mirror of https://github.com/MISP/misp-galaxy
337 lines
12 KiB
JSON
337 lines
12 KiB
JSON
|
{
|
||
|
"authors": [
|
||
|
"NIS Cooperation Group"
|
||
|
],
|
||
|
"category": "guidelines",
|
||
|
"description": "Universal Development and Security Guidelines as Applicable to Election Technology.",
|
||
|
"name": "Election guidelines",
|
||
|
"source": "Open Sources",
|
||
|
"type": "guidelines",
|
||
|
"uuid": "c1dc03b2-89b3-42a5-9d41-782ef726435a",
|
||
|
"values": [
|
||
|
{
|
||
|
"description": "Tampering with registrations",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:setup | party/candidate-registration"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "32b3ce0a-0427-452c-9e35-26bf5a682786",
|
||
|
"value": "Tampering with registrations"
|
||
|
},
|
||
|
{
|
||
|
"description": "DoS or overload of party/campaign registration, causing them to miss the deadline",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:setup | party/candidate-registration"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "154c6186-a007-4460-a029-ea23163448fe",
|
||
|
"value": "DoS or overload of party/campaign registration, causing them to miss the deadline"
|
||
|
},
|
||
|
{
|
||
|
"description": "Fabricated signatures from sponsor",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:setup | party/candidate-registration"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "f4f1ddcb-f067-4136-ba4d-f1d1a2707485",
|
||
|
"value": "Fabricated signatures from sponsor"
|
||
|
},
|
||
|
{
|
||
|
"description": "Identity fraud during voter registration",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:setup | electoral-rolls"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "23dbb998-db8a-4cd4-90ab-ce6e8a9abe4b",
|
||
|
"value": "Identity fraud during voter registration"
|
||
|
},
|
||
|
{
|
||
|
"description": "Deleting or tampering with voter data",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:setup | electoral-rolls"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "12677906-eec5-42ff-b785-db4097115648",
|
||
|
"value": "Deleting or tampering with voter data"
|
||
|
},
|
||
|
{
|
||
|
"description": "DoS or overload of voter registration system, suppressing voters",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:setup | electoral-rolls"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "ad67f547-7b8b-44c6-9710-93261447b6b2",
|
||
|
"value": "DoS or overload of voter registration system, suppressing voters"
|
||
|
},
|
||
|
{
|
||
|
"description": "Hacking candidate laptops or email accounts",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:campaign | campaign-IT"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "bbcb7b9c-2660-4d6e-ae96-b19de3e1d107",
|
||
|
"value": "Hacking candidate laptops or email accounts"
|
||
|
},
|
||
|
{
|
||
|
"description": "Hacking campaign websites (defacement, DoS)",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:campaign | campaign-IT"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "afe23cd3-161f-46a1-88a0-0cae3431b883",
|
||
|
"value": "Hacking campaign websites (defacement, DoS)"
|
||
|
},
|
||
|
{
|
||
|
"description": "Misconfiguration of a website",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:campaign | campaign-IT"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "2da90b56-572f-4a24-a32b-3875bca63b3c",
|
||
|
"value": "Misconfiguration of a website"
|
||
|
},
|
||
|
{
|
||
|
"description": "Leak of confidential information",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:campaign | campaign-IT"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "650642c7-ab31-4844-a69f-22294925edeb",
|
||
|
"value": "Leak of confidential information"
|
||
|
},
|
||
|
{
|
||
|
"description": "Hacking/misconfiguration of government servers, communication networks, or endpoints",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:all-phases | governement-IT"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "54976d3e-7e6f-4863-9338-bc9e5041b9f2",
|
||
|
"value": "Hacking candidate laptops or email accounts"
|
||
|
},
|
||
|
{
|
||
|
"description": "Hacking government websites, spreading misinformation on the election process, registered parties/candidates, or results",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:all-phases | governement-IT"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "aba7358c-d37c-4be4-940c-5b6196140651",
