Securing an election has never been more difficult. Especially with the current state of the pandemic and its impact on in-person events, there’s much more to election security than protecting voting machines. Things like voter intimidation, disinformation, and security after election night all tie back into election security as much as infrastructure. Brad and Evan break down securing the 2020 election on this week’s episode.
Protect Your Organization from Cybersecurity Threats
SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.
Podcast Transcription:
[00:00:22] Evan Francen: hey there, thank you for tuning in to this episode of the Unsecurity podcast. The date is october 14th 2020. This is episode 101. I’m Evan Francen your host in Germany. Uh it’s my good friend and co-host Brad Nigh. Good morning brad.
[00:00:37] Brad Nigh: Good morning Evan.
[00:00:38] Evan Francen: I know uhh we’re a day late and getting the podcast out again this week but cal we’ve been busy. You and I talk offline and there’s just a lot of a lot of stuff going on. Yeah. Yeah. Yeah. Get on track back on track next week. Hopefully.
[00:00:57] Brad Nigh: Yeah, that’s the plan. You know like life just happens and work is nuts. And what are you gonna do?
[00:01:05] Evan Francen: So you’re saying security people have a life,
[00:01:09] Brad Nigh: I mean and maybe you know, I have a family. So you know, family life gets nuts. I wouldn’t say necessarily have a life.
[00:01:19] Evan Francen: What would uh you ever think? What would life be like if you know, as a security person if you didn’t have your family?
[00:01:30] Brad Nigh: Oh I’m with I’m the same as you. Like my family is what keeps me from like working around the clock. Okay.
[00:01:39] Evan Francen: Right. It’s such a buffer.
[00:01:43] Brad Nigh: Yeah. Um
[00:01:45] Evan Francen: Yeah, because I wondered because there are lots of people in our industry who don’t have families and I wonder. Mhm do they work more? I mean, I don’t know, I didn’t have a family. I would work all the time,
[00:01:59] Brad Nigh: you know, I’m saying just I think it depends on how you’re wired, you know? Yeah, I love what I do and passionate about it. So yeah, why wouldn’t I do it?
[00:02:14] Evan Francen: Okay, Right now, on my task list, I have 65 things. I should share my task list someday. Maybe someday we’ll take something off of it.
[00:02:23] Brad Nigh: Yeah. Yeah, I got a lot of mind crazy,
[00:02:29] Evan Francen: But if I didn’t have family, I wonder if I would just keep working until my 65 things were Because then it just fills up in another 65 things.
[00:02:37] Brad Nigh: Mm Yeah, Yeah, anytime one thing gets taken off, it’s like, do you think that added?
[00:02:45] Evan Francen: Yeah. And I don’t think I’d be any more accomplished. I don’t think I’d get any more impact done on the industry. I just think I die earlier. Yes, probably it’s an interesting conversation about how important family is or something, you know, because I don’t want to rip on the people that don’t have families, because you don’t have families. There’s nothing wrong with that. But my God, if I didn’t have my family, I’d be screwed.
[00:03:15] Brad Nigh: Yeah. Yeah, I think, well, like I said, everybody is a little just a little different, you know, some people that’s just not what’s right for them, but, you know, uh it’s a kind of anchors, me and
[00:03:30] Evan Francen: we should have somebody that come on the show Who doesn’t have a family. We can find one and who’s kind of an a type personality in our industry and talk to them about this. Okay. Yeah, different. Yeah, I’m curious about it. How do you build margin? You know, add a pastor once you told me how important it is to build margin in your life, which is like time for like, you know, not doing anything or just relaxing or whatever it is, it’s healthy.
[00:04:05] Brad Nigh: Yeah, I do know that if I didn’t have family, I have a lot more toys. I wouldn’t have more money, but I have more toys.
[00:04:13] Evan Francen: Yeah, no, that’s a good point, man. I don’t know. I don’t know. I I really like my family. So I don’t think, you know, some people read into it, you know, could read into it. Well, you know, if you’re sitting there thinking about what life would be like without your family, are you wishing you didn’t have your family? It’s like, no, no, no, no, don’t take it there. Yeah, I just wonder like without my wife, you know, how screwed would I be? Oh, thank
[00:04:47] Brad Nigh: you for both of us.
[00:04:50] Evan Francen: Right. All
[00:04:53] Brad Nigh: right. Uh
[00:04:55] Evan Francen: yeah, so I real quick just, you know, well actually, let’s get to that in a minute. I want to reiterate, you know, we did the last two podcasts about, you know, just kind of our review of the social dilemma. That’s the netflix documentary about social media. I saw another news are this morning um about the very same thing. And they were talking to see if I can find it quick. Uh tim Kendall. Remember Tim Kendall? He was the one who was head of monetization at baseball. I just saw something in the news today about it’s interesting that this is a tie in uh the title of this article is ex facebook pancho, tim tim Kendall says Big tech is a threat to democracy, calls for social media reform. Like, huh, we’re talking about election security today and we just talked about social dilemma The last two weeks. Yeah, it was totally on accident. I was just getting ready to take a shower this morning and opened up the news, I was like, oh, interesting. Mhm. But I liked it so much. I actually liked that because I love when things like spur thoughts in my mind, you know, makes you think like, wow, is my reality been Yeah, different than I thought it was? Or uh is there a different perspective that I didn’t consider, you know, as I formed my own reality in my mind? And that’s the thing, right? With people? We if you’ve got seven billion people, you know, in the in the world. Yeah. Really? When you think about it, are there seven billion realities walking around because we all have our own perception of things.
