SoylentNews is people
SoylentNews
In the run-up to the USA's upcoming national election event:
The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials.
[...] [three days later] the FBI Cyber Division issued a potentially more disturbing warning, entitled "Targeting Activity Against State Board of Election Systems." The alert, labeled as restricted for "NEED TO KNOW recipients," disclosed that the bureau was investigating cyberintrusions against two state election websites this summer, including one that resulted in the "exfiltration," or theft, of voter registration data. "It was an eye opener," one senior law enforcement official said of the bureau's discovery of the intrusions. "We believe it's kind of serious, and we're investigating."
[...] six states and parts of four others (including large swaths of Pennsylvania, a crucial swing state in this year's race) are more vulnerable because they rely on paperless touchscreen voting, known as DREs or Direct-Recording Electronic voting machines, for which there are no paper ballot backups.
[...] the FBI warning seems likely to ramp up pressure on the Department of Homeland Security to formally designate state election systems as part of the nation's "critical infrastructure" requiring federal protection — a key step, advocates say, in forestalling the possibility of foreign government meddling in the election.
The reason designating election systems "critical infrastructure" requiring federal protection is important is that designation means the Feds devote resources to protecting it and threaten a heightened response to entities messing with "critical infrastructure."
[Continues...]
Related / more info:
- Cyber Storm V: Testing the Nation's Ability to Respond to Significant Cyber Incidents
- White House releases a cyber deterrence policy outlining how the United States will respond to cyber attacks from malicious actors.
- Text of the Cyber Deterrence Policy (PDF)
Have you considered the impact on the US if the election for president is disrupted, with the winner unknown because the results are dependent upon the votes in one or more of the states with electronic-only voting systems? Some people might find it beneficial if the US election is disrupted or contested.
(Score: 2, Insightful) by Anonymous Coward on Monday August 29 2016, @10:00PM
I've seen some people that are invested in the current voting systems claim that election hacking is not a significant risk because there are so many different and distinct voting systems around the country due to them all being locally administered. That all the heterogeneity makes it too complicated to mount an effective attack.
But that logic does not cut it. You don't have to hack every system. You only have to hack strategic systems - skip all of the states (and counties) that are firmly in the bag for one candidate or another. Just target the places where the race is close. Boost a couple percentages in key districts and you can flip the entire election.
I am seriously worried about the situation and it is far too late to make any significant changes in the system.
(Score: 0) by Anonymous Coward on Monday August 29 2016, @10:47PM
They already pulled this off multiple times. The shitty security? Looks like it was built in by default, specifically to make it easier to rig elections. It is never too late to make changes in the system, but it often comes with a lot of loss.
(Score: 0) by Anonymous Coward on Monday August 29 2016, @11:18PM
> The shitty security? Looks like it was built in by default, specifically to make it easier to rig elections.
No. The shitty security in voting machines was built in by default for exactly the same reason shitty security has been built into everything by default: Ignorance, apathy and profit margins.
(Score: 2, Informative) by Anonymous Coward on Tuesday August 30 2016, @12:11AM
That's not a bad first assumption, but given the reaction to revelations of these security issues, it no longer is the simplest assumption.
(Score: 0) by Anonymous Coward on Tuesday August 30 2016, @02:13AM
> That's not a bad first assumption, but given the reaction to revelations of these security issues, it no longer is the simplest assumption.
Help us out here, could you describe the reaction you are talking about?
Because the reactions I've seen have been entirely consistent with ignorance, apathy and profit margins. And denial. But that's easily explained by short term thinking.
(Score: 2) by JNCF on Tuesday August 30 2016, @05:39PM
Help us out here, could you describe the reaction you are talking about?
Because the reactions I've seen have been entirely consistent with ignorance, apathy and profit margins. And denial. But that's easily explained by short term thinking.
How about that time when Michael Connell [wikipedia.org] was going to testify about election fraud related to the 2004 election, his lawyer requested security on the grounds that they had been informed of threats made by Karl Rove, the security request was denied, and Michael Connell subsequently died in a plane crash before being able to testify? Does that sound like ignorance, or conspiracy?
(Score: 3, Interesting) by Scruffy Beard 2 on Tuesday August 30 2016, @12:17AM
If they machines are not deliberately insecure, then why has the state-of-the-art rgressed, rather than impoved?
Computer Scientists Take Over Electronic Voting Machine with New Programming Technique [ucsd.edu]
In that paper [ucsd.edu] (pdf), they use a novel "return oriented programming" technique to re-program a machine with Read-only Memory for storing the voting software. To do this, they reverse-engineered the machine, and leveraged a stack over-flow in the configuration routine.
This strip [xkcd.com] came out at about the same time.
Machines running anti-viruses experience constant software updates. No way that is secure.
(Score: 3, Informative) by Scruffy Beard 2 on Tuesday August 30 2016, @12:32AM
Tampering with US voting machine as easy as ‘abcde’, says Virginia report [sophos.com]
(Score: 0) by Anonymous Coward on Tuesday August 30 2016, @02:20AM
> If they machines are not deliberately insecure, then why has the state-of-the-art rgressed, rather than impoved?
Lack of anyone in charge giving a shit mean things continue right on down the shitter. New security exploits are developed on a daily basis, but nobody actively working to improve security means stagnation at best. So systems become more and more insecure as time passes.
We regularly hear about newly discovered flaws in general computing systems like iphones and windows that have been around for years, why should voting machines (all of which are built on top of general purpose computers) be any different?
(Score: 1) by Arik on Tuesday August 30 2016, @12:44AM
If laughter is the best medicine, who are the best doctors?
(Score: 2) by tibman on Tuesday August 30 2016, @04:33AM
It's a weak excuse. Nobody will hack it because that would be hard. WTF!
SN won't survive on lurkers alone. Write comments.