Electronic Vulnerability

See No Evil, Find No Monkey Business, ePollbook Edition

NPR All Things Considered Russian Cyberattack Targeted Elections Vendor Tied To Voting Day Disruptions

“Voters were going in and being told that they had already voted — and they hadn’t,” recalls Allison Riggs, an attorney with the Southern Coalition for Social Justice.

The electronic systems — known as poll books — also indicated that some voters had to show identification, even though they did not.

Timeline: Foreign Efforts To Hack State Election Systems And How Officials Responded
Investigators later discovered the company that provided those poll books had been the target of a Russian cyberattack…

BradCast DefCon: David Jefferson on hacking of almost every voting machine

As Brad says

Hopefully, what happened in Vegas does not stay in Vegas

We are not so optimistic.  We have a long history of getting excited about voting irregularities and risks, followed by officials and the general public moving on.

Common Sense: Limits on Testing From Turing to Self Driving Cars

At first this may not seem like Common Sense. We have the famous Turing Halting Problem which has some very important consequences for voting which may not, at first, make common sense:

The NEW Rob Georgia

While attention was appropriately aimed at FL and OH respectively in 2000 and 2004, Georgia perhaps remains as the most questionable state for voting integrity in the nation.  Many overlooked the questionable elections there highlighted by Bev Harris in Chapter 11 of Black Box Voting: Rob Georgia, Noun or Verb? <read>

Now we have the story on the vulnerabilities in Georgia in 2017 by Kim Zetter.  Here is her 20 minute interview on yesterday’s Fresh Air: <listen>

And her earlier extensive article at Politico:  Will the Georgia Special Election Be Hacked? <read>

“I was like whoa, whoa. … I did not mean to do that. … I was absolutely stunned, just the sheer quantity of files I had acquired,” he tells Politico Magazine in his first interview since discovering the massive security breach.

As Georgia prepares for a special runoff election this month in one of the country’s most closely watched congressional races, and as new reports emerge about Russian attempts to breach American election systems, serious questions are being raised about the state’s ability to safeguard the vote…

Be careful what you ask for. Georgia has gone from risky to even more questionable as the Secretary of State’s office is taking over the programming of the voting systems from Kennesaw State U. as the Secretary is running for Governor.

Russians not the only threat to our elections

Many articles on the Congressional hearings on the “Russian” hacking or not hacking of our elections.  Brad Friedman and Mark Karlin come closet to my opinions:

Recent article by Mark Karlin referencing Brad Friedman:  Beyond the Russians, Electronic Voting Machines Are Vulnerable to Any Hackers  

Journalists and activists have been sounding the alarm about electronic voting machines and their proprietary software for years. The vulnerability of these machines to hacking has not been front and center for some time — primarily due to the failure of the corporate media and legislative bodies to take it seriously. That changed, to some extent, with the charges about Russian hacking from US intelligence agencies. However, the current emphasis is on the Russians allegedly attempting to influence the 2016 election, not on the flawed electronic voting machines that make hacking possible…

Meanwhile, our Secretary of the State continues to spread myths about the safety of voting systems not connected to the internet and “tamper-proof” seals that are at best “tamper-evident”. 

We add that paper ballots are insufficient.  They need protection from tampering.  We need sufficient audits and recounts.  Audits and recounts that are comprehensive and convincing.  Audits and recounts that are transparent and publicly verifiable.f

Hacking voting systems is/was easy

Article in the Atlantic summarizes some of the bad news from the last couple of weeks:  There’s No Way to Know How Compromised U.S. Elections Are <read>

So let us not be complacent. Just because you do not understand something, does not mean that hundreds and thousands of others can’t easily hack it.

If [Connecticut] Voting Machines Were Hacked, Would Anyone Know?

NPR story by Pam Fessler:  If Voting Machines Were Hacked, Would Anyone Know?   Fessler quotes several experts and election officials including Connecticut Assistant Secretary of the State Peggy Reeves:

Still, Connecticut Election Director Peggy Reeves told a National Academies of Sciences, Engineering, and Medicine panel on Monday that many local election officials are ill-equipped to handle cybersecurity threats.

“Many of our towns actually have no local IT support,” she said. “Seriously, they don’t have an IT director in their town. They might have a consultant that they call on if they have an issue. So they look to us, but we’re a pretty small division.”

Reeves said the best protection against hackers is probably the fact that the nation’s voting system isso decentralized, with different processes and equipment used in thousands of different locations.

We certainly agree with that and the cybersecurity experts quoted.

How easy would it be to rig the next election? Very Easy

Article at Think Progress: How easy would it be to rig the next election? 

In the popular imagination, this is what election hacking looks like?—?dramatic, national-scale interference that manually rewrites tallies and hands the victory to the outlier. Certainly these attacks may occur. However, they’re only one of a variety of electoral hacks possible against the United States, at a time when hacking attacks are becoming more accessible to threat-actors and nation-state-sponsored attackers are growing more brazen. Yes, hackers may attempt to change the vote totals for American elections?—?but they can also de-register voters, delete critical data, trip up voting systems to cause long lines at polling stations, and otherwise cultivate deep distrust in the legitimacy of election results. If hackers wish to rig a national election, they can do it by changing only small numbers on a state level.

Public Voting Machine Hackathon: Challenge or Sham

The worlds largest democracy has offered the public a chance to hack its unverifiable voting machines.  The details are skimpy, history does not provide confidence, and while it may be a step in the right direction it is ultimately insufficient.  See the article by George Washington University Professor Poorvi Vora: Hacking EVMs: The EC has issued a challenge. It must first accept the challenge it faces

Surprising statements by Denise Merrill and Neil Jenkins

Denise Merrill, Secretary of the State and President of the National Association of Secretaries of State and Neil Jenkins from Homeland Security spoke on NPR on election integrity.  <listen>

We disagree with both their similar statements:

.”Because our system is highly decentralized there’s no way to disrupt the voting process in any large-scale meaningful way through cyber attacks because there’s no national system to attack,” [Merrill] said Tuesday at a hearing before the U.S. Election Assistance Commission on the impact of the critical infrastructure designation.

Jenkins was quoted as saying “having thousands of elections offices each with their own systems making hacking elections nearly impossible”

Page 1 of 2212345...1020...Last »