National: Microsoft uncovers more Russian hacking attempts | Winslow Record

Microsoft said Tuesday it has uncovered new Russian hacking attempts targeting U.S. political groups ahead of the midterm elections. The company said that a hacking group tied to the Russian government created fake internet domains that appeared to spoof two American conservative organizations: the Hudson Institute and the International Republican Institute. Three other fake domains were designed to look as if they belonged to the U.S. Senate. Microsoft didn’t offer any further description of the fake sites. The revelation came just weeks after a similar Microsoft discovery led Sen. Claire McCaskill, a Missouri Democrat who is running for re-election, to reveal that Russian hackers tried unsuccessfully to infiltrate her Senate computer network.

Europe: EU Voters Worried About Election Hacking and Disinformation | Infosecurity Magazine

UK voters are among the most concerned in Europe that elections could be sabotaged by cyber-attacks, according to a new European Commission study. The survey polled over 27,000 citizens across the EU with face-to-face interviews to better understand their concerns ahead of upcoming European elections in May 2019. While an average of 61% said they were worried about potential cyber-attacks manipulating the results of the election, the figure rose to 67% in the UK — one of the highest of any country. UK voters (64%) were also more likely than most Europeans (59%) to fear foreign actors and criminal groups influencing elections covertly. Across Europe, 67% said they were concerned that their personal data could be used to target the political messages they see — a reference to the Cambridge Analytica scandal that may have impacted the results of the US presidential election and Brexit referendum in 2016.

National: A Nielsen exit could leave void as DHS gains new cybersecurity authority | The Washington Post

As the Department of Homeland Security gains new authority over cybersecurity and continues its review of election security during the 2018 midterms, Secretary Kirstjen Nielsen’s future at the agency remains uncertain. During a “Fox News Sunday” interview, President Trump would not commit to Nielsen continuing as DHS secretary following a Washington Post report that he is planning to remove her from the post. Just two days earlier, Nielsen stood by his side as he signed a bill into law that  creates a new cyber-focused agency within DHS. “There’s a chance, there’s a chance everybody, I mean that’s what happens in government, you leave, you make a name, you go,” Trump told Fox News’s Chris Wallace yesterday when asked whether Nielsen would continue at DHS. “I like her very much, I respect her very much, I’d like her to get much tougher on the border — much tougher, period.”

Georgia: Close race is over, but doubts remain about Georgia election security | WRAL

Two months before Election Day, a judge asked state officials a deceptively straightforward question: How had they repaired a data breach in Georgia’s voter-registration system? They didn’t know. This exchange, cited in court filings last week, underscored the ambiguities surrounding Georgia’s unusually close Nov. 6 election. A series of lawsuits exposed significant failings in how the state managed this year’s voting, while also casting doubt on the integrity of future elections. One judge found that “repeated inaccuracies” in registration data kept qualified voters from casting ballots. Witnesses described chaotic scenes at polling places, where voting supervisors inconsistently applied rules on provisional balloting and other matters. And the plaintiffs in one case claimed that election officials did nothing to protect against “known vulnerabilities,” such as the data breach discovered in 2017, that left their computer system open to manipulation and attack.

Georgia: Close race is over, but doubts remain about Georgia election security | The Atlanta Journal-Constitution

Two months before Election Day, a judge asked state officials a deceptively straightforward question: How had they repaired a data breach in Georgia’s voter-registration system? They didn’t know. This exchange, cited in court filings last week, underscored the ambiguities surrounding Georgia’s unusually close Nov. 6 election. A series of lawsuits exposed significant failings in how the state managed this year’s voting, while also casting doubt on the integrity of future elections. One judge found that “repeated inaccuracies” in registration data kept qualified voters from casting ballots. Witnesses described chaotic scenes at polling places, where voting supervisors inconsistently applied rules on provisional balloting and other matters. And the plaintiffs in one case claimed that election officials did nothing to protect against “known vulnerabilities,” such as the data breach discovered in 2017, that left their computer system open to manipulation and attack.

