The curious sudden rise of free US election 'net security guardians

There is no such thing as a gratis lunch, after all

hacking

Analysis Nothing super-fuels a security sales pitch like the sort of threat it’s hard to ignore.

After China’s massive Aurora attacks on Gmail in 2009, it was the terror of Advanced Persistent Threats (APTs) that helped make fortunes for a new wave of security startups, post-incident forensic companies, and others peddling intelligence on the next attack.

These days, it’s the Wizard of Oz-like enigma of Russia, which doesn’t just hack systems, but uses fake news, confusion, and the tragic anger-of-the-commons as a sort of mind-hack on entire populations. Allegedly. How can anyone stop that?

The answer is that US capitalism re-hacks people’s minds back using a word that must make even the well-roubled cyber-miscreants of St Petersburg tremble – free service.

Symantec is the latest to serve up this idea by offering candidates, election commissions, and political parties in the forthcoming US mid-term election free access to its anti-spoofing service for email and websites, Project Dolphin.

Dolphin uses, the biz claims, “AI" to compare the site someone is visiting (e.g. a phishing page) with lots of examples of the real thing as a way of spotting anomalies. “The issues that plagued the 2016 election are still prevalent today and are likely to continue to persist through the midterm elections, into 2020, and into elections globally,” Symantec’s CEO Greg Clark said in a statement.

Get Zuck'd

Never one to be left out, Facebook launched its own “pilot program” designed to protect the Facebook accounts of anyone involved in US elections. “We’ll help officials adopt our strongest account security protections, like two-factor authentication, and monitor for potential hacking threats,” Team Facebook boasted.

Let’s not dwell on the irony that Facebook is where this whole Russian news manipulation strategy achieved lift-off, because the point Facebook is making is that it has been shaken well and truly out of its utopian net complacency.

It could be that Facebook’s pilot is a welcome political shield should CEO Mark Zuckerberg ever get called back for another uncomfortable day on US Congress’s naughty step, but the others have surely spied a new type of market.

Suddenly, they’re all at it. Symantec and Facebook’s decision to circle the wagons around elections echoes Microsoft's announcement of AccountGuard earlier this month, itself an attempt to catch up with Google’s Advanced Protection Program (APP) from earlier in 2018. It’s as if protecting the honest men and women in US elections is the program no company can do without – perhaps by the time Yahoo announces its program we’ll know the fashion is over.

It’s no secret that almost any phishing attack can get through – eventually. Endpoint security tools struggle because there is no malware, only ruses designed to steal credentials. Until now, the industry’s clever answer was extra authentication, ignoring the fact that a lot of the most targeted people don’t seem interested in using it. In future, getting a protected email service might depend on it.

Still, having your political email account, portal, or website protected by a free service should be a no-brainer. The question is why everyone else won’t soon be asking for the same thing. That, of course, could be where the free bit ends, and the monthly subscription plan starts. ®




Biting the hand that feeds IT © 1998–2018