[00:06:51] Brad Nigh: Okay, so weird, right? Mine won’t like it.
[00:06:58] Evan Francen: But somehow somehow the seven billion realities all have to be weaved together to create you know
[00:07:11] Brad Nigh: this Mhm.
[00:07:14] Evan Francen: It’s freaky but you really go out
[00:07:17] Brad Nigh: your way to explain too deep to be talking about it. I don’t know you really didn’t know is that deep?
[00:07:23] Evan Francen: But I think that’s the reason why I want to watch that documentary again is I just want to like you know kinda sit there and stew on that more. Yes. But anyway, seven billion realities because that’s one of the things that just frustrates the crap out of me man. I you know there’s obviously now what dominates the headlines as trump and biden right? And then you’ve got the other you know stuff all around the outside like you know uh Amy coney Barrett. I think it’s really the
[00:07:59] Brad Nigh: the Supreme Court.
[00:08:00] Evan Francen: Yeah, yeah. You’ve got you know this other ancillary stuff but more of it all right now is biting and trump and yeah, you know I was I read things I read I try to be as non biased as possible but we’re all biased right?
[00:08:18] Brad Nigh: Yeah. Yeah. I mean it’s
[00:08:22] Evan Francen: not
[00:08:23] Brad Nigh: there are certain biases you have it’s just human nature, you can’t not.
[00:08:29] Evan Francen: Yeah. Yeah I think and I like to think that it’s good to be able to reflect on you know what your biases might be and are the decisions I’m making biggest and those biases,
[00:08:44] Brad Nigh: you know I mean I’ll say this that might be part of the like that next level of mhm of devices is being aware of what they are and you know, being cognizant of those when you’re doing things because like you said, we all have different backgrounds, We’ve all come up different ways. It just shapes who you are, which builds in some biases, but that doesn’t mean that that’s just not always negative.
[00:09:18] Evan Francen: Right? Right. And I think if you can, for me, it seems to help if I can pull myself bias, pull myself out of it, try to pull, you know, try to change the my my mind on is what this person saying making sense, just at face value. Forget about where they’re coming from. Forget about their background, forget about whether they’re from is saying makes sense. And can I fact check it? Yeah, because uh huh because I was doing that yesterday, there was talk about the latino vote. Um and one side was saying uh you know, playing the de Sposito thing when biden did that. I don’t know if you saw that clip, but um how that was pandering to the latino vote and you know, you gotta give Latinos more credit than that they have, you know, they have a head on their shoulders. And and then I was watching and that came from like a UFC Fighter, Jorge Mas Vidal, I think it’s his name. Yeah. And so I was like, well, you know, you got a point, you know, uh so then I start reading the comments on this tweet. It’s like the comments on the tweet are not there. They take their side polar opposites left or right biden or trump. And it’s like they didn’t even watch the video. Oh
[00:10:56] Brad Nigh: no. Yeah. Yeah. That’s why overall just I avoid social media as much as possible,
[00:11:06] Evan Francen: right? But if they did watch the video and then they still have these comments. It’s like are you that stuck in your ideology into your bias? That you will not accept any other point of view anymore? Yeah.
[00:11:23] Brad Nigh: Yeah.
[00:11:25] Evan Francen: That’s a dangerous spot to be because then then you become radical. That’s what radical.
[00:11:31] Brad Nigh: Yeah. Well that’s what we’ve talked about is with with social media. It’s it’s they with their algorithms, you know, it’s like, oh, you like this. So I’m gonna show you more of this. And it’s like that lack of a better phrase death spiral, right? It’s a the echo chamber where it does, it just amplifies those extreme views,
[00:11:56] Evan Francen: right? Because something I don’t want to be, I want to stick to my values because my values are who are what sort of make me who I am and the the one I stand on, right? When the world is pushing around. It’s like I got my values and then so I try to stick to that. But then God forbid I don’t ever want to be a radical. So I don’t want to get so stuck in my mind that I’m closed minded to other point? It’s another thoughts but I see so much of that today. Yeah it’s just so much like I don’t care if what you could be hitting me right upside the head with some of the most impactful facts that that uh on something but if it goes against theology, if it goes against my made up mind it doesn’t matter. Yeah if anything if anything I might come out fighting right, it’s like putting putting a cat in the corner, they’re gonna come out, I pray to kill.
[00:13:01] Brad Nigh: Yeah. Yeah it’s not. Yeah. Mhm.
[00:13:05] Evan Francen: Yeah it’s nuts man. So alright catching up, how you doing, how how’s your week house uh you know housework, good, it’s uh some cool stuff yesterday.
[00:13:17] Brad Nigh: Yeah just kind of wrapping up some things from Q3 and identifying some new free resources and tools that start developing here over the next, you know deliver something this quarter and just keep moving forward with that. So I’m pretty excited about some of that have a big project on a 40 to 50 hour project that kicked off monday there has to be done this month for customers so it kind of stepped in and helping out So that’ll be good around office 365 hardening and stuff like that, impressed that they they have they are using the email only at this point and wanted to come in and and be proactive on making sure they have all their configuration set properly, you know, what can they do before they migrate everybody to using SharePoint and one note and all the additional uh services. So I’m really happy that they’re being proactive about it. Um Nice. It’s
[00:14:26] Evan Francen: gonna be fine. So they’re actually talking about security at the front end of the project
[00:14:32] Brad Nigh: pretty much, I guess they went to the email which, you know, you know, email online versus on prem really isn’t a huge difference in terms of some of the stuff, but the others would be new services, they’re going to offer their employees. So yeah, they’re being proactive with that. And then um also doing the the election security for the Minnesota counties. That’s going really well. Been really happy with ever. It’s been i opening in a good way, like it’s not what I was expecting and that’s it. Come on, I don’t want to sound negative about that. But yeah, it’s been really energizing encouraging. Maybe I don’t know what the right word is. Apparently it’s an the word though. Um but just talking
[00:15:34] Evan Francen: with anything enticing right Evans in the word, Evans new york.
[00:15:40] Brad Nigh: But uh yeah, that’s going really well. And then next week we have our uh, quarterly VTL so that would be awesome. Start planning for 2021 and it’s my calendar for the rest of the month is completely full. Okay. So it’s good problem to have, but little chaotic.
[00:16:08] Evan Francen: Yeah. So that’s, well this is fourth quarter, right? This is how fourth quarter works in much of our industry, you know, the uh Yeah, and you and I talked about, you know, that that project you have coming up or that, you know, you’re just starting. That’s that’s exciting. There’s always, I mean it’s cool to see you getting back into project a little bit too because you kind of take you for a while, you were doing more innovation stuff, creating things leading, you know, other analysts and stuff like that. So it’s good to see, you know, every once a while it’s nice to get actually for sure. Yeah,
[00:16:49] Brad Nigh: I’ve kept a couple of D. C. So clients, but they’re pretty low maintenance finds its good. I mean they’re in really good shape, so that’s nice. But yeah, I agree. It’s it’s good to just keep stay in the game, make sure you’re, what you’re doing is actually still relevant, you know, you’re not falling behind staying on top of things.
[00:17:19] Evan Francen: Yeah. Yeah, for sure. Uh for me, it’s been a couple of talks this last week yesterday, I gave a talk. It was kind of a an impromptu talk, I was invited to a pretty large public company to speak to their team and I think we’re 43 people online and that team and it was, it was truly impromptu it was like I was pinned on it on thursday like, hey Tuesday morning at eight a.m. Can you come talk to our team at cyber security awareness month and blah blah blah? And I’m like, and it’s a friend of mine, you know, the ceo like, yeah, man, of course I can do that. So I move things around. Uh, did that talk yesterday. That was awesome because it was the second time I’ve given that talk cause I didn’t, I’m not going to create a whole new slide back for this. So I just used the simplification slide deck that I used for from A bunch of college is like 50 Personal Colleges River. That was last week. So, uh, and then, you know, my dog died last week, so that through last week off, kind of just funky, but um created this as to index, which we’ll do a release on that pretty soon. Them marketing people have to make it pretty because I’ll make things pretty uh Got a nice peek at your fact version two and suffer fact for listeners. In fact, is uh, the way we do VC. So virtual chief information security officer at at fr secure and you showed that with me yesterday. I thought it looked really, really good. Um, I’m excited to dig in a little bit more on that. Uh, had lunch with Pat Joyce last week. He’s the chauffeur. Medtronic, one of my favorite people. I mean, can I just love that guy. He’s so he’s an exceptional, exceptional leader and, you know, being able to, you know, have lunch with him and just share thoughts. We’re talking about mental health on, uh, you know, insecurity teams. And how would, you know, if one of your people are struggling with mental health? That was a really good talk. And it was just a lot of really good security stuff going on. A lot of good conversations. And then you got the day to day administrative Bs that comes up. So, I got to, you know, deal with that. That’s the part I don’t like, like so and so is upset about, you know, such and such and, you know, our culture is so, so important to us that you have those things, but people are people, right? I mean, humans are humans and they have issues with other things and that is just such a pain in the ass. It’s like kids, you know, sometimes.
[00:20:06] Brad Nigh: Yeah. No. Yeah, I know what you’re talking about.
[00:20:11] Evan Francen: I know. Uh, so that’s distracting. I got one of those things actually, what I got the call last night about our text last night. Uh, there’s something big, but it’s just like, uh, then they’re never big. They’re usually petty stuff. You know, right? You have to stop what you’re doing to do something else. And it’s petty. But you know what if you don’t care. Everything’s a lot of that’s just like security. Like life. You don’t take care of the petty things. They’ll become big things potentially. And you would have taken care of it when you when you learned about it.
[00:20:47] Brad Nigh: 300%.
[00:20:50] Evan Francen: All right. So we’re both busy as hell. Yeah, That’s how busy. Why don’t we come up with that? Who came up with that thing? I’m thinking too much today.
[00:21:02] Brad Nigh: I know you’re really like deep and uh, philosophizing.
