Adventures of Cyber Security Monitoring During 2018 U.S. Midterm Elections

With all the Russian election hacking scandals in the news during and after the 2016 Presidential election, curiosity consumed me to architect and run an experiment to see if I could monitor changes in the threat landscape in either Moscow, Russia or Washington D.C. during the 2018 U.S. midterm elections.

I have worked in four Security Operations Centers (SOC) and have been in a leadership capacity at two. These SOCs have ranged in size from smaller companies to the Big 4. I am no stranger to security monitoring, and if there is anywhere that I like to be, it is where the action is.

My expertise and passion led me to a honey pot project. Honeypots are deceptive security technology that are designed to sit strategically on a network with services that entice attackers to hack. When a honeypot monitors a connection to these services, it sends detailed logs to a centralized log server that monitors in real time the threat landscape. I used the Modern Honey Network for this project, a brilliantly designed network which allows you to deploy deceptive honeypots.

I began on this project by deciding what I wanted to monitor and what a significant change in the threat landscape would need to look like if it were to indicate increased or decreased cyber activity resulting from the elections. I decided to buy two dedicated Virtual Private Servers (VPS) located in Moscow, Russia and one VPS in Washington, D.C. I deployed the Dionaea honeypots to each of the VPS’ on Ubuntu 14.04 LTS servers. Dionaea honeypots are designed to have numerous vulnerable-looking services as well as a trap to capture malware. Additionally, I spun up two Amazon AWS Dionaea Honeypots in Ohio to act as a control.

Roughly a month before the elections, (Read more...)