Twitter, Toronto, Wanna discussed on Pwned: The Information Security Podcast
Them. You know that there's no hardware or software that's going to solve that problem and it, but it is a cybersecurity issue you could have. You could I mean if he if he did have the depending on the system because there are so many you know where? You do have some sort of traffic tabulation, and so maybe that is that is gapped. You know there is some sort of air gap e you need a VPN, you know credentials to attack something you know there's Some sort of authentication. You know, but it's those it's the hosts running it. Are If the. If, we're running the election they show with a laptop right and that laptop is ultimately used a they plug that in their able to send data or they're the machine. The machine itself tabulates information sends that to a database. Whatever you like Toronto? is inside. that. That system. You have to then look at the I'm your your attack surfaces is massive right? You're you're in you're in a public place you're making your ass, you have to ask the question. WHO's watching that? You know who's who has access to this when we're there? Is there credential sharing? The hardened so that you know they can't go and check their g mail in at the end of the night when you have all the people that are slowly coming in, you know to to vote. The did you did you lock it? When you walked away you know to to use the bathroom you know any? Kind of classic. Thanks again. Basic security stuff. Yeah I mean that laptop that interfaces with some aspect of the election systems psycho doesn't doesn't actually wouldn't actually be able to be used A. Change votes right and I. Used to access systems You know that could be taken off line and then all of a sudden he can't Tabulate everything. That's systems downs. Classic CIA you know the confidentiality integrity and availability now of can't access the systems they're not available. you don't know if the data was manipulated because have any auditing and. You don't know who has access to it. So it's not confidential. For say. Those those breakdowns and I and I think those those kind of ideas. When you look at like the idea of just one election is with freedom and democracy. You don't WanNa Google. Didn't look at it like that like common like you like you need a blow barrier of entry. Yeah and and you hear about all those articles that say things like no-one. no-one commits voter fraud or something such a small percentage it never happens. You hear about those studies and it again, it comes back to like having having the database right something that sets audible. You know who who can change what what we're all those systems come together at that. The makes it tricky. It's not to say, I mean I mean it could be it was time with disruption and disinformation right? If you had some sort of coordinator. WHO Is Coordinating the. Election in a local facility in Cownie. And their email was compromised and then they email everyone that says, hey, guys. Something happened. We gotta change locations and everyone shows up at different spots and they tried to call this number instead of this number and. I'm kind of projecting and speculating. But then all of a sudden. Everyone's told the show up at building ex but people that were actions for some show the building why no one knew about that? and. Now you lose an hour or two of of voting, right? So you think about like this kind of weird things that could be manipulated in the physical world and and how could. You know from from the digital world you know as I. Think is what comes back to and that's kind of where you know he's into another point of like people that are familiar with local science and the policy. Those policy leaders who are managing those systems. You know they're they're not necessarily technical expert on on on those those aspects with their interface side, those technical systems that's the case for everyone you know in the twenty first century, you have people using. Technology that can do all sorts of Hamas. As more computing power than than the first. Computer that went to the move, right right. So walking around with it. Yeah we're just walking around with it and then it's not to say they were going to the moon to there. I don't want to say that because that's that's ridiculous. But it's just kind of the the kind of sentiment there. Right that if you. Directing these and they don't really understand it from a technical perspective. They may not understand how they could be manipulated or abuse and. Those nuances of social things where people say. Well you know I I. Trust Everything I. Hear from right Emmett on question it. Because never had to because the system has never changed. Right. So so why would it? Someone can insert that trust and abuse it. And you know what? What do they yield? Who knows right right going back to the twitter you know the the twitter hacker. Accident Accounts there was clearly. Some. Sort of trust abuse somewhere or someone like yeah. That's that's fine like whatever whatever. Whatever was that's fine and. They do that and they didn't question it. That's that's I. Mean that's my concern too. Is that you have digital systems and people don't not training thing, right? I mean is it is training. It is always training at the end of the day. But it's having. It's having the people that are are qualified for that new front. Because those people are not going to be necessarily the same people that are Qualified or understand. All the other parts of the election in the innocent the system in in human you know organic and an technical perspective right I want I don't WanNa. I referred to say the word system a few times the election is very organic. It's not just you know Ethernet cables and. Know. firmware and. Meet bags walking. Responsibilities. And so that's that's you know that's important to. Know right in understand. So you know what I think ends up happening is that with a lot of disinformation campaigns Depend on like the rush trolls in the in the. BOTs. And those kinds of ideas you have people that are going to kind of jump jump jump in on..