[00:21:10] Evan Francen: I don’t know what they think it’s called the election rap man. It’s it’s like, uh, that’s not a bad point. But you’re not somebody who’s going to vote for the person I’m gonna vote for. Probably. Yeah, I know she’s weird. All right. So let’s talk about election security. As you know, uh, today where 20 days yesterday, it was three weeks. We are 20 days away from the election. If you haven’t registered to vote yet. And I’m speaking to the listeners and you brad. I’m sure you’ve registered. Um, go out and register to vote. You should. It is a civic duty. It is something that we’re all supposed to do. You can’t really complain. Even if you think your vote is insignificant. Every thought that then nobody would vote and we’d have a dictatorship. All right. Well,
[00:22:00] Brad Nigh: you don’t get to complain if you didn’t vote.
[00:22:03] Evan Francen: That’s what I’ve always do, man. It’s like you can’t complain about the president. If you didn’t vote for the president or against the president or whatever. So yeah, Get out and vote easy. Quickest place that you can. I mean there’s lots of places you can go to register. The one that I would recommend would be vote dot gov. So you can just go https colon slash slash vote dot gov. That’s where you can register. So uh and you get you get to keep your own vote, you’re supposed to be somewhat anonymous, right? You don’t have to tell anybody who you voted for. So you know, you don’t have to do that. People should respect, people should respect your right to that. So somebody’s pants, you know, I don’t know if you had anybody ask you, who are you voting for? Who to vote for Other than my wife. Nobody asked me that. Either they don’t care or they know that I’m just gonna be like I’m telling you home phone
[00:23:02] Brad Nigh: before. Yeah, I don’t really outside of like a close circle of friends that it’s not really a secret or whatever, however you wanna put it. Uh Excuse me. Yeah, no, I haven’t I haven’t really had that this this time I had it happened in the past, but maybe because we’re all remote, it’s a little different dynamics. But no, I haven’t had really anybody asked me. This
[00:23:28] Evan Francen: is, So the date is November three. That’s Tuesday three weeks from yesterday. Uh Yeah please please vote. It’s interesting. You know, I don’t know if you get turned off. I get actually pretty irritated when I have people who can’t relate to a single thing that I go through in my life other than maybe taking a dump and eating food who try to tell me who to vote for, right? You have all these uh uh celebrities uh you know, sports people people that in a totally different world than I live, right? You talk about different realities. Seven billion realities. Their reality ain’t mine. Right. Right. The pandemic didn’t didn’t bother. You have all that much other than the fact, I don’t know. You live in your mansion and you have people that go and got food for you anyway. You never had to do any of that stuff and then you’re gonna tell me who to vote for, right?
[00:24:32] Brad Nigh: Yeah. Yeah. Yeah. I don’t know. You
[00:24:37] Evan Francen: talk about bias if you talk about bias, what do you think their biases? Yeah. Do you think they really give it to me? Uh You know, that’s my language,
[00:24:48] Brad Nigh: I don’t know, right? That’s that’s their right is to say, hey, here’s who I’m supporting as part of that. So whether you agree with it or not. I think it is. Mhm. It’s what’s good is one of the things is that they have the ability to speak freely about this stuff. You wouldn’t see that in, you know, in Russia or china
[00:25:15] Evan Francen: and I do like that fact. I like the supporting thing. What I don’t like is attacking the other side thing or when it becomes make more than just supporting. Yeah.
[00:25:26] Brad Nigh: But yeah, no, I already voted and mailed in ballot, uh, last week and nice. You’re,
[00:25:39] Evan Francen: you’re ahead.
[00:25:40] Brad Nigh: Yeah, we did it. Um, two years ago I guess, uh, as well, we’re whenever the less I get L. A. Every year, but the big ones, we’ve done the main line, it’s been great here in Minnesota, you know, everybody gets its own bar code on there envelope. And actually for the primaries, I put the wrong identify where I just forgot what, you know what. But uh, you know, they have multiple things that they can put when you register to, uh, do the absentee ballots and I forgot which one I did. And they actually called and emailed and said, hey, there was a problem with this and took care of, it was phenomenal. I was really impressed with, uh, with how that went. Yeah, because I registered bike in March and forgot.
[00:26:34] Evan Francen: That’s really, because there’s so many, uh, you know, I didn’t realize that it was excited not voting that way. I’m going to go to the polling station. Uh, then I wear my mask and be responsible and all that stuff. But the, um, do you, if so much of the news is like, it’s chaos, right? It’s so creates corrupt and also the stuff, but that sounds pretty, you know, and
[00:27:04] Brad Nigh: secure and having worked with a bunch of these counties. I mean, here’s the thing is like I said, you have specific steps you have to follow, right? So there is the opportunity for making a mistake, you’re right, you have to put it inside the privacy envelope, then you have to put that inside the signature envelope and fill out your information. And like I said I made a mistake in the primaries and and but they were able to contact me because you have to put your how do you get contact when you register for that? But yeah the signature of Lopez a barcode on it. And so you didn’t even if somebody were to try to catch multiple votes, the system is only going to count one. That’s the way it’s built. You know, so if that bar code for that person has been processed, that’s it the other any others that may come in are going to get rejected. So if I were to try to go in person on november 3rd it wouldn’t work. And there’s a you know the statement said it has a really nice website where you can go and put in your information and use the different things and see where your ballot is. Have they received? It hasn’t been processed as it was it accepted. So I think there’s a lot of misinformation out there and there’s a lot of you know obviously there’s there’s opportunities for mistakes to happen but the security overall for the the absentee ballots is it’s really pretty solid from from what I’ve seen young you
[00:28:50] Evan Francen: uh huh. Sorry that’s like the saying the sang of 2020 you’re on mute. Well that’s the nets in Minnesota uh is it run differently in other states? Do other states? And every other counties in other states have different approaches to it.