National: New Video Provides Proof of Cellular Modems in Voting Machines | WhoWhatWhy

In the past few days, election integrity activists got up close to the current generation of ES&S voting machines — close enough to record video of a digital scanner voting machine sending results wirelessly. The ability of the machines to communicate with the outside world has generally not been acknowledged by either the manufacturer or election officials. Yet this wireless link is at the heart of concerns that election results could be hacked or manipulated, “including attacks that could change vote totals and election results,” said Emily Levy, director of communications at the voting transparency group AUDIT-USA. Almost two decades after its starring role in the 2000 Bush v. Gore Florida voting debacle, the Broward County Supervisor of Elections Office is still the centerfold for election integrity issues — not just in Florida but in the country as a whole.

National: Reviewing midterms for signs of interference | Politico

The U.S. intelligence community is launching a first-ever review of potential foreign influence in an election. Although DHS and other federal agencies have said they saw no sign of such interference, the step was mandated by a September executive order. “The Director of National Intelligence will provide an assessment of any foreign interference in our elections within 45 days,” Kellie Wade, a spokesperson for the Office of the Director of National Intelligence, told ABC News in a story late last week. “This assessment will be fully coordinated within the intelligence community, and will be provided to the President and to relevant Cabinet members.”

National: Washington, North Carolina voting security may be vulnerable | McClatchy

Security gaps similar to, but much less porous than, those in Georgia’s voter registration system have been identified in Washington state, potentially providing bad actors ways to foul citizens’ eligibility to cast ballots in last week’s elections, cyber experts say. And states such as North Carolina, which make their voter registration data widely available, could enable someone to change voters’ data by mail, they said. Officials in both Washington and North Carolina expressed confidence they would spot any widespread tampering with voter registration records. “Voters can rest assured that Washington’s election system is secure,” says the website of its secretary of state. However, the cyber experts said Washington appears to have failed to plug all the holes after the U.S. Department of Homeland Security warned last year that Russian cyber operatives had downloaded voter records from Illinois’ database in advance of the 2016 presidential election and attempted to do so in 20 other states. In “a small number of states,” the Russians “were in a position to” alter or delete voter registration information, the Senate Intelligence Committee said last May.

Editorials: Election security requires federal action: Think of it as an infrastructure opportunity  | Adam K. Levin/The Hill

The framers were futurists in many ways. The original thinking behind our various methods of choosing elected officials was both original and quite literally world-changing, but the system needs an update as technology changes. Pundits will debate certain aspects of our election process. It doesn’t matter which ones. Some decry the soundness of the electoral college in a post-agrarian world (that discussion can wait till 2020), while others focus on the challenges of presenting the public with a truly representative slate of candidates. All such discussions are in the weeds so far as the single most important electoral issue we face. The issues out there are legion, but the secure transport of data is paramount. The way election systems information moves from place to place is key among the myriad attack vectors currently pointed at our nation’s democratic process. This must change.

National: Cybersecurity officials start focusing on the 2020 elections | Associated Press

An unprecedented federal and state collaboration to defend election systems against Russian interference ended with no obvious voting system compromises, although it’s not entirely clear why. Federal officials are wondering whether foreign agents are saving their ammunition for the 2020 presidential showdown or planning a late-stage misinformation campaign to claim Tuesday’s election had been tainted. It doesn’t change how vulnerable most states are to possible interference. “They’ve shown will, they’ve shown the capability,” Homeland Security Secretary Kirstjen Nielsen said. “I certainly can’t speak to why they’re doing or not doing something. But I would just offer to put it in a broader perspective — they have a full-court press through many means … to try to affect our democracy.” In a news conference Wednesday after Democrats won control of the House, President Donald Trump said his administration worked hard to shore up elections and he’d issue a report soon on the effort.

National: Why Securing Elections Requires a Little Bit of Zero-Trust | StateTech

As the country digests the results of this year’s midterm elections, the concerns that were raised about the potential risk of cybersecurity threats to our voting systems remain. This year, Congress passed the Consolidated Appropriations Act of 2018 to make nearly $400 million available to the states to improve their administration of federal elections. I’ve met with secretaries of state, state IT leaders and local government officials across the country who were intensely focused on how to use this assistance to shore up election systems cybersecurity. Having served in state IT leadership for much of my career, I know how important it is to spend resources wisely and emphasize solutions that address the core issues of a challenge, versus simply applying a Band-Aid to solve it. Because our voting system is multifaceted, potential solutions to the election security challenge require a deeper focus on infrastructure. Even though the election is over, states should see election security as a year-round effort. States are the architects and supervisors of their respective election systems, and they execute this important constituent service in varying ways. Some states vote exclusively by mail, while others rely exclusively on electronic voting machines. Other states have a combination of voting options available to constituents in different localities.

