News & Blog

Can hackers influence the Slovak elections?

Can hackers influence the Slovak elections?

The company Binary Confidence in collaboration with the National Unit SK-CERT of the National Security Authority have prepared the third year of their annual Guardians competition, in which university students can try their skills at defending a political party from hacker attacks in a realistic environment.

“Win the election and anything is possible” is the name of the third annual Guardians competition for young IT specialists. Before an upcoming head of state election, the competition will simulate attacks on a candidate’s staff, show how they can be defended against and demonstrate the consequences of a failed defense against cyber criminals.

The ongoing Slovak presidential campaign has been running for several weeks and will most likely continue for another two, until the second round of the elections. The internet has a great deal of information, much of which got out through legitimate means. There is some, however, which may have been obtained by a candidate’s opponents in using less legitimate methods. Until it becomes publicly known, a candidate is unlikely to admit they faced a hacker attack.

Despite this, hacks can happen. For example, in the latest USA presidential election when the attack by Russian hackers on Hillary Clinton was revealed to the public only after the creation of the website DCLeaks.com, the Facebook profile and the Twitter account where hackers revealed the compromising information they had obtained.

Win the election and anything is possible

“We know from recent history that hacker attacks are a very effective instrument for influencing elections. Since Slovakia are electing a new head of state, we decided to dedicate the third year to the current theme of potential attacks on an election campaign”, explains competition organizer Pavol Draxler, cybersecurity manager at Binary Confidence.

“With the choice of name, we are trying to emphasize that it is not just about somebody losing information, but that a well-executed attack can give a hacker the power to impact an entire country” adds Pavol Draxler.

Important communication within the team

This realistic simulated battle of two defending teams, the so-called “Guardians”, against a team of hackers occurred the day before the Slovak presidential election. Two teams, made up of five students each, defended their candidate’s data from a group of hackers made up of experts from Binary Confidence and SK-CERT(NSA).

During the wargame, which lasted several hours, they had to defend their environments from real attacks. They could see how successful they were on a scoring board which showed what systems were compromised, as well as the points their team got for defending against attacks.

Before the main event, there was a qualifying round which was run as a CTF (Capture the Flag) competition. A total of 127 contestants registered, 45 of whom actively participated in the competition. The 13 tasks ranged in difficulty from beginner to somewhat advanced; the contestants could attempt tasks in various fields of cybersecurity, including reversing, steganography, forensic analysis and exploiting applications. Finalists then underwent training, where they learned to work as a team.

Rastislav Janota, the manager of the National SK-CERT Unit describes the competition as good preparation for a job as a cybersecurity analyst, a role which is still very much in demand in Slovakia.

A lack of good defenders

Although we do have very good security administrators in Slovakia, the role of a defensive team covers situations where sophisticated attackers run a targeted campaign aimed at breaking into specific systems. “Under active attacks, the experience of one universal individual is often insufficient; the work of a specialized team is required. You can have six excellent security administrators, all of whom are very skilled individually, but as soon as you connect them, they won’t know the processes and they won’t be successful in their defense. This is what the Guardians competition is all about”, explains Pavol Draxler.

In previous years, students tried to protect a power station and a hospital and, although the Guardians couldn’t withstand the attack in the end, Pavol Draxler was impressed with their attempts. “Their skills and knowledge pleasantly surprised me. As individuals, they are good admins and they could have defended against one isolated attack. Their problems were more to do with teamworking during a massive attack against which one person could not defend single-handedly, where communication was required”, said Draxler.

The European Union is also addressing the growing number of hacker attacks around the world. The NIS Directive with measures to ensure a mutually high level of network and information system security is in effect from the 9th May. In Slovakia, the NIS Directive was incorporated into the Act on Cybersecurity which came into effect on the 1st April 2018.

Antivirus is not enough – a comprehensive defense is required

System security cannot be left up to one antivirus program, not even one that uses the newest technology. “Any one isolated product will not secure a system against all types of attack. A whole set of measures need to be accepted“, explains Ján Andraško of Binary Confidence.

All channels where data passes must be protected. This ranges from physical security through to people, processes, networks, workstations and servers where data is stored.

For timely detection, a qualified team based in a Security Operations Centre – SOC has to evaluate what is happening on networks and devices.

Subscribefor more usefull articles


I agree and consent to and want to receive useful articles (Newsletter) by email from company Binary Confidence that contain useful articles and information from IT Security industry or about security projects or achievements of this company. Company Binary Confidence will not share my personal data with any third party for marketing or other purposes. other recipients, except company MailChimp that provides platform for sending our useful articles (Newsletters). I can withdraw my consent at any time on info@binconf.com or on +421 232199980 or by opt out link in each Newsletter email. I have read and understood the Privacy Policy and I agree how my personal data are processed and what my rights are in respect of processing my personal information for purpose of subscription for useful articles (Newsletter). I declare that I am over 16 years old.

Contact

Address

Binary Confidence s.r.o.
Špitálska 53,
811 01 Bratislava
Slovak republic

E-mail

info@binconf.com
support@binconf.com

Telephone

+421 2 321 999 80

I agree with Privacy and Data Protection Policy
By clicking [I agree] you consent to processing your personal data by company Binary Confidence s.r.o. and you accept Privacy and Data Protection Policy.