Our "simulated attack" service will probe your political web site from the perspective of a hacker, and provide you actionable recommendations to improve its cybersecurity posture.
This service includes:
- Analysis of a single site
- Non-invasive reconnaissance of the sort hackers often perform (a Perimeter Walk)
- A report detailing specific findings from initial reconnaissance and proposed simulated attack
- A conference to discuss the proposed attack
- An invasive probe that simulates a hacker's attack
- A report detailing specific findings from reconnaissance and the simulated attack, and recommendations to improve your security posture
- An exit conference to discuss the report
Definition of "Non-Invasive Reconnaissance"
See Perimeter Walk.
Definition of "Invasive Probe"
Our probe (a type of "pentration test") will test sign-on screens, attempt to exploit vulnerabilities (in harmless ways), attempt to add and then remove files from your site, and otherwise confirm the existence of problems we suspect after conducting non-invasive reconnaissance.
This information would be available to hackers who specifically targeted your sites. Since hackers could perform these techniques too it it critical for you to understand what they could do and how it can be used against your campaign and your candidate.
How to Engage Us
The "simulated attack" service is available for an affordable price, and can be purchased online with a credit card through Square's secure site.
Frequently Asked Questions
Q: Can I evaluate other candidates with this service?
A: No. These invasive techniques (often called a "penetration test" or "pentest") require explicit permission from the owner of each targeted site.
Q: Can I use this service for a political party, political action group or targeted issue site?
A: Yes, this service can be used for any political site that you own.
Q: If I already purchased a Perimeter Walk on a site for which I am now purchasing a Simulated Attack, can I get a discount?
A: Yes. If the Simulated Attack is purchased within one month of a site's Perimeter Walk, the full purchase price of that site will be applied against the price of the Simulated Attack. After one month, a flat $200 discount is available for reevaluated sites. (Contact us to receive the appropriate discount code to use during your online purchase.)
Q: Could Cybertical's "Simulated Attack" be considered a form of hacking?
A: Yes. The definition of hacking is "to use a computer to gain unauthorized access to data in a system." When we perform a Simulated Attack, we explicitly attempt to gain unauthorized access to a target system, so it is most definitely considered hacking. With this in mind, the only way to ensure that Cybertical's Simulated Attacks remain a type of "ethical hacking" (yes, that's a thing) is to get explicit/written permission from the owner of each target site. For this reason, Cybertical Simulated Attacks cannot be contracted against opposition candidates or any other site you do not own.
Q: What would a "Simulated Attack" look like in the real world?
A: Let's say you were interested in understanding whether thieves could actually gain access to your building. In the real world, a "Simulated Attack" would be the type of service a physical security company might provide to exploit weaknesses such as missing fencing, holes, blind spots, open doors/gates, and the blind trust or laziness of gate staff to gain access to your facility. Our "Simulated Attack" service provides a similar service to that, but in cyberspace.
Q: Do your "Simulated Attacks" cover denial-of-service (DOS) or distributed-DOS (DDOS)?
A: We only test DOS conditions that may appear as a result of your application code or choice of site software, and that will likely only affect your site. We will not test traffic-related DOS attacks that may affect other customers at your hosting organization. However, we will examine your site architecture (i.e., how robust your deployment is) and provide general thoughts and recommendations regarding your likely DOS and DDOS posture.