Electronic Vulnerability

RoundUp: Spy vs Spy, while Officials and Voters lose

Almost every day lately there is news on the potential of future and past hacking, including election hacking. Today we suggest three recent articles and a report.

The N.S.A. bans its analysts from using Kaspersky antivirus at the agency, in large part because the agency has exploited antivirus software for its own foreign hacking operations and knows the same technique is used by its adversaries.

If Russia can attack our election, so can others: Iran, North Korea, ISIS, or even criminal or extremist groups.

Exactly a year after U.S. intelligence issued a stern warning about Russian interference in the 2016 presidential election, the Trump administration has failed to fill key homeland security posts responsible for preventing another Kremlin assault on the voting system…

It sounds like science fiction, or at least “Ocean’s 11,” but cybersecurity experts are frantically waving their hands, trying to get Americans to see that in foreign capitals, the American voting system just looks like easy opportunity.

Skepticism now, Skepticism tomorrow, Skepticism forever

Recent events are a reminder that we must be eternally skeptical. We need to be especially skeptical of the mainstream media as well as other sources.

Today we add the most recent flurry about the “21 states hacked by Russia before the 2016 election”, and more.  The story continues to fall apart, bit by bit. Yet, we suspect the truth is far from common knowledge.

And an Intercept story by Kim Zetter reviewing a report by Kaspersky Lab Masquerading Hackers Are Forcing a Rethink of How Attacks Are Traced. The title pretty much says it all.  Attribution is difficult, yet often possible.

We need recounts for more than fair elections, for more than Russian risks.

CNN:  For fair elections … can we get a recount?

We should not ignore calls for audits, recounts, and paper ballots just because the motivator for those calls may be simplistic.  There are a multitude  of risks beyond Russians, beyond foreigners, beyond skullduggery. Its not just fairness, it is accuracy and democracy.

States (and foreign governments) moving half way toward verifiable election results

From Governing:  After 2016 Election Hacks, Some States Return to Paper Ballots

The Independent, via VerifiedVoting: Norway: Votes to be counted manually in fear of election hacking

We applaud these developments. Yet, what is needed beyond paper ballots are effective post-election audits, those that verify result and can lead to changing incorrect initial outcomes.  Audits that also verify the accumulation of results across jurisdictions;  Audits that check other aspects of the process as checkin, checkin to ballots counts, and ballot security.

Beware of the Watchdog that does not bark any details

NYTimes story that justifies our skepticism on NC ePollbook story:  In Election Interference, Its What Reporters Didn’t Find That Matters

Among other things, we learned that intelligence agencies had intentionally worded their conclusions to specifically address “vote tallying,” not the back-end election systems—conclusions that were not even based on any in-depth investigation of the state election systems or the machines themselves, but on the accounts of American spies and digital intercepts of Russian communications, as well as on assessments by the Department of Homeland Security—which were largely superficial and not based on any in-depth investigation of the state electionsystems or machines themselves.

As we said in our earlier post: See No Evil, Find No Monkey Business, ePollbook Edition

the simple case is that we now have no reason to trust the claim that it was all a simple software error, that the Federal and State Governments were actually protecting us.

See No Evil, Find No Monkey Business, ePollbook Edition

NPR All Things Considered Russian Cyberattack Targeted Elections Vendor Tied To Voting Day Disruptions

“Voters were going in and being told that they had already voted — and they hadn’t,” recalls Allison Riggs, an attorney with the Southern Coalition for Social Justice.

The electronic systems — known as poll books — also indicated that some voters had to show identification, even though they did not.

Timeline: Foreign Efforts To Hack State Election Systems And How Officials Responded
Investigators later discovered the company that provided those poll books had been the target of a Russian cyberattack…

BradCast DefCon: David Jefferson on hacking of almost every voting machine

As Brad says

Hopefully, what happened in Vegas does not stay in Vegas

We are not so optimistic.  We have a long history of getting excited about voting irregularities and risks, followed by officials and the general public moving on.

Common Sense: Limits on Testing From Turing to Self Driving Cars

At first this may not seem like Common Sense. We have the famous Turing Halting Problem which has some very important consequences for voting which may not, at first, make common sense:

The NEW Rob Georgia

While attention was appropriately aimed at FL and OH respectively in 2000 and 2004, Georgia perhaps remains as the most questionable state for voting integrity in the nation.  Many overlooked the questionable elections there highlighted by Bev Harris in Chapter 11 of Black Box Voting: Rob Georgia, Noun or Verb? <read>

Now we have the story on the vulnerabilities in Georgia in 2017 by Kim Zetter.  Here is her 20 minute interview on yesterday’s Fresh Air: <listen>

And her earlier extensive article at Politico:  Will the Georgia Special Election Be Hacked? <read>

“I was like whoa, whoa. … I did not mean to do that. … I was absolutely stunned, just the sheer quantity of files I had acquired,” he tells Politico Magazine in his first interview since discovering the massive security breach.

As Georgia prepares for a special runoff election this month in one of the country’s most closely watched congressional races, and as new reports emerge about Russian attempts to breach American election systems, serious questions are being raised about the state’s ability to safeguard the vote…

Be careful what you ask for. Georgia has gone from risky to even more questionable as the Secretary of State’s office is taking over the programming of the voting systems from Kennesaw State U. as the Secretary is running for Governor.

Russians not the only threat to our elections

Many articles on the Congressional hearings on the “Russian” hacking or not hacking of our elections.  Brad Friedman and Mark Karlin come closet to my opinions:

Recent article by Mark Karlin referencing Brad Friedman:  Beyond the Russians, Electronic Voting Machines Are Vulnerable to Any Hackers  

Journalists and activists have been sounding the alarm about electronic voting machines and their proprietary software for years. The vulnerability of these machines to hacking has not been front and center for some time — primarily due to the failure of the corporate media and legislative bodies to take it seriously. That changed, to some extent, with the charges about Russian hacking from US intelligence agencies. However, the current emphasis is on the Russians allegedly attempting to influence the 2016 election, not on the flawed electronic voting machines that make hacking possible…

Meanwhile, our Secretary of the State continues to spread myths about the safety of voting systems not connected to the internet and “tamper-proof” seals that are at best “tamper-evident”. 

We add that paper ballots are insufficient.  They need protection from tampering.  We need sufficient audits and recounts.  Audits and recounts that are comprehensive and convincing.  Audits and recounts that are transparent and publicly verifiable.f

Page 1 of 2312345...1020...Last »