion voting machines got the blue screen of death update (see article from 2 weeks ago for more details), voting machines are on the network. Why would it just be periphery report structure and not the actual voting? As a cybersecurity professional the joint FBI and CISA statement provides more questions than answers. 

Perhaps to properly secure the election system, we need to employ the same cybersecurity strategies that businesses use in case of emergencies. There should be contingency plans ready in case of a cybersecurity event. Precincts, counties and states should be ready to manually count the votes for all the races in case of a regional or national cyber-attack. The people required to perform the required functions – counters, watchers, recorders should be prepared and ready. Knowing the risks, should manual counting of paper ballots at the precinct level be the primary method with machine backup?

It seems CISA and the FBI are placating the public and telling us not to worry. Maybe they should spend more resources into hardening the infrastructure and working with the local resources on contingency planning in case of emergency. 

This article was originally published in the Sierra Vista Herald found here.

Copyright © 2025 CyberEye Call us at: ‪(520)224-8981