Some SuperPAC Websites Are Not Super-Secure

  /     /     /  
Publicated : 22/11/2024   Category : security


Some SuperPAC Websites Are Not Super-Secure


Researchers find weaknesses in public websites that could expose personal information of donors and other sensitive data.



New research found gaping security holes in several SuperPAC public websites – from weak or nonexistent encryption and open ports to old and outdated server platforms.
Security firm UpGuard assessed the security postures of top SuperPACs active in the 2016 US election, and rated them with a FICO-like score between 0 and 950, with 950 as the most secure. UpGuard found scores as low as 266 for the Conservative Solutions PAC, and 409 for Priorities USA Action, to scores as high as 836 for both Rebuilding America Now and NextGen Climate Action.
And 501(c) group websites, which also are not required to disclose donor names publicly, scored on the high-end security-wise. The National Rifle Associations 501(c) had the highest score among those groups, with 836, followed by the US Chamber of Commerce, 751; American Future Fund, 751; and Americans for Prosperity, 751.
Overall, SuperPACs scored similarly to other sectors. They were average, not stellar, and not lower than what we see for websites in other groups, says Greg Pollock, vice president of product for UpGuard. The interesting point will be what if these sites were breached. What would happen? There could be more identity and reputational damage.
These groups typically dont store payment card information, he notes, but SuperPACs can keep personal information of donors, for example. The whole purpose of these organizations is to shroud whos giving money, so a breach could expose donors identities, he notes.
SuperPACs are controversial political groups that can raise and spend unlimited funds and then use that money to independently campaign for or against a political candidate or party.

Dark Readings all-day virtual event Nov. 15 offers an in-depth look at
myths surrounding data defense
and how to put business on a more effective security path. 
 
Pollock says his firm used its
CSTAR
risk assessment method when it analyzed the SuperPAC websites. The main security weaknesses were in lack of encryption - aka no HTTPS – no email authentication to avoid phishing scams, and no DNSSEC adoption. One of the weakest sites had a wide-open MySQL port. It had its SSH port exposed, he says.
On the plus side, the NextGen Climate Action SuperPAC site, for example, was running NGNIX, one of the more modern web platforms. Some [others] were exposing their PHP version [software], with several headers showing, he says.
Overall, SuperPAC sites have better security postures than healthcare websites UpGuard has assessed. And so far, no major incidents: We have no indicators that any of the SuperPAC sites have been breached, he says.
Efforts to reach the lowest-scoring SuperPACs, Conservative Solutions PAC and Priorities USA Action, were unsuccessful as of this posting.
The other SuperPACs UpGuard scored by risk: Get Our Jobs Back, 399; For Our Future, 475; Congressional Leadership Fund, 513; Right to Rise USA, 523; Senate Leadership Fund, 561; Senate Majority, 561; and House Majority PAC, 561.
Related Content:
9 Sources For Tracking New Vulnerabilities
7 Regional Hotbeds For Cybersecurity Innovation
Heisenberg Cloud Spots Exposed Database Services, Misconfigurations
 

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Some SuperPAC Websites Are Not Super-Secure