Connect with us

Cybersecurity

Which Top 5 Presidential Candidate is Most Likely to Be Hacked?

Published

on

Security researcher Jonathan Lampe recently published a report comparing the security readiness of various leading contenders for the White House.

The findings are interesting because, well, it’s 2015, and many of these people lived a long time without the existence of the Internet. Given the number of high-profile hacks the government has suffered in recent years, it seems safe to say they’re still not taking computer security very seriously. To this assertion, Lampe told Hacked:

The federal government’s take on computer security is definitely a mixed bag. On the one hand, we have positive initiatives like NIST’s stewardship of commercial-quality cryptography, presidential leadership in encouraging all sites to use HTTPS, grant programs that fund bug hunts and vulnerability databases, and regulations that mandate security awareness training. On the other hand, we have recent debacles like CISA’s sharing of raw data, Wassenaar’s weaponizing of vulnerability tools, poor data security practices that lead to exposures like the one that
struck the OPM, and bad designs that lead to vulnerabilities in HealthCare.gov.

The federal government certainly spends more than enough money on IT, but good security always seems out of reach. I’d be surprised if the federal government spends less on security, proportionally, than the private sector, but bureaucracy and the continual development of custom software seem to conspire to keep federal security deployments a step behind where they should be.

With great irony, one of the lesser candidates, Republican Ben Carson, wins overall on website security. “Outsources donation and volunteer services. No store. Small attack surface,” the report says of his positives. For the negative or “con” column, there was nothing. Carson has made some radical claims during his campaign, such as the idea that Jews during the Holocaust could have USPresidentialSealsurvived if they’d had guns. While this is not the craziest thing ever said by a Republican, it’s proven to be significant fodder for liberal outlets to attack the candidate.

Also read: Feds Digging Deeper into State Department E-mail Scandal

But in cybersecurity, victory is not achieved through saying things people do or do not like. It is achieved through best practices. And in this regard, Carson is perhaps unknowingly in the lead. For one thing, it may not remain the case that the candidate has no storefront. Perhaps his campaign has decided to create such a thing in the unlikely event that he gets the nomination, not before.

The other four candidates rank as follows:

  • Hilary Clinton and Donald Trump received an overall “B” (compared to Carson’s “A”). Clinton lost points for relying on a “quickly built application” while Trump’s team has left the log-in page on the front of his WordPress website and possibly uses an old version of a WordPress donation plugin. (That Trump is receiving donations in the first place is perhaps the true irony here.)
  • Jeb Bush and Bernie Sanders each got a “C.” Both are guilty of the same sin: they use unsecured WordPress pages and leak user information on login. Jeb Bush’s site appears to be a little worse, as the report notes that his site leaks “other information” but does not say this about Bernie Sanders’.

Lampe went to great lengths to get the data for the report. It does not, honestly, feel like there is a political bias. In the case of Hilary Clinton, he was able to find information about the way the campaign’s proprietary web application was built by finding the DevOp job description for her campaign.

Credit: Jonathan Lampe

Credit: Jonathan Lampe

This listing described the software stack in use by the Clinton people. The report fairly says that Clinton’s team had instituted some security features.

[T]here are signs that the Clinton team is taking some security precautions. The site itself seems to be running a piece of “obfuscation” software called “varnish” that regularly lies about its identity so would-be hackers would have a harder time locking on with a targeted attack. At the time of my research, Clinton’s code relied on JQuery 2.1.3, just one minor version behind cutting edge, which suggests that the team’s continuous integration process is successfully getting new versions of software (and their security fixes) published.

There is a feature of WordPress which is designed for sites like Hacked.com called “user enumeration,” and for a site like Hacked.com it would allow you to see all of our writers. But for a site like Bernie Sanders’, it makes it possible for the attacker to have a list of potential weaknesses when trying to take down the campaign. This makes plain the overall problem with CMS suites like WordPress – they are often used by venues that have no need of them.

Credit: Jonathan Lampe

Credit: Jonathan Lampe

This is not to denigrate WordPress, but it creates an overall less secure Internet when most sites are running on the same codebase. A security vulnerability in one can often mean a security vulnerability in all, and the more sites using the code, the longer it will take to patch across the spectrum. Bernie Sanders site also potentially uses an outdated version of WooCommerce, one of the more popular e-commerce plugins online. In June, WooCommerce suffered an “Object Injection Vulnerability.”

Credit: Jonathan Lampe

Credit: Jonathan Lampe

Trump Campaign Scrambles Credit Card Numbers

Like Hilary Clinton, Donald Trump’s site uses a custom design from a San Antonio firm. However, the site has few vulnerabilities because it requires less complex code to run. Trump’s donation
page, however, runs on WordPress. The report wasn’t all negative on Trump, saying that it had added security for its credit card processing.

TrumpOne piece of interesting information was the client-obfuscated (and possibly encrypted) credit card number. Where most processors simply rely on HTTPS to protect the card number (thus potentially exposing card numbers to security researchers and IT staff that use TLS interception proxies), Victory Passport takes an extra step to protect the data.

The report also notes that the term “obfuscate” is used since the makers of Victory Passport wouldn’t confirm the method they’re using with the credit card processing.

