McAfee Exposes Critical Website Vulnerabilities In 20 Important US Swing States

Over the course of the last several weeks and months leading up the November 2018 Mid-Term Elections, McAfee, a US based anti-virus software provider, has been analyzing various Government website in several important “Swing States” and state counties across the country. More specifically, “McAfee surveyed the security measures of county websites in 20 states.” What researchers have found is that there is an alarmingly large number of Government run websites that remain unprotected by even some of the most basic and fundamental security measures, presenting an easy target for hackers ahead of important election dates.

Due to these critical vulnerabilities, in a blog post publishing their finding earlier this week, McAfee researchers were primarily concerned with 2 major issues. First, the spamming of unprotected email subscriber/voter registration lists tied to state owned websites allowing for phishing attacks to spread and second, the spoofing of websites, domain names and/or vulnerability to DNS poisoning attacks leading potential voters to fake or spoofed versions of state/election/Government websites.

Full Release from McAfee:

To their surprise, what McAfee uncovered is that there is an unusually large number of of US Government websites not running on .gov Top Level Domains (TLD), instead using .com or .net. This is important to understand because .com domains are far less secure and much easier to obtain than .gov TLD’s, which require far more authentication/investigation to register. However, because of this, McAfee concludes that state employed website administrators simply didn’t want to go through the “hassle” or “red tap” to obtain .gov TLD’s – deliberately choosing to make their websites less secure for the sake of convenience. Moreover, according to McAfee‘s press release, “Our findings essentially revealed that there is no official U.S. governing body validating whether the majority of county websites are legitimately owned by actual legitimate county entities” – therefore making it easier for malicious actors to spoof or set up fake election web pages to fool the voting public.

For some perspective on this, McAfee notes how “Minnesota and Texas had the largest percentage of domain names with 95.4% and 95% respectively.” Adding that “They were followed by Michigan (91.2%), New Hampshire (90%), Mississippi (86.6%) and Ohio (85.9%).” On the other end, “Arizona had the largest percentage of .gov domain names, but even this state could only confirm 66.7% of county sites as using the validated addresses.

On top of this, McAfee discovered that several state owned websites didn’t even utilize some of the simplest, most basic and easy to install security measures – such as SSL’s. This means that there are Government owned websites across different states that actively refuse to protect/encrypt any information their constituents enter onto them – something with is absolutely unacceptable in 2018, especially given all the state-wide voter registration data dumps throughout 2015/2016. For example, the study found that “Maine had the highest number of county websites protected by SSL,” but even then only 56.2% of them utilized one. On the other end of the spectrum, “West Virginia had the greatest number of websites lacking SSL security,” with approximately 92.6% of their sites lacking SSL certificates. This was followed by Texas (91%), Montana (90%), Mississippi (85.1%) and New Jersey (81%). Highlighting just how pathetic this is, most SSL certificates can be obtained for $2-$5 and come standard, for free, on most website hosting platforms.

Influencing the electorate through false communications is more practical, efficient and simpler than attempting to successfully hack into hundreds of thousands of voting machines. Such a scenario is much easier to execute than tampering with voting machines themselves,” notes McAfee CTO Steve Grobman. “Given how important the democratic process of voting is to our society and way of life, we must work to better secure these critical information systems.

Safe & Secure Voting Registration Websites To Utilize for November:

  1. Alabama
  2. Alaska
  3. Arizona
  4. Arkansas
  5. California
  6. Colorado
  7. Connecticut
  8. DC
  9. Delaware
  10. Florida
  11. Georgia
  12. Hawaii
  13. Idaho
  14. Illinois
  15. Indiana
  16. Iowa
  17. Kansas
  18. Kentucky
  19. Louisiana
  20. Maine
  21. Maryland
  22. Massachusetts
  23. Michigan
  24. Minnesota
  25. Missouri
  26. Montana
  27. Nebraska
  28. Nevada
  29. New Hampshire
  30. New Jersey
  31. New Mexico
  32. New York
  33. North Carolina
  34. North Dakota
  35. Ohio
  36. Oklahoma
  37. Oregon
  38. Pennsylvania
  39. Rhode Island
  40. South Carolina
  41. South Dakota
  42. Tennessee
  43. Texas
  44. Utah
  45. Vermont
  46. Virginia
  47. Washington
  48. West Virginia
  49. Wisconsin
  50. Wyoming

Published by

Brian Dunn

Writer, Researcher Owner: Rogue Media Labs | Rogue Security Labs (929)-319-2570 BrianDunn@RogueSecurityLabs.Ltd

Leave a Reply

Your email address will not be published.