Incident Of The Week: Suspected DDoS Attack Disables Co. Site On Election Day

In the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent.

Combing through data, market research and threat-defense efforts taken by enterprises can be a daunting task. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional. CSHub coverage extends outwards – as it helps enterprises batten down their proverbial hatches.

In this edition of “Incident of the Week,” we examine a cyber incident that took place in Knox County, Tenn., and knocked off a county website just after polls closed on election night. The server crash occurred Tuesday, May 1. The site was reportedly down between 8 p.m. and 9 p.m., before the issue was remedied.

Mayor of Knox County, Tim Burchett, announced the following day that a cyber security contractor would be brought on to evaluate the attack. Burchett said, however, that the crash did not affect vote tallies or the integrity of the election, according to a release on the county website.

“This is not something that should happen,” Burchett added. “I want to know what happened, and I think an independent review will help to determine that so we can move forward and work to prevent similar issues in the future.”

See Related: Incident Of The Week: Drupal Vuln Being Exploited By 'Muhstik' Botnet

As of May 2, a Knox County-based IT security firm was working on determining the root cause of the incident.

The county’s Information Technology Department also released a report on the matter. In it, IT Director Dick Moran said that a preliminary review uncovered “heavy and abnormal network traffic” from numerous IP addresses emanating from various geographic locations. Some locales are “external” to the U.S.

“Based on my experience, this was highly suggestive of a (denial of service) attack,” Moran noted.

The county IT team reportedly acted swiftly in getting the site back online. This Tennessee-based cyber-event is a microcosm of many wider security fears, including those around the integrity of the electoral process.

Remedial Steps

Since the allegations of Russian meddling in the 2016 presidential election, many security teams are determined to strengthen their networks. In fact, there are many CISOs and security folks with similar titles working in agencies and large enterprises to attain that goal. It is also suggestive of a larger issue of nation-state hacking – be it in the electoral process or hovering near high-traffic networks (e.g., ransomware, DDoS attacks, state-sponsored “insider” events, etc.).

Some security-oriented officials are not wasting any time in trying to repair the system. Any sweeping changes or repairs done to the system, then, could show CISOs around the world that mitigation methods, no matter the vector, could prove worthwhile.

David Hickton, a former U.S. Attorney for the Western District of Pennsylvania and the head of the University of Pittsburgh’s Institute for Cyber Law, Policy and Security, along with Grove City College President Paul McNulty, are getting ahead, locally, by forming the Blue Ribbon Commission on Pennsylvania’s Election Security. This commission was convened to study the state’s cyber security aims and reduce vulnerability in time for the 2020 presidential race.

According to Trib Live, Hickton said, plainly, that “our systems are vulnerable” and restoring them is in the interest of “every part of our government” and “every part of what we stand for.”

What’s more, in March, Congress allocated $380 million to help secure U.S. voting systems from cyber-attacks. It came as Congress’ first notable effort to tighten security after the charges of foreign meddling. According to HuffPo, in the weeks since, the Department of Homeland Security (DHS) has said that communication with state election officials has improved, as has the exchange of information.

Be Sure To Check Out: Incident Of The Week: Hackers Take Out Caribbean Govt., Access Railway Data