A Potential Way to Attack WA State Election System

•Download as PPTX, PDF•

0 likes•48 views

A Potential Way to Attack WA State Election System

A Potential Way to Attack
WA State Election System
Nathan Scott

Agenda
Agenda
Terminologies
Background
Problems
Solutions

MyVote
A type of voter records archive system.

reCAPTCHA
reCAPTCHA is a free service that
protects your website from spam and
abuse.

Social Engineering
Social engineering, in the context of
information security, refers to psychological
manipulation of people into performing
actions or divulging confidential information.

Background
• On 12/15/2018 I graduated from Washington State University (Pullman).
• On 12/21/2018 I moved from Pullman to the Great Seattle area.
• On 12/24/2018 I changed my address online, but the system also ask me to change my voter
address that is how I know MyVote exist.
• On 12/24/2018 I realized the voter information can be manipulated by a attacker.
• On 12/25/2018 I contacted Secretary of State (SOS) of Washington.
• On 12/26/2018 I got a useless email in reply.
• On 12/27/2018 I published my article on my Linkedin account to warn others remove their date
of birth from their social media account.

Steps of Attacking
1. Find a victim from Facebook.
2. Add the victim as friend.
3. Check/find out victim’s date of birth.
4. Use MyVote to get victim’s true address.
5. Use ***Search to get all victim’s information
including victim’s relatives’ information.
6. Repeat step 1.

MyVote

MyVote

MyVote

MyVote

MyVote

MyVote

MyVote

MyVote

SOS Email
Hello,
Thank you for contacting our office. Certain voter registration data is public and can’t be withheld from public request.
Private information like your phone number, driver’s license number, Social Security number, etc. is not public and
therefore not disclosed, but your name, address, date of birth, gender, etc. is public. If anyone contacts our office or a
County Auditor’s Office and requests voter registration information, we are required by RCW 29A.08.710 to provide that
information. The only exception to public disclosure is voters enrolled in the Address Confidentiality Program (RCW
29A.08.710). RCW 29A.08.740 does restrict what requesters can do with voter registration information and misuse of
voter registration information is a class C felony.
Everything that appears on MyVote is public information under state law.
I hope this answers your questions!
Selena Faller
Office Assistant
Washington State Elections | Office of the Secretary of State
(360) 902-4180 | www.vote.wa.gov

My Question
So my question is:
"If everyone can follow the law,
why we still need a password?"

Solutions
• Add a ReCAPTCHA at front page.
• Add a request form to verify the requester’s
information.
• Taking down all reserve social engineering website
like ***Search.

Q & A
Q & A

More Related Content

Similar to A Potential Way to Attack WA State Election System

Social networking and identity theft

Social networking and identity theft

Social networking and identity theft

RSA Conference 2016 Review

RSA Conference 2016 Review

RSA Conference 2016 Review

Norman W. Mayes, CISSP, MCSE, ITIL

What is Vote By Mail?

What is Vote By Mail?

What is Vote By Mail?

Voter Registration Toolbox

Voter Registration Toolbox

Voter Registration Toolbox

Minnesota Council of Nonprofits

PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS

PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS

PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS

- Mark - Fullbright

Why can’t police catch cyber criminals

Why can’t police catch cyber criminals

Why can’t police catch cyber criminals

Chip Thornsburg

This was a presentation by Hewie Poplock on Tuesday, November 15th, 2016 in the Goodwill Manasota (FL) Ranch Lake Community Room, "How to Avoid Identity Theft". A victim of identity theft himself, Hewie will provide examples of how ID theft can happen as well as suggestions and precautions on how to prevent you and your family from becoming victims of identity theft yourselves. Topics covered included: • What is Identity Theft • How ID Theft Happens • How to Protect Yourself • Phishing • Data Breaches • Facebook Spoofing • Skimmers • Security Freeze • On Line Shopping Safety • Credit Card Chips • What to Do If You are a Victim Hewie is a former teacher, college instructor, business owner and manager, IT Manager, and web designer. He is currently semi-retired, but is active in technology user groups and frequently speaks to and teaches groups who are mostly seniors. He holds a monthly Windows Special Interest Group for a group in Orlando and has several videos on YouTube. He is an active member of The Sarasota Technology User Group.

