In the past couple of weeks, there’s been a number of stories breathlessly proclaiming that one state endured 150,000 ‘hack attempts’ on election day, that another was hit five times per second, 24 hours per day prior to the election, and so forth. But notice how none of the articles talk about how many ‘hack attempts’ were made the day after the election? Or the month before? Or six months after?
Now I don’t have access to the actual data from those states, but I strongly suspect that these numbers, while legitimate, are being spun to grind a political axe. Any IP address is going to be hit with port scans on a regular basis. Government sites are absolutely hit with many thousands of both targeted and drive-by probes. Sure, there might have been an uptick in activity approaching the election, but what I really want to know is how many focused, targeted sophisticated attacks happened versus non-election season? Then we might actually know something. We need a baseline of both general and targeted attack traffic to be able to judge if there’s anything statistically significant in the data – and ideally, to have comparison data for the previous election too. Until then, well, folks should take partial data with a grain of salt.
One last note – I am surprised that only 39 states report hacking attempts. Either the bad guys were slacking, or we have 11 states that don’t have good monitoring in place.