This Week in Cybercrime: Could Maryland Voter Registration Vulnerability Affect Election Outcomes?

Plus: Medical devices are overrun with malicious code, “miniFlame” conducts malware strikes against high-level targets, and Google re-arms itself against infected apps

3 min read

This Week in Cybercrime: Could Maryland Voter Registration Vulnerability Affect Election Outcomes?

Could a Hacker Make Thousands ‘Ineligible’ to Vote?

The Washington Post reports that a flaw in the implementation of the state of Maryland’s online voter registration process could have allowed widescale tampering with voters’ records. Researchers at the University of Michigan, the Lawrence Livermore National Laboratory and a former president of the Association for Computing Machinery wrote to members of the Maryland State Board of Elections in late September warning that anyone with access to a Maryland voter’s full name and date of birth could easily change the voter’s address or other information and possibly make him or her have to use a provisional ballot to vote on Election Day. What’s more, said the researchers, is that a simple software program could have launched a computer attack that changed the voter registration files of thousands of Maryland residents—without any of them or the Board of Elections noticing the problem until 6 November. According to the Washington Post, a few members of State Board of Elections wanted to respond to the researchers’ warning. But they were overruled by a faction that judged the researchers’ hacking scenario to be highly unlikely.

More than 100 000 voter files were changed before Maryland’s voter registration period closed at 9 p.m. ET on 15 October. “The board could not readily say how that number compared with similar periods before prior presidential elections, but they said it probably represented a significant increase,” the Washington Post reports.

Medical Devices Under Cyberattack

Panelists at an 11 October medical-device session at a meeting of the National Institute of Standards and Technology’s Information Security & Privacy Advisory Board noted that computerized hospital equipment is increasingly vulnerable to malware infections. "Conventional malware is rampant in hospitals because of medical devices using unpatched operating systems,” Kevin Fu, a leading expert on medical-device security who is a member of the board, told Technology Review. “There's little recourse for hospitals when a manufacturer refuses to allow OS updates or security patches," Fu says. A Technology Review article reporting on the meeting quotes Fu providing a typical example:

“At Beth Israel Deaconess Medical Center in Boston, 664 pieces of medical equipment are running on older Windows operating systems that manufacturers will not modify or allow the hospital to change—even to add antivirus software—because of disagreements over whether modifications could run afoul of U.S. Food and Drug Administration regulatory reviews.”

Mark Olson, chief information security officer at Beth Israel, told the panel that these computers are infected with malware so frequently that one or two have to be taken offline each week to have the harmful software removed. Olson noted infections have stricken many kinds of equipment, from fetal monitors to $500 000 MRI machines. It’s a wonder that there have been no reports that someone died in a hospital bed with doctors and nurses completely unaware because a machine overwhelmed with malicious code was taking errant readings.

Newer, More Targeted Version of Flame Discovered

Security researchers at Kaspersky Lab reported this week that they have identified a new variant of the Flame malware used to conduct cyberespionage. The malicious code, called "miniFlame," creates a backdoor in machines that can then be used by attackers to get in and write files to, steal files from, or capture images of what appears on the display of the compromised computer. Kaspersky says that, similarities to Flame and Gauss aside, miniFlame has a different purpose. The Internet security firm estimates that Flame and Gauss have infected thousands of systems; miniFlame, on the other hand, has infected only a few dozen. "This indicates that [miniFlame] is a tool used for highly targeted attacks, and has probably been used only against very specific targets that have the greatest significance and pose the greatest interest to the attackers," Kaspersky Lab told TechNewsWorld. Kaspersky says it has yet to identify who has been targeted, but notes that the nature of miniFlame provides further evidence in support of its belief that Flame and Gauss were created by the same group.

Google’s New Defense Against Malware-Infected Apps

Online news site Android Police has reported that Google may be implementing a new malware scanner in its Google Play Android app store. The scanner has two functions. The first is an "App Check" service that scans a handset to ensure that none of the applications already installed on the device are harmful. The other part is what Android Police describes as a "doorman-style app blocker" that delivers a warning such as “Installing this app may harm your device” if the user is about to download software that has been flagged as suspicious. ZDNet is speculating that the malware blocker is the creation of VirusTotal, a firm that makes a free online malware scanning utility. Google acquired the company in September.

The Conversation (0)