[00:29:08] Brad Nigh: There’s some extent but you know, overall from what I’ve seen, it’s very similar with having the barcode and having the privacy envelope and the signature envelope and requiring uh you know some states require a witness so you have to have somebody else signed that they saw you do this. Um But as far as I know it’s the they have that barcode in place uh kind of system to prevent these things from happening from not allowing multiple votes to be processed for a single person.
[00:29:46] Evan Francen: Mhm. Okay well I’ve seen, you know we’ve heard stories of about you know ballot stuffing where you know maybe I can take somebody’s vote and change it or you know gather a whole bunch of people that wouldn’t normally vote and course them into voting for my candidate and then taking those things in uh Yes I think there’s there’s always to be um I think an opportunity for fraud in anything.
[00:30:23] Brad Nigh: Yeah but I agree and you know but what you see is you do hear about these stories where somebody gets caught and to me it just shows and indicates that the system is working right? These things are not actually have being they’re being taught that that’s what you would want to see like somebody’s trying to do something they shouldn’t. And they got caught that to me shows that those checks and balances are in place to ensure that It is done well. And you know, you’ve got states that have been doing vote by mail for, you know, I think what Colorado or Washington state has been doing it for over 10 years and not had any issues. Like there’s security measures in place and tampering with the mail is a federal offense and you do not want to mess with the postal inspectors. Those guys are no joke.
[00:31:21] Evan Francen: So inspectors, right?
[00:31:23] Brad Nigh: Yeah. Like, you know, they have their own enforcement wing, they have their own police service basically. And yeah, tampered with the federal, Yeah. Oh yeah. No, they, you can read stories about it. They are, no, no joke. They’re very, very serious about their stuff.
[00:31:44] Evan Francen: So, you know, that’s one. So, okay, go ahead.
[00:31:49] Brad Nigh: I know. I would just say it’s just another level of protection that’s in there, right? It’s built in.
[00:31:57] Evan Francen: Yeah. And hopefully there is some consistency across, you know, the different counties or districts, you know, across the United States, but it sounds like Minnesota’s got things pretty well squared away and I really like the fact that they engaged security experts to come and some, uh, each county and the state actually, I think arranged for it to do it at no cost or low cost. So that
[00:32:24] Brad Nigh: No cost to the counties. Do we just fill out the risk assessment and they get a 30 minute you know, conversation, no cost to them. It’s been really, really good.
[00:32:37] Evan Francen: That’s awesome, man. I wonder what we can learn from that. Can we learn something from this to do, you know, after the election? You know, what things can we do for counties, for states, for counties, cities, municipalities after this way, the way that we’re doing this election security thing,
[00:33:00] Brad Nigh: I would say right now, based on. And it’s so still, I’d say relatively small sample size, but based on my conversations to this point there, the one consistent theme that I’m seeing is, well, I guess to like one of these people truly care. They are very passionate about what they do. They’re very much aware of where some of those holes are. Like I’ve gone through this and none of them have been surprised by what the results have been. You know, and they don’t see it until we have this call, Right? So they’re not, they don’t have any problem. They just don’t have a questionnaire. Um, but the biggest issue has been, uh, capacity like, you know, budget. It’s the same thing you would have it, you know, schools and things like that is, Yeah, I know that this is a weakness. I just don’t have time to do it. I need more staff or I need. I know I need these tools. I just can’t afford it. And so how do we baby? Yeah, that’s the kind of that you’re talking about. What we’re talking about. Some of the things that are coming. It’s that mission before money approach is building out some of these tools for uh, you know, schools and counties and and small businesses to be able to leverage at no cost that that are going to increase uh there’s security, reduce arrest.
[00:34:39] Evan Francen: Right? All right. Well, so, um your mail in ballots, that’s that’s one way to do elections now. I found some resources online that I think are pretty cool about election security. I was surprised to see, you know, how many actual quality resources there are. Um and I listed them on, you know, in our show notes, we have the election Infrastructure Security, you know, site from Yeah, the Election Security from the Department of Homeland Security has a nice site. Uh another one from the US Election Assistance Commission. Um and then there’s even one from uh D. N. I the national counterintelligence and Security center. Foreign threats to US alone. So good resources there, you know, even the first one, right? If you look at cisa so if you don’t know who sisa is, it’s the cybersecurity and infrastructure Security and see it’s part of the Department of Homeland Security. They usually have some pretty good resources in just October seven. They released uh actually October two they released election disinformation toolkit, which I thought was kind of cool like a toolkit about disinformation and it’s meant to help election officials um communicate well as a trusted voice uh to spread the importance that we are all in this together despite the partisan bs that we’re all bombarded with every day. Uh we’re trying to reduce the impacts of disinformation campaigns on the elections. I thought that was really cool. Yeah.