National: DHS Wants to Expand the Reach of Its Critical Infrastructure Cyber Training | Nextgov

The Homeland Security Department wants to surge its ability to train critical infrastructure owners and operators on cybersecurity, according to a contracting document released Wednesday. The department is seeking a video conferencing service that it can use to provide cybersecurity webinars to 5,000 or more critical infrastructure operators simultaneously, according to the contracting document. The term critical infrastructure refers to 16 sectors the government has determined are vital to the nation’s successful operation. They include hospitals, banks, energy plants, dams and transportation hubs such as airports and train stations. The department officially designated election infrastructure, such as voting machines and voter rolls, critical infrastructure in January 2017, after Russian efforts to breach those systems during the 2016 elections.

National: Democrats tech boss can’t guarantee midterms were hack-free | Yahoo

The Democrats’ top cybersecurity boss said he cannot guarantee the midterm elections earlier this week were hack-free. “Good news is we didn’t hear very much on that day,” said Raffi Krikorian, the chief technology officer of the Democratic National Committee, on Thursday. “But remember, any sophisticated attack is not something we’re going to detect today. It’s something we’re going to detect a few days from now, or a few weeks … or a few months from now, as we go through our logs and try to understand what really happened.” Krikorian made his first public remarks since the US midterms at the annual Web Summit tech event in Lisbon, Portugal. Krikorian leads a team of 35 technology and security specialists tasked with protecting the Democrats and the party’s tech infrastructure. He was previously a top executive at Uber and pioneered self-driving technology at the ride-sharing company. Prior to Uber, he worked as a top engineering executive at Twitter (TWTR).

National: Threats remain to US voting system – and voters’ perceptions of reality | The Conversation

As the 2018 midterms proceed, there are still significant risks to the integrity of the voting system – and information warfare continues to try to influence the American public’s choices when they cast their ballots. On the day of the election, there were a number of early hitches in voting at individual polling places, such as polling places opening late and vote-counting machines not plugged in. But there seem not – at least not yet – to be major problems across the country. However, not all the election-related news and information voters have been encountering in recent days and weeks is accurate, and some of it is deliberately misleading. As this election’s results come back, they will reveal whether the misinformation and propaganda campaigns conducted alongside the political ones were effective. America’s electoral process remains highly fragmented, because of the country’s cherished tradition of decentralized government and local control. While this may leave some individual communities’ voting equipment potentially vulnerable to attack, the nation’s voting process overall may be more trustworthy as a result of this fragmentation. With no unified government agency or office to provide, administer and protect election technologies, there’s not one central national element that could fail or be attacked.

Ukraine: Three Things Ukraine Must Do Now If It Wants Clean Elections Next Year | Atlantic Council

The parliament renewed Ukraine’s highest election body, the Central Election Commission, ahead of the crucial 2019 general elections. On September 20, the parliament replaced all 13 CEC members who were serving on expired terms. In a swift decision—too swift in the opinion of the opposition—the Rada expanded the membership of the CEC from 15 to 17. Parliament appointed fourteen presidential nominees, two members were carried over from the old CEC, and one seat was left vacant. Rada Speaker Andriy Parubiy and BPP representative Iryna Lutsenko both promised that a nominee from the Opposition Bloc will soon join. Thus, all parliamentary factions will be represented on the renewed CEC. This move can’t come soon enough. The country will hold its presidential election in March and parliamentary polls in October.

National: The Unprecedented Effort to Secure Election Day | WIRED

After Russia’s misinformation campaign rattled the 2016 United States election season, scrutiny over this year’s midterms has been intense. And while foreign cybersecurity threats have so far been relatively muted, an unclassified government report obtained by The Boston Globe this week indicates more than 160 suspected election-related incidents since the beginning of August, ranging from suspicious login attempts to compromised municipal networks. Officials haven’t attributed most of it to an actor yet, but the situations include suspicious attempted logins on election systems like voter databases and municipal network compromises. Even in July, Microsoft said it had spotted four incidents of attempted campaign phishing. … The government won’t go it alone. Verified Voting, a group that promotes election system best practices, is part of the nonpartisan Election Protection coalition, which offers a hotline for voter information and issues. Verified Voting particularly specializes in fielding questions about technology issues related to voting. Some of those have already come up; in Texas and Georgia, outdated software and poor design features on paperless voting machines have caused a small but jarring number of incidents in which votes appear to be switched from a voter’s selection.

