CNET’s Dan Patterson interviewed Cris Thomas (aka Area Rogue), world technique lead at IBM X-Drive Pink, about SQL injection assaults and the way database hacks can result in doubt within the election course of. The next is an edited transcript of the interview.
2018: Election Hacking is a weekly sequence from TechRepublic sibling websites, CBS Information & CNET, in regards to the cyber-threats and vulnerabilities of the 2018 midterm election.
Dan Patterson: I take into consideration databases on a regular basis, however databases are perhaps not related to different elements of the exterior infrastructure or the web. How would I goal and assault a database? How would I get entry to that?
Cris Thomas: If the databases are on-line and are accessible over the web, that is your first step. You’d go to the web site and alter what’s often called the URL or enter in another totally different code to drive the database to spit out all of the data to you. These are sometimes known as SQL injection assaults. It is a quite common assault. It is a very simple factor to misconfigure your database to be inclined to those assaults, so it is essential for election officers to verify they’ve examined these configurations, that they’ve examined the web sites which are getting used to retrieve this knowledge in order that if anyone’s trying on the web site remotely that they do not have that capability to conduct an SQL injection assault to obtain all their data or make adjustments to the database.
Dan Patterson: After I take into consideration, maybe not the or the software program, I take into consideration the individuals and cognitive hacking, or the vulnerabilities of human beings. How are election employees, marketing campaign employees, grassroots organizations, how are the people concerned within the electoral course of susceptible?
Cris Thomas: They’re human. People have vulnerabilities. They’re inclined to propaganda, they’re inclined to influences, I feel what we’re calling it now, the place information tales are reported that point out that oh my God, our registration database has been hacked. That weighs on individuals’s minds and it causes them to be unsure, have doubts in regards to the course of. Like I stated, that is all about belief. Belief within the system and belief within the votes being solid and counted appropriately. By attacking databases, by selling tales about vulnerabilities in machines, a few of that is needed however a few of it additionally feeds into the concern that folks have.