As previously mentioned, Ben Carson got the best rating of all those assessed. But Jeb Bush’s campaign site was maligned for using poor security practices, despite the candidate raising more than $100 million so far. For starters, it has the same problem as the Bernie Sanders site, in that campaign managers can easily be listed using the “user enumeration” feature of the WordPress suite. It’s important to note that this can be disabled by an experienced web developer fairly easily.

5-img-bush

Credit: Jonathan Lampe

By cross-referencing the list of user full names against other public information, a dedicated hacker would have a list of some 26 people to probe for further vulnerabilities. While hacking someone like a presidential candidate might actually turn out to be in the public interest, it’s probably not the desirable effect, nor a good headline when trying to compete for the most powerful position in the world.

Also read: Politicians and Regulators Beware, the Uber Economy is Here to Stay

It wasn’t all bad in reference to the Jeb Bush campaign site, however. They gained points with Lampe by utilizing Stripe, an e-Commerce platform that is growing in popularity and allows merchants to accept Bitcoin, among other features.

For donations, Bush uses Revv, a startup which aims to become a “Republican ActBlue.” Revv is in turn powered by Stripe eCommerce, which actually handles all of Bush’s online donation transactions. Normally a startup handling campaign contributions would raise security concerns, but the fact that all significant financial functions have been outsourced to an established ecommerce firm should allay any fears.

Lampe believes that computer security issues and how candidates treat them are increasingly important to voters, saying:

At the end of the day, if a candidate can’t protect his or her own website, what chance do they have to defend America’s cyber infrastructure against a world full of motivated hackers, many of whom are backed by national resources from rival countries. […] Consider Hillary’s freefall in the polls earlier this year when her home email server shenanigans were uncovered. Half the country claimed her actions were criminal while the other half claimed she was merely clueless, but no one could claim that Hillary was competent in the area of secure digital communications. And by demonstrating that she was out of touch with Americans’ cybersecurity fears, Hillary instantly scared off millions of potential voters.

Also read: Department of Justice Still Determined to Force Apple to Decrypt Its Consumer Technology

The way a candidate runs computer security before reaching a position should indicate how seriously they’ll take it as a leader. Computer security becomes more akin to national security with each passing year in the 21st century, and 21st-century leaders will have to abandon 20th-century notions on exactly how important it is.

Images from Shutterstock, Infosec Institute and Wikimedia.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

5 stars on average, based on 2 rated postsP. H. Madore has covered the cryptocurrency beat over the course of hundreds of articles for Hacked's sister site, CryptoCoinsNews, as well as some of her competitors. He is a major contributing developer to the Woodcoin project, and has made technical contributions on a number of other cryptocurrency projects. In spare time, he recently began a more personalized, weekly newsletter at http://ico.phm.link




Feedback or Requests?

Altcoins

Monero Price Analysis: XMR/USD Slips Below Crucial Daily Support Ahead of System Update

Published

on

  • Monero’s navitve token XMR is forced to breach a key area of support by the market bears.
  • XMR/USD was being support by an ascending trend line, running from 14th August.
  • The Monero foundation is scheduled for a routine network upgrade.

Monero Network Update

The Monero foundation is scheduled to update its network on 18th October, as a result this will be bringing a new hard fork to its token. They have been making it a routine process now, hard forking every six months. Their focus being on the likes of increased ring-size for more privacy, with large transactions and tweaking their proof of work algorithm.

In terms of this upgrade, the goal is to enhance efficiency and make some adjustments to the current proof of work algorithm. Ultimately, to make it resistant and curb the threat of ASIC mining. Developers at Monero will be implementing the new Bulletproofs protocol. This will see greater privacy, lower fees and faster verification. It will reduce transaction size by an estimated 80%.

Technical Review – Daily Chart

XMR/USD daily chart

XMR/USD slipped out to the downside from an ascending trend line. As a result, the market bears managed to push for a breach and daily close below on 7th October. The support had been running since 14th August, where the price hit a low of $76.739.  A retest has been seen and pressure is now gradually mounting on Monero’s XMR. In terms of support, the 50DMA has provided some initial comfort for now. Furthermore, the next major downside support is observed in a chunky demand area. This is seen tracking from $86 down to $76. Resistance will now be eyed at $116.550 area, underneath the breached ascending trend line. In proximity to the 100DMA, which may cause some difficulty for the bulls. Elsewhere, further to the north, resistance can be seen within the $125.000 territory. Finally, heavy supply is tracking from $140 up to $150.

Technical Review – 4-hour Chart

XMR/USD 4-hour chart

Despite the above-mentioned daily breakout from the supporting trend line, there is still some hope for XMR/USD in the near-term, because from looking at the 4-hour chart view, the price has been moving within a range-bound block. This narrowing area has been running since 26th September. Fortunately for the price, a fresh wave of selling pressure has been prevented for now.  The lower part of the mentioned range has proven to see some near-term support. Therefore, the protection has been observed from around $112 to the high $111 territory. Although, a breach of this area could see a fast fall back down to sub $100, last traded below here on 12th September. While further downside pressure could force a retreat back down to a firm demand zone. Eyes would be on $86-77 range for buying.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 3.50 out of 52 votes, average: 3.50 out of 52 votes, average: 3.50 out of 52 votes, average: 3.50 out of 52 votes, average: 3.50 out of 5 (2 votes, average: 3.50 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 29 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets.




Feedback or Requests?

Continue Reading

Altcoins

Monero Price Analysis: XMR/USD Bulls Cooking Up Big Potential Moves

Published

on

  • XMR/USD price action surprisingly this week has been generally muted.
  • Current price behavior looks more favorable to see upside surprises, rather than any heavy selling pressure.

The Monero price this trading week has been somewhat muted. This comes as quite a surprise given the recent updates from the foundation. The foundation introduced the Maleware Workgroup, a huge step in efforts to protect the Monero community. Elsewhere, the foundation was also finally able to patch the ongoing ‘burning bug’ issue, which was proving to be a big problem. Full details of both developments posted in previous Monero article.

Near-term Analysis (60-Minute Chart)

XMR/USD 60-minute chart

Looking at the 60-minute chart for XMR/USD, it is very much clear to see how tight the trading range is. The vast majority of price action, aside from a couple of spikes here and there, has been swinging between $117 down to $111. This behavior has been observed since the bull run seen on 19th September, which was then paired after 23rd September fall.

Daily Chart View

XMR/USD daily chart

Price action is being supported by an ascending trend line on the daily chart. This has been running from 13th August, proving its strength. XMR/USD is currently stuck in between the 100DMA ($116.795), which is seen above, and the 50DMA ($110.877) below.  The price has seen a bounce on several occasions in September, off the trend line.

Next Move for Monero

The above-mentioned tracking ascending trend line is going to be vital in Monero’s recovery. Market bulls will need comfort, in case of another failed break down of above chunky supply area. This is seen tracking from $140-$150. There were several occasions in July and one in September, where the bulls failed to break this down. On each time the price has come into contact with this territory, it has been hit pretty hard by the sellers.

XMR/USD daily view

A breakout to the upside from the mentioned supply, could see a fast move towards $170, where some resistance can be seen. The price most recently found difficulty within this area at the early part of June. Enough bullish momentum should see it clear this territory, with $200 being reclaimed to the upside. XMR/USD was last trading above $200 back on 21st May.

Looking to the downside, a breach in the ascending trend line to the downside, could be catastrophic. Sellers would likely pile in with a high amount of volatility, sending the price down to sub-$100. The next chunky demand area is seen down within the $90-75 range. XMR/USD traded within this zone on 14th August, where the market managed receive a firm bounce.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 29 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets.




Feedback or Requests?

Continue Reading

Altcoins

Crypto Market Development: South Korea’s National Policy Committee Chair Calls For ICO Legalization

Published

on

  • A member of South Korea’s governing Democratic party and the chairman of Korea’s National Policy Committee, Min Byung-Doo, is urging to ease the current regulations on Initial Coin Offerings (ICOs).
  • Min Byung-Doo wants to introduce necessary regulatory framework, allowing ICOs in the country.

Allow ICOs In South Korea

The South Korean National Policy Committee Chief, Min Byung-Doo, is calling for a regulatory framework to be explored. This would be to allow for Initial Coin Offerings (ICOs) to take place within the country. He stated that the current prohibiting of ICOs weakens the industry’s competitiveness appeal with foreign markets. Further boldly adding, this would be preventing growth.

In his statement at to lawmakers, Byung-Doo said, “We can see that the flow of investment is clearly changing compared to ICO and angel fundraising. The ICO has raised $1.7 billion for Telegram and $4 billion for Block.One, it is getting bigger and bigger.”

Further in the statement, Min Byung-Doo said, “Let the government, the National Assembly and the blockchain association quickly create a working group to block fraud, speculation, money laundering and develop the block-chain industry,”. However, he acknowledged the government’s reluctance to create the needed framework.

In September 2017, the Financial Services Commission in South Korea announced a ban on ICOs. The law has not yet been enacted.

Crypto Market Reaction

A lack of reaction has been observed for now, despite this determination to help further legitimize the digital currency market in South Korea. Crypto market developments in the country are always watched very carefully. This is given their large crypto market participation. It was reported in December 2017 that South Korea accounted for as much as 17% of all Ethereum trades occurring in cryptocurrency markets.

Market Reactions To South Korean Related News

Ripple (XRP) crashed in January, following CoinMarketCap’s decision to remove XRP price data from Korean exchange desks. This as a result largely brought down the total average.

XRP/USD Coinmarketcap update triggered drop

On 11th January, Korean crypto exchange Coinrail was hacked, and over $40 million in tokens were stolen. Bitcoin initially dropped over 11% on this.

BTC/USD Coinrail hack triggered drop

One final example, UPbit, a South Korean exchange, was investigated by authorities for illicitly moving customer funds to the account of its executives. Bitcoin initially dropped over 7% on the news.

BTC/USD UPbit investigation triggered drop

Given the above mentioned, one should keep an eye on any developments coming out of South Korea, for the foreseeable future.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 29 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets.




Feedback or Requests?

Continue Reading

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending