SoylentNews is people
SoylentNews
Five years ago, Vladimir Putin publicly fumed that the US was interfering with internal Russian politics. He felt that the US emboldened local protestors by claiming that the 2012 Russian elections (which he won with more than a 46 point margin) were rigged. It's been said he's seeking payback by discrediting American elections. Not necessarily to help one candidate over another (Putin has said "We don't back anyone – it's not our business"), but to throw the legitimacy of US elections into doubt the same way he believes the US delegitimatized his landslide victory of 2012.
We've been told that hacking the vote would be difficult due to the wide variety of locally implemented voting systems. But that doesn't necessarily apply to state-level voter registration databases. Introducing minor amounts of errors, even just 1% of the total records could cause chaos on election day. If 1 in every 100 voters is turned away from the polls, that would have enormous repercussions on the election, far greater than the hanging chads had in Florida. There have already been reports of the exfiltration of registration data in two states and attacks on registration systems in another 20 states.
Now a white hat hacker has demonstrated just how easy it is to modify registration data in Indiana using only publicly available data.
(Score: 4, Insightful) by Runaway1956 on Saturday October 15 2016, @02:20AM
"difficult due to the wide variety of locally implemented voting systems"
So the states are relying on security through obscurity. The same thing for which *nix has been mocked through the years. With the major differences being, the owners aren't obscure even from the outset. And, these datasets can be considered as "high value" as opposed to some nerd running a strangely configured Linux.
I short, they are assuring us that because their community organizers don't know how to hack the systems, they feel safe.
(Score: 0) by Anonymous Coward on Saturday October 15 2016, @03:13AM
> The same thing for which *nix has been mocked through the years.
lolwut?
Your persecution complex is showing again.
BTW, it isn't security through obscurity in this case either. Its security through level of effort, which is the cornerstone of all security. In this case, the effort necessary to individually analyse and then hack thousands of voting systems rather than script-kiddee it with one automated tool that directed by a single master cracker.
(Score: 2) by Runaway1956 on Saturday October 15 2016, @05:21AM
Lolwut right back at you. Security through effort? The only "effort" put into this security "scheme" is, competing interests from various vendors. One vendor sold one solution to this customer, another vendor sold a competing scheme to another, etc ad nauseum. Somewhat like Linux, there are a number of different "flavors" of electronic voting schemes in use. And, exactly like Linux, no individual can know for sure (until he starts hacking/cracking the system) which security measures have been implemented. This is "security through obscurity". My (or your) first approach to any given system is completely blind. You have to start really simple, and find out whether the system responds to common inquiries (ping?) before you can begin to decide on any approach that might get you into the system.
Effort? Really? Somewhat like banks and government agencies, they rely more on the law punishing anyone getting into the system, than they rely on preventing unauthorized entry. Log everything, then go after the dumb chump who was exploring. Except - since we aren't even logging the votes in many instances, I wonder if there are logs of attempted access. Probably not. The mysterious "they" want to log our telephone calls, but see no need to log votes, or unauthorized access to voting machines.
Whatever point you're trying to make here, that don't don't hunt. You might as well leave it lying under the porch.
(Score: 0) by Anonymous Coward on Saturday October 15 2016, @12:40PM
> Security through effort? The only "effort" put into this security "scheme" is, competing interests from various vendors.
I see you have no actual experience with security. All security is about raising the level of effort for the attacker. There is no such thing as perfect security, there is only cost to compromise versus value of a successful compromise. Figuring out how to compromise a thousand different systems is literally 1000x more expensive than figuring out how to compromise a single system. You've been around long enough you must have heard the arguments about exploits of a microsoft monoculture.
(Score: 0) by Anonymous Coward on Saturday October 15 2016, @05:06PM
> Trump says mean things sometimes. Clinton means things all the time.
FTFY