National: Vulnerable Voting Infrastructure and the Future of Election Security | Security Boulevard

It’s been two years since international interference sabotaged the United States’ election security, and still the vulnerability of our voting infrastructure remains a major problem. This past May, during Tennessee’s primary election, the Knox County election website fell prey to a DDoS attack. And just days ago, Texas voters experienced “ominous irregularities” from voting machines. In the lead up to the midterm elections, Radware surveyed Facebook users on the safety of U.S. elections, and the results paint a gloomy picture. The overwhelming majority (93.4 percent) of respondents believe that our election system is vulnerable to targeting and hacking—and they’re correct. What’s more, respondents were unable to suggest long-term tenable solutions when asked how the U.S. can improve its election safety (which is understandable, given the complexity of the issue). It is alarmingly quick and easy to hack into U.S. voting systems; just ask the 11-year-old boy who earlier this year demonstrated how he could hack into a replica of the Florida state election website and change voting results in under 10 minutes.

National: How the Election Assistance Commission Came Not to Care So Much About Election Security | ProPublica

In a rush of preparation for this year’s midterm elections, scores of state and local governments have been working to safeguard their election systems from being hacked or otherwise compromised. At the same time, according to interviews with more than a dozen national, state and local election officials, the federal commission responsible for providing assistance to them has either been missing in action or working to thwart their efforts. The Election Assistance Commission has ceded its leadership role in providing security training, state and local officials say, forcing them to rely on the help of the U.S. Department of Homeland Security, which lacks the same level of experience in the issues confronting the country’s voting systems. One of the EAC’s commissioners has dismissed the threat of foreign governments undermining American elections in private meetings with state election officials, and often personally appealed to individual officials not to waste their time on the idea that election systems might be vulnerable to outside meddling.

National: Dozens of states tighten election security — by going back to paper | UPI

As key midterm elections approach, U.S. authorities are taking measures to make sure the balloting is secure and free of foreign influence. For years, a number of polling places have gone more high-tech with electronic voting machines. Fears about vulnerabilities in the systems, however, are turning eyes to a strikingly low-tech option — paper ballots. The United States largely moved away from paper ballots after the 2004 Help America Vote Act replaced lever and punch-card voting machines with Direct Recording Electronic, or DRE, systems. The reform was a direct result of the notoriously contested 2000 presidential election, which triggered weeks of recounts and multiple complaints about paper ballots in Florida. … The committee said many of the electronic voting systems are now outdated, and recommended all states go back to paper ballots — or, at least mandate that electronic machines produce a paper hard copy that can be audited.

National: Hackers are using malware to find vulnerabilities in U.S. swing states. Expect cyberattacks. | The Washington Post

The Pentagon has launched a preemptive strike against the Russian hackers who may have attacked the 2016 presidential election with social media influence campaigns. Numerous initiatives, including Harvard University’s Defending Digital Democracy Project, have educated officials on how to fortify elections against cyberattacks and encouraged social media companies to take down fake accounts. Despite these efforts, 67 percent of Americans consider that a foreign influence campaign, either by Russia or other governments, during the midterm elections is “very or somewhat” plausible. Their worry might have some basis. There’s another threat that few have worked to defend against: malware, or malicious software, designed to steal, deny or alter information. And our research strongly suggests that these attacks are underway in U.S. swing states, as we explain below.

National: The cyber-hardened voting booth | The Fifth Domian

Protecting our elections from cyber meddling is a long-term effort; there is no silver-bullet answer. Yet the security of the 2018 midterm elections has practically made more headlines than the candidates have. A report from the the Center for Strategic and International Studies, in partnership with Raytheon, found that since the 2016 elections, 40 states have invested more than $75 million to improve election security. The center compiled the report from multiple sources and a survey it conducted with its network of cybersecurity experts. Robert “Bob” Kolasky, National Risk Management Center director at the Department of Homeland Security, expressed his confidence in the security of our election systems at an event ahead of the midterms elections. The event was hosted by CSIS on Oct. 30, in Washington, D.C.

National: U.S. Girds for Possible Russian Meddling on Election Day | Wall Street Journal

Two years ago, Rob Silvers arrived at a nondescript federal building in the Virginia suburbs of Washington on election day, afraid America was about to be hit by a catastrophic cyberattack. An alleged Russian operation to hack Democratic emails and peddle divisive disinformation was months in the making; election systems across the country had been probed by suspected Russian hackers; and one state—Illinois—had seen its voter registration database breached. “There was no playbook,” said Mr. Silvers, then a senior official at the Department of Homeland Security, now a partner at the law firm Paul Hastings. “We were writing the playbook as we were executing it.“ His worst fears never materialized, but Russia’s alleged actions convinced officials that cybersecurity would be a critical aspect of any future election. This year, voters will be casting ballots in what experts say will be the most secure U.S. election since the birth of the internet, thanks to steps taken since 2016. “States all across the country are more prepared,” said Wayne Williams, the Republican secretary of state of Colorado, who has been among the most active in adopting electoral cybersecurity measures.

National: File-Sharing Software on State Election Servers Could Expose Them to Intruders | ProPublica

As recently as Monday, computer servers that powered Kentucky’s online voter registration and Wisconsin’s reporting of election results ran software that could potentially expose information to hackers or enable access to sensitive files without a password. The insecure service run by Wisconsin could be reached from internet addresses based in Russia, which has become notorious for seeking to influence U.S. elections. Kentucky’s was accessible from other Eastern European countries. The service, known as FTP, provides public access to files — sometimes anonymously and without encryption. As a result, security experts say, it could act as a gateway for hackers to acquire key details of a server’s operating system and exploit its vulnerabilities. Some corporations and other institutions have dropped FTP in favor of more secure alternatives. Officials in both states said that voter-registration data has not been compromised and that their states’ infrastructure was protected against infiltration. Still, Wisconsin said it turned off its FTP service following ProPublica’s inquiries. Kentucky left its password-free service running and said ProPublica didn’t understand its approach to security.

National: Hackers targeting election networks across country in lead up to midterms | The Boston Globe

Hackers have ramped up their efforts to meddle with the country’s election infrastructure in the weeks leading up to Tuesday’s midterms, sparking a raft of investigations into election interference, internal intelligence documents show. The hackers have targeted voter registration databases, election officials, and networks across the country, from counties in the Southwest to a city government in the Midwest, according to Department of Homeland Security election threat reports reviewed by the Globe. The agency says publicly all the recent attempts have been prevented or mitigated, but internal documents show hackers have had “limited success.” The recent incidents, ranging from injections of malicious computer code to a massive number of bogus requests for voter registration forms, have not been publicly disclosed until now. Federal agencies have logged more than 160 reports of suspected meddling in US elections since Aug. 1, documents show. The pace of suspicious activity has picked up in recent weeks — up to 10 incidents each day — and officials are on high alert.

National: Ready or not, states are about to find out if their election security investments worked | StateScoop

Last month, election officials in Vermont disclosed that the state had notified the U.S. Department of Homeland Security that it had detected a computer with an internet protocol address leading back to Russia snooping around its voter registration database in August. While the state said no data was altered , the incidentwas a reminder that the foreign cyberthreatis still out there, nearly two years after it dominated the conversation about the 2016 campaign. This election cycle, state and local officials who supervise elections have scrambled to add cybersecurity to portfolios that long consisted mostly of registering voters and tabulating ballots. The inflectionpoint came in September 2017, when DHS said that Russian hackers attempted to penetrate the voter registration systems in at least 21 states in 2016 and did so successfully in Illinois. With all that in mind, those state officials have becomeactive partners with the federal government, whileupgrading computer systems, replacing equipment and sharing threat information.On Tuesday, they and their voters will find out if their efforts were worthwhile.

National: Homeland Security’s biggest election concern is what comes after you vote | CNET

The biggest concern for election security isn’t about Election Day — it’s about the day after, Department of Homeland Security Secretary Kirstjen Nielsen said. “My biggest concern is that a foreign entity will take the opportunity after the election, or the night of the election, to attempt to sow discord through social media by suggesting that something’s not working as it should in a particular area,” Nielsen said Friday morning at a Council on Foreign Relations event in New York. The conversation with Nielsen about comes just four days before Election Day and amid major DHS efforts to protect the US elections from foreign interference. That includes assisting election officials in all 50 states, creating its own center toprotect critical infrastructure, and attending Defcon to learn about voting machine flaws. While DHS is working to protect the machines and make sure voting officials are prepared, it’s that wave of disinformation on social media that’ll follow the election that Nielsen’s most worried about.