[00:36:22] Brad Nigh: What
[00:36:23] Evan Francen: really about
[00:36:24] Brad Nigh: uh real quick with Sisa is that they do free no cost vulnerability scans for government agencies. So like there used to be
[00:36:36] Evan Francen: oh sorry, wasn’t there a big, wasn’t there a big like waiting list for that? Has that been resolved? It’s
[00:36:45] Brad Nigh: from what I’ve heard the people that the cannons have not had any issues. Okay. Yeah, it’s automated and you get like weekly reports, so you just have to email in and request it. And then so if you’re a government, city’s county governments, the government who take advantage of that. 100% take advantage of that.
[00:37:14] Evan Francen: And there’s another. Yeah. So because we we hear a lot too about, you know, election elections can be hacked right from the nation state and so much of that is overblown. Yes. The machines can be hacked just about anything that you have physical access to. You can be hacked uh the code running on a lot of election machines can be hacked? The thing is, can I get to it? And can I get to it in mass. Can I get to 50 election machines when the 50 election machines are run by sort of 50 agencies are 50 different counties and you know, they’re just independent. They’re not all, it’s not like I can go after one central. You can, but it’s not that’s that part is very, very well protected. And
[00:38:11] Brad Nigh: those are the actual ballot machines are on separate networks there. You know, basically like call home to only a specific thing. They’re all fine until, you know, they need to call home now and that’s all of them. But that is, you know, there are some that are like that. And so yeah, it would be a massive, massive undertaking. Could it be done? Sure. But is it likely? I don’t think so.
[00:38:39] Evan Francen: Well, it could it be done without detection, Right. No, I don’t know how you could possibly without detection.
[00:38:47] Brad Nigh: Yeah, I would agree. I think you would be, it would be uh pretty obvious.
[00:38:54] Evan Francen: Right? And so I think what you’ve seen and who and who would have the motivation to do that other than, you know, the partisan people who don’t have probably don’t have the skills or the resources anyway. So we’re talking probably a nation state Russia china Iran. And even if they have the capabilities, what would be and they might but doubtful what would what’s easier for them to just engage in disinformation campaigns? Well,
[00:39:30] Brad Nigh: it’s exactly what
[00:39:31] Evan Francen: actual election boxes?
[00:39:33] Brad Nigh: It’s going to be more beneficial for them to spread that disinformation. So the uncertainty and doubt, Right? But the fund that we talked about, so I think that that’s probably there bigger they are, the more we talk about hackers are they’re going after these Attackers are going path of least resistance, Right? That’s just the reality of what they do. They’re not going to what’s the what’s going to get them what they are looking for with the least amount of work? It’s not going to be hacking individual polling sites or things like that. It’s going to be spreading the disinformation to start with. It’s social engineering, right? Is really what it comes down to. Is there are they gonna do technical hacking or social engineering? What’s the easier way in? It’s always through the people not the technology.
[00:40:30] Evan Francen: Right. Right. Why If you thought you would have thought we would have learned some of this from 2016 that election? Because we uncovered a bunch of disinformation campaigns, we knew how the adversaries at least in that election. How many of them were trying to influence the election?
[00:40:50] Brad Nigh: And you do see like, you know, twitter and facebook, just deactivated a huge number of Russian accounts that were spreading this information. So I think we have learned from it, but it’s not proactive yet. It’s still reactive um in finding these things,
[00:41:11] Evan Francen: Right? Yeah, yeah, I agree. So, there’s, you know, to close this out. I think there’s a lot more to election security than just infrastructure. We do have we do have voter intimidation. We’ve seen evidence of that. I don’t know if even that’s as widespread as the news might make you feel like it is um where I’m going to be voting. Uh, I’m fairly certain that there won’t be any voter intimidation. Um and I think in most cases for most people, you won’t be intimidated now. I understand it’s your right. If you don’t want to tell somebody who you vote voted for it, don’t a lot of the intimidation comes from the fact that, you know, that I’m voting for not your guy, right? And you’re so passionate and kind of, you know, wound up into that ideology of that guy that, you know, you’re gonna intimidate me for voting for not your guy. So just avoid it if you
[00:42:13] Brad Nigh: can
[00:42:16] Evan Francen: The disinformation absolutely is 100 there, right? That is the way elections are influenced. That’s the way. And and it’s like if you read all the stuff you do, you have, I think most people without most divorce so confused about was this a fact or not a fact? I mean, it’s just like it’s crazy.
[00:42:38] Brad Nigh: Yeah. Yeah. There’s just so much to try and process. It’s like how do you filter, which well, it’s made up which goes back like the social dilemma stuff that we’re talking about,
[00:42:51] Evan Francen: right? But even out of the mouth is the candidate, which hasn’t always been that way anyway, but it’s straight applies both sides. I mean we’re talking about the presidential election. It’s not just trump supply. Oh no, it’s straight up lives because the truth is binary. I don’t know why people in most cases, right? It might be a bunch of binary so that it looks great, but it’s still binary. Uh And what about all this stuff after election night two man, I’m kind of nervous about all right. You know, the polls close on November three or November four what now?
