FAQ

Frequently asked questions about political cybersecurity

Frequently Asked Questions

Q: Did the Russians hack the 2016 US Presidential election?
A: There are really two ways of asking that question: did the Russians corrupt the election tallies, and did they successfully influence the election.

Q: Did the Russians corrupt the 2016 US Presidential election tallies?
A: This is doubtful. Despite the Green party's insistance otherwise, no documented proof that Russians successfully tampered with electronic vote tallies or other technology or procedures has been produced to date.

Q: Did the Russians successfully influence the 2016 US Presidential election?
A: Quite possibly. Someone appears to have used a phishing message to trick a high-ranking Democrat (John Podesta) into revealing information (or installing malware that revealed information) that suggested that Hillary Clinton had several unfair advantages gaining the Democratic nomination over Bernie Sanders. The effect of this news, dribbled out to the voting public over several weeks, likely had the effect of suppressing an already unenthusiastic Democratic vote and reinforcing "never Hillary" sentiments among Republicans, independent and some Democratic voters. Several signs suggest that the party that sent the phishing email could have been a Russian hacker operating under the auspices of the Russian government.

Q: Which countries have hacked us so far?
A: The list is getting longer by the day, but some of the countries from which successful cyberattacks against US political or government targets have been launched include Russia, China and Israel.

Q: Can Cybertical protect me from Russian (or other state-level) hackers?
A: If a team of trained hackers with national resources behind them is really after you, then you are probably going to get hacked. (Sorry.) However, what we can do is 1) protect you from "script kiddies" with an axe to grind against your campaign, candidate or cause, 2) reduce the attributes that would make you a target for hackers of all abilities, and 3) increase the level of defenses and alarms that hackers would need to penetrate or trip before they could access something valuable. All-in-all, we can make you a "harder target" than you otherwise would be, thus encouraging hackers to look elsewhere for easier targets to exploit.

Q: Can I evaluate other/opposition candidates with the Perimeter Walk service?
A: Yes, as long as you also purchase an evaluation for your site. (This service uses non-invasive techniques that do not require explicit permission; invasive techniques will not be performed on any site where permission has not been granted by the owner.)

Q: How should I use the cybersecurity grades you publish in reports?
A: These grades are meant to provide the general public with an idea of what security experts (like us...and hackers) see when they look at websites on the Internet. More specifically, sites with better letter grades are LESS attractive targets to hackers than those with worse letter grades. Taking it a step further, sites with an "A" grade are difficult for many hackers to "lock on to", whereas sites with an "F" grade often appear vulnerable to a number of existing "script kiddie" attacks. (A "script kiddie" is an unsophisticated hacker...so unsophisticated that all they can is run hacking tools - or "scripts" - that other people have written.)

Q: Will you speak at my conference?
A: Maybe - let's talk.

Q: I am a reporter and candidates X, Y and Z are running. Can you tell me how they rate?
A: Probably - let's talk.

Q: Can I republish your reports?
A: Certainly, for a fee. We also do "white box" or "white label" research (we do the work and you put your name on it). In any case, let's talk.

Q: Can I use the Perimeter Walk service for a political party, political action group or targeted issue site?
A: Yes, this service can be used for any political site.

Q: Could Cybertical's "Perimeter Walk" be considered a form of hacking?
A: No. The definition of hacking is "to use a computer to gain unauthorized access to data in a system." When we perform a Perimeter Walk, we use only public information that our target sites freely provide anyone who asks, or is freely available after registring on the target site as a member of the public. Since we never attempt to gain unauthorized access to target sites when performing a Perimeter Walk, it is not considered hacking.

Q: What would a "Perimeter Walk" look like in the real world?
A: Let's say you were interested in understanding whether thieves would consider your building to be an easy target or not. In the real world, a "Perimeter Walk" would be the type of service a physical security company would provide to walk around the perimeter of your property and look for obvious weaknesses, such as missing fencing, holes, blind spots, open doors/gates, and the apparent attentiveness of gate staff. Our "Perimeter Walk" service provides a similar service to that, but in cyberspace.

Q: Can I evaluate other candidates with the Simulated Attack service?
A: No. These invasive techniques (often called a "penetration test" or "pentest") require explicit permission from the owner of each targeted site.

Q: Can I use the Simulated Attack service on my ownpolitical party, political action group or targeted issue site?
A: Yes, this service can be used for any political site that you explicitly own.

Q: If I already purchased a Perimeter Walk on a site for which I am now purchasing a Simulated Attack, can I get a discount?
A: Yes. If the Simulated Attack is purchased within one month of a site's Perimeter Walk, the full purchase price of that site will be applied against the price of the Simulated Attack. After one month, a flat $200 discount is available for reevaluated sites. (Contact us to receive the appropriate discount code to use during your online purchase.)

Q: Could Cybertical's "Simulated Attack" be considered a form of hacking?
A: Yes. The definition of hacking is "to use a computer to gain unauthorized access to data in a system." When we perform a Simulated Attack, we explicitly attempt to gain unauthorized access to a target system, so it is most definitely considered hacking. With this in mind, the only way to ensure that Cybertical's Simulated Attacks remain a type of "ethical hacking" (yes, that's a thing) is to get explicit/written permission from the owner of each target site. For this reason, Cybertical Simulated Attacks cannot be contracted against opposition candidates or any other site you do not own.

Q: What would a "Simulated Attack" look like in the real world?
A: Let's say you were interested in understanding whether thieves could actually gain access to your building. In the real world, a "Simulated Attack" would be the type of service a physical security company might provide to exploit weaknesses such as missing fencing, holes, blind spots, open doors/gates, and the blind trust or laziness of gate staff to gain access to your facility. Our "Simulated Attack" service provides a similar service to that, but in cyberspace.

Q: Do your "Simulated Attacks" cover denial-of-service (DOS) or distributed-DOS (DDOS)?
A: We only test DOS conditions that may appear as a result of your application code or choice of site software, and that will likely only affect your site. We will not test traffic-related DOS attacks that may affect other customers at your hosting organization. However, we will examine your site architecture (i.e., how robust your deployment is) and provide general thoughts and recommendations regarding your likely DOS and DDOS posture.