|
||
|
"value": "Hacking campaign websites, spreading misinformation on the election process, registered parties/candidates, or results"
|
||
|
},
|
||
|
{
|
||
|
"description": "DoS or overload of government websites",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:all-phases | governement-IT"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "b7eef207-ae5d-472d-bf7c-9f539c2c4bbc",
|
||
|
"value": "DoS or overload of government websites"
|
||
|
},
|
||
|
{
|
||
|
"description": "Tampering or DoS of voting and/or vote confidentiality during or after the elections",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:voting | election-technology"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "c45378f1-e5f9-47f0-a54f-e87e3310683b",
|
||
|
"value": "Tampering or DoS of voting and/or vote confidentiality during or after the elections"
|
||
|
},
|
||
|
{
|
||
|
"description": "Software bug altering results",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:voting | election-technology"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "dccd4b3e-4b5a-4bde-9c1f-c0101d957b97",
|
||
|
"value": "Software bug altering results"
|
||
|
},
|
||
|
{
|
||
|
"description": "Tampering with logs/journals",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:voting | election-technology"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "86790180-cd62-4746-a93a-9f0cecaa4195",
|
||
|
"value": "Tampering with logs/journals"
|
||
|
},
|
||
|
{
|
||
|
"description": "Breach of voters privacy during the casting of votes",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:voting | election-technology"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "ad1dd7ae-4022-4291-8cb5-27797c97ebfa",
|
||
|
"value": "Breach of voters privacy during the casting of votes"
|
||
|
},
|
||
|
{
|
||
|
"description": "Tampering, DoS or overload of the systems used for counting or aggregating results",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:voting | election-technology"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "749a1893-a205-4623-90c1-fd7c1ba0135b",
|
||
|
"value": "Tampering, DoS or overload of the systems used for counting or aggregating results"
|
||
|
},
|
||
|
{
|
||
|
"description": "Tampering or DoS of communication links uesd to transfer (interim) results",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:voting | election-technology"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "3c817f6f-08f3-4e8c-8d94-e23b823beb8f",
|
||
|
"value": "Tampering or DoS of communication links uesd to transfer (interim) results"
|
||
|
},
|
||
|
{
|
||
|
"description": "Tampering with supply chain involved in the movement or transfer data",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:voting | election-technology"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "c9abc629-e87a-4bed-be52-11e96ea3803a",
|
||
|
"value": "Tampering with supply chain involved in the movement or transfer data"
|
||
|
},
|
||
|
{
|
||
|
"description": "Hacking of internal systems used by media or press",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:campaign/public-communication | media/press"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "e84d963f-f7e0-4c3b-acb9-242ec73ef7c0",
|
||
|
"value": "Hacking of internal systems used by media or press"
|
||
|
},
|
||
|
{
|
||
|
"description": "Tampering, DoS, or overload of media communication links",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:campaign/public-communication | media/press"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "b0577662-bcb6-45ac-b7a0-cb7ec560aff5",
|
||
|
"value": "Tampering, DoS, or overload of media communication links"
|
||
|
},
|
||
|
{
|
||
|
"description": "Defacement, DoS or overload of websites or other systems used for publication of the results",
|
||
|
"meta": {
|
||
|
"date": "March 2018.",
|
||
|
"kill_chain": [
|
||
|
"example-of-threats:campaign/public-communication | media/press"
|
||
|
],
|
||
|
"refs": [
|
||
|
"https://www.ria.ee/sites/default/files/content-editors/kuberturve/cyber_security_of_election_technology.pdf"
|
||
|
]
|
||
|
},
|
||
|
"uuid": "5079fa10-1df3-43f8-b0bf-cea7d342f5e1",
|
||
|
"value": "Defacement, DoS or overload of websites or other systems used for publication of the results"
|
||
|
}
|
||
|
],
|
||
|
"version": 1
|
||
|
}
|