04.09.18

Announce: April DC206 Meeting/BBQ/locksport: Securing the 2020 Election Process

Posted in Uncategorized at 13:15 by Lee Fisher

When: Apr 15 (3rd Sundays), 11:00am-~4:00pm
What: April DC206 Meeting, Locksport, and BBQ
Where: Black Lodge Research
Who: (Dave Dittrich, Dune, Colby, Hattz, and DC206 community)

Locksport begins at 11a, speaker at 1p, BBQ after presentation is over.

—–

LOCKSPORT EVENT:

Dune will be running a Locksport event, starting at 11:00 until 1:00.

—–

DC206 MEETING PRESENTATION:

Securing the 2020 Election Process
by Dave Dittrich

The 2016 election showed that common phishing techniques work well against political campaign staff, allowing access to sensitive information and communications that are dumped, then pumped by sock puppets and individuals manipulated using advanced marketing techniques. The targeting of individuals for manipulation may have been driven by stolen voter registration roles, unethically obtained Facebook user data, and some votes may have been suppressed by alteration of voter roles and disruption of voter sign-in systems. A pair of Medium articles break this all down and identifies a gap in efforts to prevent a recurrence in the 2018 or 2020 election cycles:

https://medium.com/@dave.dittrich/securing-the-2020-election-process-part-1-96bab810cb8e
https://medium.com/@dave.dittrich/securing-the-2020-election-process-part-2-962ed2aff69e

This talk with focus on the principle gap — operational security of political campaign staff and candidates — and examine an open source platform that can address this gap. After this overview, interested audience members prepared with their own laptops will be taken through a “hands-on” exercise to stand up a subset of the proposed platform (the Trident portal component).

The hacker mindset takes knowledge of how a system works and applies it so as to make the system do things that most people (including those who originally developed the system) hadn’t imagined. The security mindset takes knowledge of how malicious actors compromise people and systems and applies it to incrementally improve the system so it is easier for users to “do the right things” (i.e., improve their daily OPSEC!) DC206 members can help prepare this system for use in securing the 2018 and 2020 elections by finding and fixing bugs, locking down components, helping complete or add new features, and hacking it to do even more things (like serving as a pop-up AlgoVPN server for securing yourself when traveling), or to use as a secure open source software development system with continuous integration/continuous delivery capabilities!

If you wish to participate in the hands-on portion, come prepared with at least the following:

* A Mac or Linux (Debian or Ubuntu) laptop.
* A DigitalOcean account.
* A DNS domain to use for your D2 system, pointing to the DigitalOcean NS servers. (This takes several hours to propagate, so definitely do this by Saturday night.)

These steps are detailed here:

https://davedittrich.readthedocs.io/projects/ansible-dims-playbooks/en/latest/clouddevelopment.html#getting-started

Dave Dittrich (@davedittrich) is a Cyber Security Researcher at the Center for Data Science, University of Washington Tacoma.
https://staff.washington.edu/dittrichhttps://github.com/davedittrich

This presentation will be videotaped, thanks to Colby.

In case the speaker has some last-minute issue and cannot attend, the backup presentation will be Blibbet, with a draft version of a new talk with a checklist of guidance for UEFI firmware DFIR defenders, and demos of FWAudit (Firmware Audit), a new open source firmware security tool.

—–

POST-EVENT BBQ:

This month the chef will be Hattz.

We’re planning hamburgers and brats, some salad. Please feel free to bring a side-dish, or some additional meat. The fridge has some beer and hard cider, it always needs restocking.

—–

Black Lodge Research:
17725 NE 65th St, A-155
Evans Business Park, Bldg A
Redmond, WA 98052
Building A, mid-building, between the coffee roaster and the security company.
Park facing the street, not in front of other businesses, or you may get towed.

Black Lodge Research

Redmond, WA
95 Members

Anyone interested in Information Security should checkout Black Lodge Research. Members can attend talks each month on a variety of topics and skill levels. Every Thursday BLR…

Next Meetup

Open Hack Night

Thursday, Apr 12, 2018, 7:00 PM
2 Attending

Check out this Meetup Group →

https://www.facebook.com/BlackLodgeResearch/

https://blacklodgeresearch.org/
http://www.openstreetmap.org/node/2184616237#map=19/47.66334/-122.10399
https://map.what3words.com/warm.rapid.epic
https://dc206.org/
http://lists.dc206.org/listinfo.cgi/list-dc206.org