Identity Theft: How to Avoid It

Identity Theft: How to Avoid It

Identity Theft: How to Avoid It

IST Presentation

IST Presentation

IST Presentation

Election integrity-manual

Election integrity-manual

Election integrity-manual

Jennifer Raiffie

Get Protected Today! Enroll: https://www.legalshield.com/hub/antoniamcclammy Identity theft is the number 1 white collar crime in North America! It has been the #1 complaint by consumers to the FTC for 15 straight years. Our firm provides the TOTAL solution for this growing pandemic. IDShield is a comprehensive identity theft protection service that monitors the information that matters, offers unlimited consultation on how to protect your information, and provides complete restoration by licensed private investigators in case your identity is compromised.

ID Shield Services and Features

ID Shield Services and Features

ID Shield Services and Features

Antonia McClammy

How to safe online (presented by abhinav pathak)

How to safe online (presented by abhinav pathak)

How to safe online (presented by abhinav pathak)

How to Prevent ID Theft

How to Prevent ID Theft

How to Prevent ID Theft

IDSHield Services and Features

IDSHield Services and Features

IDSHield Services and Features

Antonio Muniz Olan

Dealing With ID Theft

Dealing With ID Theft

Dealing With ID Theft

Improve My Credit USA

2015 senate youth information webinar for student's, counselors, and parents ...

2015 senate youth information webinar for student's, counselors, and parents ...

2015 senate youth information webinar for student's, counselors, and parents ...

Michelle McLaughlin

2015 senate youth information webinar for student's, counselors, and parents ...

2015 senate youth information webinar for student's, counselors, and parents ...

2015 senate youth information webinar for student's, counselors, and parents ...

Michelle McLaughlin

Information Compromise and the Risk of Identity Theft Guidance for your Business

Information Compromise and the Risk of Identity Theft Guidance for your Business

Information Compromise and the Risk of Identity Theft Guidance for your Business

- Mark - Fullbright

Identity Theft

Identity theft

ASIS Phoenix February Presentation

ASIS Phoenix February Presentation

ASIS Phoenix February Presentation

John Hamilton, DAHC,EHC,CFDAI, CPP, PSPO

Similar to A Potential Way to Attack WA State Election System (20)

Social networking and identity theft

Social networking and identity theft

Social networking and identity theft

RSA Conference 2016 Review

RSA Conference 2016 Review

RSA Conference 2016 Review

What is Vote By Mail?

What is Vote By Mail?

What is Vote By Mail?

Voter Registration Toolbox

Voter Registration Toolbox

Voter Registration Toolbox

PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS

PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS

PREVENTING IDENTITY THEFT: A GUIDE for CONSUMERS

Why can’t police catch cyber criminals

Why can’t police catch cyber criminals

Why can’t police catch cyber criminals

Identity Theft: How to Avoid It

Identity Theft: How to Avoid It

Identity Theft: How to Avoid It

IST Presentation

IST Presentation

IST Presentation

Election integrity-manual

Election integrity-manual

Election integrity-manual

ID Shield Services and Features

ID Shield Services and Features

ID Shield Services and Features

How to safe online (presented by abhinav pathak)

How to safe online (presented by abhinav pathak)

How to safe online (presented by abhinav pathak)

How to Prevent ID Theft

How to Prevent ID Theft

How to Prevent ID Theft

IDSHield Services and Features

IDSHield Services and Features

IDSHield Services and Features

Dealing With ID Theft

Dealing With ID Theft

Dealing With ID Theft

2015 senate youth information webinar for student's, counselors, and parents ...

2015 senate youth information webinar for student's, counselors, and parents ...

2015 senate youth information webinar for student's, counselors, and parents ...

2015 senate youth information webinar for student's, counselors, and parents ...

2015 senate youth information webinar for student's, counselors, and parents ...

2015 senate youth information webinar for student's, counselors, and parents ...

Information Compromise and the Risk of Identity Theft Guidance for your Business

Information Compromise and the Risk of Identity Theft Guidance for your Business

Information Compromise and the Risk of Identity Theft Guidance for your Business

Identity Theft

Identity theft

ASIS Phoenix February Presentation

ASIS Phoenix February Presentation

ASIS Phoenix February Presentation

Recently uploaded

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Partners Life - Insurer Innovation Award 2024

Partners Life - Insurer Innovation Award 2024

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Tata AIG General Insurance Company - Insurer Innovation Award 2024

Tata AIG General Insurance Company - Insurer Innovation Award 2024

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Boost PC performance: How more available memory can improve productivity

Boost PC performance: How more available memory can improve productivity

Principled Technologies

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

What Are The Drone Anti-jamming Systems Technology?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

Automating Google Workspace (GWS) & more with Apps Script

Automating Google Workspace (GWS) & more with Apps Script

Automating Google Workspace (GWS) & more with Apps Script

Data Cloud, More than a CDP by Matt Robison

Data Cloud, More than a CDP by Matt Robison

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

🐬 The future of MySQL is Postgres 🐘

🐬 The future of MySQL is Postgres 🐘

🐬 The future of MySQL is Postgres 🐘

This presentation explores the impact of HTML injection attacks on web applications, detailing how attackers exploit vulnerabilities to inject malicious code into web pages. Learn about the potential consequences of such attacks and discover effective mitigation strategies to protect your web applications from HTML injection vulnerabilities. for more information visit https://bostoninstituteofanalytics.org/category/cyber-security-ethical-hacking/

HTML Injection Attacks: Impact and Mitigation Strategies

HTML Injection Attacks: Impact and Mitigation Strategies

HTML Injection Attacks: Impact and Mitigation Strategies

Boston Institute of Analytics

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Recently uploaded (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Partners Life - Insurer Innovation Award 2024

Partners Life - Insurer Innovation Award 2024

Partners Life - Insurer Innovation Award 2024

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Tata AIG General Insurance Company - Insurer Innovation Award 2024

Tata AIG General Insurance Company - Insurer Innovation Award 2024

Tata AIG General Insurance Company - Insurer Innovation Award 2024

Boost PC performance: How more available memory can improve productivity

Boost PC performance: How more available memory can improve productivity

Boost PC performance: How more available memory can improve productivity

What Are The Drone Anti-jamming Systems Technology?

What Are The Drone Anti-jamming Systems Technology?

What Are The Drone Anti-jamming Systems Technology?

Automating Google Workspace (GWS) & more with Apps Script

Automating Google Workspace (GWS) & more with Apps Script

Automating Google Workspace (GWS) & more with Apps Script

Data Cloud, More than a CDP by Matt Robison

Data Cloud, More than a CDP by Matt Robison

Data Cloud, More than a CDP by Matt Robison

🐬 The future of MySQL is Postgres 🐘

🐬 The future of MySQL is Postgres 🐘

🐬 The future of MySQL is Postgres 🐘

HTML Injection Attacks: Impact and Mitigation Strategies

HTML Injection Attacks: Impact and Mitigation Strategies

HTML Injection Attacks: Impact and Mitigation Strategies

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

A Potential Way to Attack WA State Election System

1. A Potential Way to Attack WA State Election System Nathan Scott

2. Agenda Agenda Terminologies Background Problems Solutions

3. MyVote A type of voter records archive system.

4. reCAPTCHA reCAPTCHA is a free service that protects your website from spam and abuse.

5. Social Engineering Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information.

6. Background • On 12/15/2018 I graduated from Washington State University (Pullman). • On 12/21/2018 I moved from Pullman to the Great Seattle area. • On 12/24/2018 I changed my address online, but the system also ask me to change my voter address that is how I know MyVote exist. • On 12/24/2018 I realized the voter information can be manipulated by a attacker. • On 12/25/2018 I contacted Secretary of State (SOS) of Washington. • On 12/26/2018 I got a useless email in reply. • On 12/27/2018 I published my article on my Linkedin account to warn others remove their date of birth from their social media account.

7. Steps of Attacking 1. Find a victim from Facebook. 2. Add the victim as friend. 3. Check/find out victim’s date of birth. 4. Use MyVote to get victim’s true address. 5. Use ***Search to get all victim’s information including victim’s relatives’ information. 6. Repeat step 1.

16. SOS Email Hello, Thank you for contacting our office. Certain voter registration data is public and can’t be withheld from public request. Private information like your phone number, driver’s license number, Social Security number, etc. is not public and therefore not disclosed, but your name, address, date of birth, gender, etc. is public. If anyone contacts our office or a County Auditor’s Office and requests voter registration information, we are required by RCW 29A.08.710 to provide that information. The only exception to public disclosure is voters enrolled in the Address Confidentiality Program (RCW 29A.08.710). RCW 29A.08.740 does restrict what requesters can do with voter registration information and misuse of voter registration information is a class C felony. Everything that appears on MyVote is public information under state law. I hope this answers your questions! Selena Faller Office Assistant Washington State Elections | Office of the Secretary of State (360) 902-4180 | www.vote.wa.gov

17. My Question So my question is: "If everyone can follow the law, why we still need a password?"

18. Solutions • Add a ReCAPTCHA at front page. • Add a request form to verify the requester’s information. • Taking down all reserve social engineering website like ***Search.

19. Q & A Q & A