[00:43:31] Brad Nigh: You know? Yeah. Honestly, regardless of who being voted for, I just wanted to be clear on election. I don’t want this dragging on for another 2346 weeks after I just want to be done with like I’m over this.
[00:43:51] Evan Francen: Yeah, Well this is I think the first election in my Life, you know, I’m almost 50, this is the first election of my lifetime where actually have a little bit of fear regardless of who ends just because we’re so polarized. You know, if if trump wins, there’s a whole bunch of people on the left that are radical that will cause a whole bunch of trouble man. And if biden wins, there’s a whole bunch of people on the right, there are radical, you know, I mean, it’s just like Yeah, for for a centrist for somebody who really wants people to work together on things.
[00:44:29] Brad Nigh: I think the only the only hope that I see with some of that stuff is is a landslide that victory where once I can’t really claim and fight it and put it and let the let the people talk and then see what happens versus well, we’re going to take it to court and just going to be six weeks, it’s going to, we don’t know, it’s coming up on christmas and nobody knows what’s happening. So, and I’m with you though, I it’s unfortunate. It really, really is that we’ve gotten to this point. Yeah. And you know, I think going back again tied it back into the sessions of Alabama. I mean, that’s part of why we’re ears, is that they need that echo chamber, they feed and help do that. And then it sucks.
[00:45:24] Evan Francen: Yeah. I think a lot of times we sold ourselves out without realizing we sold ourselves out. Yeah. You know, I hope there’s a day of opening. Alright, well, and uh we’ll be talking more about disinformation to on thursday nights. Shit shows that that would be fun. We’ve done a little bit of research for that. But there’s just so much out there. Yeah. Okay, well, good discussion securing election. Certainly, you know, hasn’t been any more difficult is today the 2020 election is uh hard one to secure when you talk about, you know, all the different ways to influence our, you know, hack in books, uh election, let’s catch up on some news quick here. Some here’s some recent news that I thought was sort of interesting anytime I see john Mcafee in the news, it always makes me giggle because that guy is a character. Uh So this comes from Graham Chloe. Uh The title is john Mcafee arrested on U. S. Tax evasion charges. That’s
[00:46:29] Brad Nigh: the other group. You don’t mess with the I. R. S. Postal inspectors in the I. R. S. They will get
[00:46:33] Evan Francen: you. Yeah. N. S. A. C. A. Yeah postal inspectors I. R. S. Yeah. You don’t mess with people’s money or mail I guess. Yeah but I thought it was interesting that Mcafee, you know he bumps up in the news every once in a while and uh he was arrested in spain tax evasion charges allegedly there’s about 24 I think ish million dollars in the sec complaint that was filed against him unclaimed uh earnings revenue
[00:47:09] Brad Nigh: from crypto currency.
[00:47:12] Evan Francen: Right? So this is the same Mcafee for people that you know are haven’t been around for a long time. This is the same Mcafee that founded the antivirus company. But he left that In the 90s. So so I guess his name but he has nothing to do with the company anymore. But he’s an interesting character. He’s done a lot of her stuff.
[00:47:37] Brad Nigh: Yeah he’s a that’s a good way to put
[00:47:41] Evan Francen: it. Yeah and I don’t know you know, I don’t know if I put him in. I don’t know if I could go, he was, he would not be somebody that would want in my circle because it’s so I think it seemed just reckless but bitch, I don’t know. It’s interesting to watch. Yeah,
[00:48:03] Brad Nigh: definitely.
[00:48:05] Evan Francen: So anyway, if you want to go read about it, if you want to know about the 55 page complaint, it is public. It’s, it’s on the docket. Um, yeah, he’s back in the news and this is the same guy by the way that you know, and then that news story, you know, he was, he was, I think he was wanted wanted for questioning in a murder in beliefs And then a whole bunch of other stuff. He was running as a President Presidential candidate in 2016.
[00:48:37] Brad Nigh: He has a colorful character.
[00:48:39] Evan Francen: He really is. So I thought that was interesting because his name always catches man. This one you could do a whole show on this one. We could do a whole series of shows on this one because this keeps popping up. Uh, and this is from the register five eyes nations plus Japan India and India call for big tech to bake backdoors into everything.
[00:49:05] Brad Nigh: Such a nightmare.
[00:49:07] Evan Francen: Here we are. Here we are again. So the five Eyes, if you don’t know that security alliance to Australia Canada and new Zealand us and the UK. So yeah and of course Australia is they already built back doors into all the encryption I think, didn’t they? Last year?
[00:49:26] Brad Nigh: Uh Yeah, I don’t know if they think they pass them in that said they were going to I don’t know if it’s actually is in effect yet.
[00:49:36] Evan Francen: Mhm Yeah. And us there’s normal citizens were kind of caught in the middle of this crap, right? Because big tech, they have their own motivations, their own reasons for doing the things that they do, they they come off like, well we don’t want to give you a backdoor because then it would violate potentially people’s privacy, but I know enough about big tech that they don’t care about your privacy. They only care about privacy enough to give you the illusion that they care about your privacy. That’s different.
[00:50:07] Brad Nigh: Yeah, the pr for them, right? Hey, we’re protecting you from these things to some extent. Right? If they you don’t want that negative price of people leaving your Yeah, uh infrastructure or whatever, whatever you do, you want to put it. Yeah.
