Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Wednesday July 18 2018, @12:31PM   Printer-friendly
from the idiocracy++ dept.

Submitted via IRC for Sulla

The nation's top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them.

In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had "provided pcAnywhere remote connection software ... to a small number of customers between 2000 and 2006," which was installed on the election-management system ES&S sold them.

The statement contradicts what the company told me and fact checkers for a story I wrote for the[sic] New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. "None of the employees, ... including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software," the spokesperson said.

[...] Election-management systems are not the voting terminals that voters use to cast their ballots, but are just as critical: they sit in county election offices and contain software that in some counties is used to program all the voting machines used in the county; the systems also tabulate final results aggregated from voting machines.

Software like pcAnywhere is used by system administrators to access and control systems from a remote location to conduct maintenance or upgrade or alter software. But election-management systems and voting machines are supposed to be air-gapped for security reasons—that is, disconnected from the internet and from any other systems that are connected to the internet. ES&S customers who had pcAnywhere installed also had modems on their election-management systems so ES&S technicians could dial into the systems and use the software to troubleshoot, thereby creating a potential port of entry for hackers as well.

[...] In 2006, the same period when ES&S says it was still installing pcAnywhere on election systems, hackers stole the source code for the pcAnyhere software, though the public didn’t learn of this until years later in 2012 when a hacker posted some of the source code online, forcing Symantec, the distributor of pcAnywhere, to admit that it had been stolen years earlier. Source code is invaluable to hackers because it allows them to examine the code to find security flaws they can exploit. When Symantec admitted to the theft in 2012, it took the unprecedented step of warning users to disable or uninstall the software until it could make sure that any security flaws in the software had been patched.

Around this same time, security researchers discovered a critical vulnerability in pcAnywhere that would allow an attacker to seize control of a system that had the software installed on it, without needing to authenticate themselves to the system with a password. And other researchers with the security firm Rapid7 scanned the internet for any computers that were online and had pcAnywhere installed on them and found nearly 150,000 were configured in a way that would allow direct access to them.

Source: Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States

[20180718_130441 UTC; Updated to add: description of election management systems, stolen source code, and report of a critical vulnerability.]


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by Azuma Hazuki on Wednesday July 18 2018, @04:15PM (4 children)

    by Azuma Hazuki (5086) on Wednesday July 18 2018, @04:15PM (#708850) Journal

    No more of this shit. It is not crystal clear that our votes have been manipulated and falsified, and very probably going all the way back to the disastrous 2000 election (remember the head of Diebold saying he was committed to getting R votes?). Paper ballots, with several counts, all being watched like a hawk.

    --
    I am "that girl" your mother warned you about...
    Starting Score:    1  point
    Moderation   +3  
       Insightful=3, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 4, Insightful) by digitalaudiorock on Wednesday July 18 2018, @05:53PM (3 children)

    by digitalaudiorock (688) on Wednesday July 18 2018, @05:53PM (#708904) Journal

    Amen to that. It should be almost impossible for any concept to be worse than electronic voting itself, but electronic voting with fucking proprietary software absolutely is. And yes...I remember Diebold's O'Dell pledging to "deliver Ohio" to Bush...fuck me anyway.

    Also...pcAnywhere??? I thought that went away with 900 baud modems(??). Whatever the intention (which can't possibly be good) the Russians must have loved that one.

    • (Score: 2, Insightful) by Anonymous Coward on Wednesday July 18 2018, @06:30PM (1 child)

      by Anonymous Coward on Wednesday July 18 2018, @06:30PM (#708925)

      The Rs realized the majority of citizens were no longer supportive of their regressive politics, so they cheated (seems incredibly likely) and manipulated the states still stuck in the 80s and treating Reagan like the 2nd coming.

      I mean really, the more I learn about Reagan the more it just makes no sense. Brainwashing propaganda is so very real!

      • (Score: 2) by bob_super on Wednesday July 18 2018, @06:59PM

        by bob_super (1357) on Wednesday July 18 2018, @06:59PM (#708944)

        The Rs realized that the Ds moved too far into their turf (see Clinton's achievements), so they decided to recapture the formerly D unionized vote by going full anti-system anti-foreigners.
        It worked, as it previously (and simultaneously) worked in Europe and elsewhere after a giant crisis, because it's so much easier to blame someone (and pray your god) for your problems, even at the expense of your own safety net.

        The Democratic party is still too stupid to answer this, even as their main allies are being decimated. Focusing on Trump being an idiot, or on Illegals being mistreated, is not going to win the next election.

    • (Score: 4, Insightful) by bob_super on Wednesday July 18 2018, @06:48PM

      by bob_super (1357) on Wednesday July 18 2018, @06:48PM (#708940)

      > It should be almost impossible for any concept to be worse than electronic voting itself, but electronic voting with fucking proprietary software absolutely is.

      How about "electronic voting with fucking proprietary software" with a law stating that paper accountability was illegal ?
      Even Putin and Kim were wondering why we didn't go for the less obvious direct disqualification/elimination of the opponent.