Notepad: Risk in Review – September

Hilary Tuttle , Caroline McDonald , Morgan O'Rourke


September 1, 2017

DEF CON Hackers Expose Voting Machine Vulnerability

defcon voting machine hackingIt did not take long for attendees at this year’s DEF CON hacking conference in Las Vegas to find and exploit voting machine vulnerabilities, with technology researcher Carsten Schurmann first gaining remote access to a WINVote machine in only 90 minutes. Amid recent speculation about the cybersecurity of U.S. electoral infrastructure, the conference’s organizers introduced Voting Village to the event, inviting attendees to hack a range of voting machines and registration systems, most of which are currently in use. By exploiting weaknesses like unpatched software, default password use, unsecured Wi-Fi access, and exposed ports through which malicious software could be installed, hackers were able to break into every machine in the room with relative ease through wireless, networked and hardware attacks. They were even able to uncover the unencrypted voter data of hundreds of thousands of people still on the machines, many of which had been purchased on eBay. Organizers and participants have reported the exploits in detail and hope to not only highlight the flaws in current electoral technology, but to encourage the security community to work on making it stronger.

Kanye West Sues Insurer Over Canceled Tour

kanye west tourIn August, rapper Kanye West filed a federal lawsuit against several subsidiaries of Lloyd’s of London for delaying and thus far refusing to pay at least $9.8 million in cancelation insurance claims. Following several instances of erratic behavior on stage, West abruptly canceled his 2016 “Saint Pablo” tour and spent over a week being treated for an unspecified medical condition at UCLA’s Resnick Neuropsychiatric Hospital. His touring company, Very Good Touring, said that insurers have suggested West’s marijuana use may have contributed to his medical condition and could invalidate claims for costs of the canceled shows. West’s legal team said he and his company paid “hundreds of thousands of dollars in insurance premiums” and claimed the insurers have not paid after eight months because they are hunting “for some contrived excuse not to pay.”

Uber Underestimates Leasing Costs

After discovering that the program was losing 18 times more money per vehicle than previously anticipated, Uber has decided to wind-down or sell-off its U.S. auto-leasing business. The ride-hailing company’s Xchange Leasing division offered subprime leases to prospective Uber drivers whose poor credit scores prevented them from getting cars on their own. As part of the program, the company purchased 40,000 vehicles in 14 showrooms around the country. The company initially estimated average losses of $500 per vehicle, but found that the losses were actually closer to $9,000 per vehicle. As many as 500 Uber employees could be affected by the decision, amounting to 3% of the company’s 15,000-person workforce.

Game of Hackers

hbo hackIn a security breach at HBO, hackers reportedly stole 1.5 terabytes of proprietary company data, including scripts for unaired episodes of Game of Thrones and internal company documents and emails containing contract and budget information, operational details, and personal phone numbers and email addresses of popular actors. The hackers began leaking some of this information to the public and promised to reveal more if HBO did not pay a substantial ransom. In a video addressed to CEO Richard Plepler, the hackers claimed that HBO was their 17th blackmail target and that they have made $12 to $15 million a year from similar attacks. They subsequently demanded HBO pay their “six-month salary in bitcoin,” for the amount of time they say it took them to infiltrate the network and obtain the data. A leaked email revealed that HBO made an initial “good faith” offer to the hackers of $250,000.

Rethinking Wildfire Management

With the United States experiencing an increasing number of wildfires in recent years—and with it, the loss of firefighter lives and billions of dollars in suppression costs—forest fire management strategies have come under question. Many experts have even asked if these fires should be suppressed at all, since a successful burn can clear a forest floor of fallen trees and debris and prevent a more serious conflagration in the future. In response, the U.S. Forest Service has started incorporating computer models to analyze the terrain, forest type and possible weather scenarios on a case-by-case basis to determine if certain fires should be allowed to burn out on their own. As more homes and businesses are built on the edges of wooded areas, such decisions will prove increasingly important.

N.C. Outer Banks Face Power Outage

In the early morning hours of July 27, a construction crew working on the new Bonner Bridge to the Outer Banks region of North Carolina damaged an underground transmission cable, causing a complete blackout to Hatteras and Ocracoke Islands at the peak of the summer tourist season. Gov. Roy Cooper declared a state of emergency and as many as 10,000 tourists were evacuated so that repair work could begin. Most of the businesses on the islands were forced to close, although some restaurants and stores were able to stay open with the use of generators. While it was initially estimated that the damaged cable would take weeks to repair, severely curtailing tourism revenue vital to the region, power was ultimately restored eight days later.

Hilary Tuttle is managing editor of Risk Management.

Morgan O’Rourke is editor in chief of Risk Management and director of publications for the Risk & Insurance Management Society, Inc. (RIMS)