Most of the largest US voting districts are vulnerable to email spoofing
0Reported today on TechCrunch
For the full article visit: https://techcrunch.com/2019/12/05/major-voting-districts-vulnerable-email-security/
Most of the largest US voting districts are vulnerable to email spoofing
Only 5% of the largest voting counties in the U.S. are protected against email impersonation and phishing attacks, seen as a key attack method by hackers who officials say want to disrupt the upcoming presidential election.
The findings come less than a year before millions of Americans are set to go to the polls to vote for the next U.S. commander-in-chief, amid fears that Russia is preparing to disrupt the upcoming presidential election with tactics to manipulate voters as the U.S. intelligence community found in 2016. U.S. officials aren't only concerned about the spread of foreign-led disinformation - or "fake news" - to try to alter the outcome of the tally, but also threats facing election infrastructure, like hackers breaking into election websites to dissuade or disenfranchise voters from casting their ballot - or even stealing voter data.
Researchers at Valimail, which has a commercial stake in the email security space, looked at the largest three electoral districts in each U.S. state, and found only 10 out of 187 domains were protected with DMARC, an email security protocol that verifies the authenticity of a sender's email and rejects fraudulent or spoofed emails.
DMARC, when enabled and properly enforced, rejects fake emails that hackers design to spoof a genuine email address by sending to spam or bouncing it from the target's inbox altogether. Hackers often use spoofed emails to try to trick victims into opening malicious links from people they know.
But the research found that although DMARC is enabled on many domains, it's not properly enforced, rendering its filtering efforts largely ineffective.
The researchers said 66% of the district election-