National: Could Hackers Give Us Another Bush v. Gore? | Washingtonian

The scenario would go like this. On Tuesday, November 6, Americans tune to television sets and radio broadcasts, unlock their phones and keep an eye on their desktop screens, all waiting for the same thing: A definitive account of who has won what in the midterm elections. Throughout the night, election numbers shoot across their screens—live, preliminary return data pumped in from congressional and Senate races across the country, and key gubernatorial races, too. Then, around 10 PM EST, CNN anchors announce the network’s call: The Democrats have taken control of the House, winning 31 of the necessary 24 seats to successfully wrest control from Republicans. On camera, Van Jones and Anderson Cooper waste no time as they begin discussing the implications of the victory and how the midterm results have placed the Trump presidency in a new chapter of turmoil. But there’s a problem. Fox News analysts have just announced the opposite result: In an extraordinary turn of events, Republicans have managed to hang on to their majority by a single seat, retaining control of the House. It’s a major political upset, says Bret Baier, and a replay of Trump’s surprise victory in 2016. And yet for clients of the newswire Reuters, the results are simply opaque—with political analysts there reporting that control of the House, and several nail-biter gubernatorial and Senate races, still remain too close to call.

National: Securing voting machines means raising funds | The Parallax

There likely isn’t a quick fix for complex U.S. election integrity challenges such as social-engineering interference on Facebook. Experts say there is a straightforward response, however, to vulnerable voting-machine software. The problem is that it involves cooperation in Congress. When the Senate failed to move the Secure Elections Act forward in August because of White House concerns over states’ rights, coupled with funding concerns, the United States lost its best chance this year of taking steps toward patching voting machines. The most recent federal dollars devoted to improving elections came from the Help Americans Vote Act of 2002, which was itself flawed because its authors failed to predict cybersecurity standards for voting machines. The idea of hackers infiltrating computerized voting machines at the time was “completely ridiculous,” says Margaret MacAlpine, a voting-machine security researcher and a founding partner of cybersecurity consultancy Nordic Innovation Labs. “The cybersecurity threat was more than science fiction at that point,” she says. And even now, as knowledge that the machines are vulnerable to hackers spreads, there is still a lack of political will to allocate the funds needed to replace them and ensure that new machines are secured against attacks, she says.

National: A Voter’s Guide to Election Security | Associated Press

Americans are now voting in the first major election since Russians launched a broad assault on the 2016 presidential campaign. And while election officials and security experts remain vigilant through Election Day, voters have a critical role in the fight to keep elections safe and accessible. The average voter shouldn’t be too concerned about foreign interference in elections, said Maurice Turner, a senior technologist at the nonprofit Center for Democracy and Technology in Washington, D.C. But, he said, that doesn’t mean she should be passive about secure elections. By understanding the system, its flaws and what needs changing, voters can call for accountability from election officials and state policymakers. “I’m hoping for a quiet Election Day,” Turner said. “I’m hoping that we can focus on the issues that are on the ballot versus how we’re going to count the ballot.” Malicious actors might attack the midterms by manipulating voter registration rolls. While a May report from the Senate Intelligence Committee said the “U.S. election infrastructure is fundamentally resilient,” it also outlined Russian attempts in 2016 to scan election systems in 21 states and aggressively try to infiltrate six of them.

Voting Blogs: This Software is Exposing State Election Servers to Intruders | Democracy Chronicles

A ProPublica analysis found election computer servers in Wisconsin and Kentucky could be susceptible to hacking. Wisconsin shut down its service in response to our inquiries. As recently as Monday, computer servers that powered Kentucky’s online voter registration and Wisconsin’s reporting of election results ran software that could potentially expose information to hackers or enable access to sensitive files without a password. The insecure service run by Wisconsin could be reached from internet addresses based in Russia, which has become notorious for seeking to influence U.S. elections. Kentucky’s was accessible from other Eastern European countries. The service, known as FTP, provides public access to files — sometimes anonymously and without encryption. As a result, security experts say, it could act as a gateway for hackers to acquire key details of a server’s operating system and exploit its vulnerabilities. Some corporations and other institutions have dropped FTP in favor of more secure alternatives.