With all the Russian election hacking scandals in the news during and after the 2016 Presidential election, curiosity consumed me to architect and run an experiment to see if I could monitor changes in the threat landscape in either Moscow, Russia or Washington D.C. during the 2018 U.S. midterm elections.

I have worked in four Security Operations Centers (SOC) and have been in a leadership capacity at two. These SOCs have ranged in size from smaller companies to the Big 4. I am no stranger to security monitoring, and if there is anywhere that I like to be, it is where the action is.

My expertise and passion led me to a honey pot project. Honeypots are deceptive security technology that are designed to sit strategically on a network with services that entice attackers to hack. When a honeypot monitors a connection to these services, it sends detailed logs to a centralized log server that monitors in real time the threat landscape. I used the Modern Honey Network for this project, a brilliantly designed network which allows you to deploy deceptive honeypots.

I began on this project by deciding what I wanted to monitor and what a significant change in the threat landscape would need to look like if it were to indicate increased or decreased cyber activity resulting from the elections. I decided to buy two dedicated Virtual Private Servers (VPS) located in Moscow, Russia and one VPS in Washington, D.C. I deployed the Dionaea honeypots to each of the VPS’ on Ubuntu 14.04 LTS servers. Dionaea honeypots are designed to have numerous vulnerable-looking services as well as a trap to capture malware. Additionally, I spun up two Amazon AWS Dionaea Honeypots in Ohio to act as a control.

Roughly a month before the elections, (Read more...)