[00:50:27] Evan Francen: And but us as consumers, we’re stuck in the middle, like big tech, Yeah, they’re going to use this as a pr play to come off like no, we’re standing government because we care about you and government is like, well, well I assume we want these back doors so that we can protect our citizens better and, you know, without criminal activity more. And then, you know, I says like normal term sitting in my home, I’m like whatever, I mean, I don’t want you to read my stuff right? But that’s not the that’s not the reason why you’re fighting over this stuff anyway so it’s like we’re just caught in the middle of whatever they’re going to decide yep. I don’t like backdoors because back doors are always abused period.
[00:51:17] Brad Nigh: Yeah
[00:51:20] Evan Francen: you might go into this with the best of intentions ever ever. Put this back door once you’ve gone down this path it’s just a matter of time for somebody else in your team or in your organization is gonna yeah it’s going to abuse it. All right that’s what humans do. Alright so that’s that one Verizon 25%. Only 20 according to Verizon their P. C. I. D. S. S report Verizon’s big into that game is also from the register. Just 25% of global businesses fully comply comply fully with the payment card industry data security standard.
[00:52:00] Brad Nigh: I mean it’s not surprised and what really really frustrating is that these companies are getting basically that rubber stamp from some of these Q. S. A. Companies. I mean we’ve seen it we? Re come in afterwards and we’re like whoa I’m out what in the world is going on here?
[00:52:26] Evan Francen: Yeah. Yeah there are fraudulent you know newsflash not for you but for people there are fraudulent information security consulting companies in our industry.
[00:52:39] Brad Nigh: I mean yeah there’s a reason that some of those USa companies are you know having to have every single one of the rocks they do manually reviewed and having to prove that they are doing it. There’s a reason for that. Yeah. Right.
[00:52:57] Evan Francen: Yeah. It’s sad too because even if you spend millions of dollars and become P. Ci compliant in the bridge which again you can’t not have breaches. It’s risk management. That risk elimination, just having this them exposes you at some level, right? So P. C. I. D. S. S. Is meant to, I don’t know if it’s meant for this, but the best it can be used for us to reduce risk, reduce something that you know the likelihood and our impact of something bad happening. But yeah you can’t eliminate it. And so I’ve been in a breach to that like take target for instance, they had their breach, they were P. C. I. D. S. S compliant. They were uh you know they’re Q. S. A. And rock was issued by um oh God I can’t remember the name now but it was the biggest player plays. Where’s my brain anyway. They uh but they were deemed to be non pc. It compliant after after the breach. And that’s the that’s the racket pc ideas. That’s by the way Trustwave they go that’s the racket with pc. I. Compliance. You can be assessed and have your rock and do all the things that you think you were supposed to be doing. And then you experience a breach you will be found that you were not PC I compliance after the breach. That’s the way pC I that’s the way the council plays the game with not having to take liability african plants. But anyway, that’s a whole another that, Yeah. Alright. And the last one, hackers disguise malware attack as new details on Donald Trump’s COVID-19 illness. This comes from a trip wire.
[00:54:50] Brad Nigh: It’s not surprising to me at all. We see that every single disaster, natural disaster, whatever this is what we see
[00:55:00] Evan Francen: exactly. And that’s, that’s the reason why I pulled it out is um, yeah, this is just consistent behavior that happens from, from Attackers, right? Donald trump, you know, is found to have covid and somehow you start getting emails that say, hey, you know, do something about this, you know, or whatever that you didn’t get before. I mean that’s just how Attackers work. Right? Whatever is top of the news, expect attacks related to that. Yeah. All right. So Great episode. That’s 1.01. It’s just about complete thanks Brad. Do you have any shout outs for this week?
[00:55:44] Brad Nigh: Uh, you know, I think I’ll give a shout out to R. P. M. C. S. M. R. N. Team. They’ve been doing just a great job with some transitions and realignments and then just keeping everybody in line and myself included, which is never an easy task. So they’ve been doing a really good job, jumped out to them.
[00:56:08] Evan Francen: Awesome, awesome. Yeah. Just, you know, we started you know it, I didn’t really think of my shoutouts until we start broadcast. Uh We talked about family was going to give a shout out to my family because you know, thank God for my family or I’d be dead in jail. So appreciative. Yeah
[00:56:28] Brad Nigh: that’s that’s another girl on
[00:56:31] Evan Francen: keep on jailing me please. Right, because if you are in jail it’s a different than D. Jail is D. Jail bail. I don’t know. Hold other good thing again,
[00:56:43] Brad Nigh: you just write philosophizing needs.
[00:56:47] Evan Francen: I know man just lock me in a room somewhere and give me a pen and a piece of paper and come up with some stupid alright. Always grateful for our listeners were we are behind on email. At least I am. I don’t know if brad’s gone and checked lately but we will promise to respond soon. Mhm. Send things to us by email at unsecurity@protonmail.com. If you’re the social type socialize with us on twitter, I’m @EvanFrancen and brad’s @BradNigh lastly be sure to follow security studio @StudioSecurity and FRSecure @FRSecure or for more things that we do. Uh we’ll be creating more stuff. Giving away more stuff. I’m sure uh that’s it. We’ll talk to you next week.