Former US cybersecurity chief Chris Krebs warned not to 'conflate' voting system security with SolarWinds hack despite Trump's claim

·3 min read
GettyImages 1143764852
Christopher Krebs, former director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, during a Senate Judiciary Committee hearing on May 14, 2019. Tom Williams/CQ Roll Call
  • Former top US cybersecurity official Chris Krebs warned on Twitter Saturday not to "conflate" the security of the US voting system with the massive SolarWinds cyberattack.

  • "The proof is in the paper," Krebs tweeted, later adding that you "can't hack paper."

  • Krebs' warning came shortly after President Donald Trump tweeted there could also have been "a hit on our ridiculous voting machines during the election."

  • Trump also suggested that China could be behind the cyber attack and not Russia, which experts and Secretary of State Mike Pompeo have said is likely the culprit.

  • News surfaced earlier this month that the IT firm SolarWinds suffered a hack when bad actors launched malware in the company's software, which was later distributed to some of its 300,000 clients. Microsft and AT&T are among its customer base.

  • Visit Business Insider's homepage for more stories.

Ousted US cybersecurity official Chris Krebs warned on Twitter Saturday not to confuse voting system security with the massive SolarWinds hack.

"Do not conflate voting system security and SolarWinds," tweeted Krebs, who served as US Cybersecurity and Infrastructure Security Agency Director until late November. "The proof is in the paper. You can audit or recount again to confirm the outcome. Like they did in Georgia. And Michigan. And Wisconsin. And Arizona. Can't hack paper." 

The tweet was posted shortly after Trump posted on Twitter suggesting that the cyber attack could be behind what he and other Republicans are peddling as election fraud and faulty voting systems.

"There could also have been a hit on our ridiculous voting machines during the election, which is now obvious that I won big, making it an even more corrupted embarrassment for the USA," Trump tweeted. Twitter placed a warning label on the tweet, which read: "Election officials have certified Joe Biden as the winner of the U.S. Presidential Election."

Presidential electors in all 50 states confirmed on Monday that Joe Biden indeed earned over 270 Electoral College votes, confirming that he won the 2020 election and will be the next president of the United States.

 

In his tweet, Trump also accused the media of overblowing the cybersecurity hack and questioned if it was China that was behind it instead of Russia. Experts have said the hackers likely were located in Russia, and Secretary of State Mike Pompeo said Friday that officials can "say pretty clearly" that Russians were involved.

Trump fired Krebs in late November after the cybersecurity official said there was "no manipulation of the vote on the machine-count side," even after states like Georgia recounted votes by hand.

"The proof is in the ballots," Krebs said on a "60 Minutes" segment. "The recounts are consistent with the initial count."

News surfaced in early December that IT company SolarWinds suffered an attack that has been confirmed to have infiltrated US government agencies. The hackers were able to spy on companies and federal agencies since March, when they secretly launched malware in software that was handed out to some of the firm's 300,000 clients. It's unclear which of the firm's clients were affected, but its customer base includes big industry names like Microsoft and AT&T.

The Trump administration acknowledged that the hackers gained access to official networks, and the Department of Homeland Security and the State Department are also victims of the attack.

Security researchers are now working to identify weak points in SolarWinds' security system that could have enabled the hack. One researcher told Reuters that he warned the company in 2019 that its "solarwinds123" password for its server could be accessed by anyone.

"This could have been done by any attacker, easily," researcher Vinoth Kumar told the outlet.

Read the original article on Business Insider

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting