Author: Luther Weeks

Here’s How Russia May Have Already Hacked the 2018 Midterm Elections

New article from Newsweek: Here’s How Russia May Have Already Hacked the 2018 Midterm Elections  <read>

They are talking about PA, but the same could apply to Connecticut:

Even though Bucks County’s Shouptronics aren’t wired, hackers have several ways of compromising them. The most direct and effective way would be to replace a computer chip in the machine that holds instructions on what to do when voters press the buttons with one that holds instructions written by hackers.

New article from Newsweek: Here’s How Russia May Have Already Hacked the 2018 Midterm Elections  <read>

They are talking about PA, but the same could apply to Connecticut:

Even though Bucks County’s Shouptronics aren’t wired, hackers have several ways of compromising them. The most direct and effective way would be to replace a computer chip in the machine that holds instructions on what to do when voters press the buttons with one that holds instructions written by hackers. When this chip is working properly, it ensures that a voter who presses the button next to Mary Smith’s name actually registers a vote for Mary Smith. A hacked chip could be programmed to add that vote to the rival’s tally instead. Or, to avoid detection, it might switch only one in five votes for Mary Smith to her rival.

Or it could simply fail to register a vote for either candidate. This technique is called “undervoting,” because it implies that the voter chose to not vote for either candidate, which voters sometimes do. To further avoid pre- and post-election tests, the hacked chip could be programmed to behave perfectly correctly for an hour or so on election morning, when pre-­election testing is typically done, and also to stop misbehaving just before voting ends, so post-election testing won’t turn anything up.

Swapping a chip would require physical access to the machines, ­either sometime before November 6 or on Election Day itself.

But the Government has assured us that no actual voting machine hacks were discovered after the 2016 election?

It’s possible the Russians ­perfected their attacks on electronic voting ­machines in the 2016 election without tipping their hand. No such ­attacks have been documented—but then again, nobody’s looked. “As far as I know, exactly zero machines were forensically tested after the elections,” says cybersecurity expert Alex Halderman, a computer science and engineering professor at the University of Michigan. In other words, we have no way of knowing if voting machines in Bucks County and other vulnerable counties with tight races for House seats are already primed to report phony results ordered up by Russian intelligence officers.

At least in CT we have paper ballots, if we protect and exploit them sufficiently. That is a big if.

Do Connecticut’s Tamper-“Evident” Seals Protect Our Ballots?

Experts and amateurs have long claimed that so called, tamper-evident seals are easy to defeat.

Experts and amateurs have long claimed that so called, tamper-evident seals are easy to defeat.
See Security Theater: Scary! Expert Outlines Physical Security Limitations.

Matt Bernhard has provided a video showing one easy method of compromising the seals commonly in use in Connecticut. Those that seal perhaps 90% of our ballots and optical scanners:

As Matt says there is a small possibility someone could detect the resealing. I doubt it would happen and if it did it would be doubted. There are no seal protocols in Connecticut.

There is more explanation in a similar video Matt did earlier with a bit different seal:

Don’t worry the bad guys, expert and amateur, have other ways as well. We are not helping them. We are informing those that feel our ballots are secure.

PS: Most voted ballots in Connecticut are sealed in bags or plastic boxes and stored where they can be accessed by multiple single individuals for hours, undetected.

Email and Internet Voting: The Overlooked Threat to Election Security

New report Email and Internet Voting: The Overlooked Threat to Election Security

This report reviews the research that has been conducted by the federal government concluding that secure online voting is not yet feasible…

States that permit online return of voted ballots should suspend the practice.

New report Email and Internet Voting: The Overlooked Threat to Election Security <read>

This report reviews the research that has been conducted by the federal government concluding that secure online voting is not yet feasible…

Until there is a major technological breakthrough in or fundamental change to the nature of the internet, the best method for securing elections is a tried-and-true one: mailed paper ballots. Paper ballots are not tamper-proof, but they are not vulnerable to the same wholesale fraud or manipulation associated with internet voting. Tampering with mailed paper ballots is a one-at-a-time attack. Infecting voters’ computers with malware or infecting the computers in the elections office that handle and count ballots are both effective methods for large-scale corruption.

Military voters undoubtedly face greater obstacles in casting their ballots. They deserve any help the government can give them to participate in democracy equally with all other citizens. However, in this threat-filled environment, online voting endangers the very democracy the U.S. military is charged with protecting.

Considering current technology and current threats, postal return of a voted ballot is the most responsible option. States that permit online return of voted ballots should suspend the practice.

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

Often, as a computer scientist, I forget that what a very small minority know that becomes almost intuitive, is far from obvious to others approaching magic, a deluded conspiracy, or amateur science fiction.

Any sufficiently advanced technology is indistinguishable from magic. – Arthur C. Clarke
This article from Bloomberg News is a case in point.

Often, as a computer scientist, I forget that what a very small minority know that becomes almost intuitive, is far from obvious to others approaching magic, a deluded conspiracy, or amateur science fiction.

Any sufficiently advanced technology is indistinguishable from magic. – Arthur C. Clarke
This article from Bloomberg News is a case in point. When I tell many election officials that voting machines not connected to WiFi remain unsafe, I am greeted with dismissive looks of unbelief. The conversation ends quickly as they walk away, eager to put space between themselves and this crazy person. The truth is we do not know what is running inside Connecticut’s AccuVote-OS scanners. Is there some rogue code or portion of a chip there from the beginning? During maintenance did an LHS employee replace one chip with a rogue chip indistinguishable from the original?  Was a chip replaced by a lowly or high-level town employee, undetected – perhaps not even a technical novice, but one who has been threatened into the deed?
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies – The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources. <read>

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers…

This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get…

One official says investigators found that it eventually affected almost 30 companies, including a major bank, government contractors, and the world’s most valuable company, Apple Inc.

We do not know if any of these motherboards are used for any election equipment – voting equipment, election web sites,voter registration systems, or election reporting systems.  Yet, the point is this or a similar stealth attack could be lie in wait today or be installed soon in existing or new equipment.

The Crisis in Election Security by Kim Zetter

The feature in the NYTmes Magazine by Kim Zetter:  The Crisis of Election Security – As the midterms approach, America’s electronic voting systems are more vulnerable than ever. Why isn’t anyone trying to fix them? <read>  The article is a sad summary of where are and how we got here.

Two years later, as the 2018 elections approach, the American intelligence community is issuing increasingly dire warnings about potential interference from Russia and other countries, but the voting infrastructure remains largely unchanged…How did our election system get so vulnerable, and why haven’t officials tried harder to fix it? The answer, ultimately, comes down to politics and money: The voting machines are made by well-connected private companies that wield immense control over their proprietary software, often fighting vigorously in court to prevent anyone from examining it when things go awry.

 

 

The feature in the NYTmes Magazine by Kim Zetter:  The Crisis of Election Security – As the midterms approach, America’s electronic voting systems are more vulnerable than ever. Why isn’t anyone trying to fix them? <read>

Zetter is the leading author/investigative reporter on electronic security, author of Countdown to Zero Day (STUXNET). The article is a sad summary of where are and how we got here.

Two years later, as the 2018 elections approach, the American intelligence community is issuing increasingly dire warnings about potential interference from Russia and other countries, but the voting infrastructure remains largely unchanged. D.H.S. has now conducted remote-scanning and on-site assessments of state and county election systems, but these are still largely Band-Aid measures applied to internet-facing servers. They don’t address core vulnerabilities in voting machines or the systems used to program them. And they ignore the fact that many voting machines that elections officials insist are disconnected from the internet — and therefore beyond the reach of hackers — are in fact accessible by way of the modems they use to transmit vote totals on election night. Add to this the fact that states don’t conduct robust postelection audits — a manual comparison of paper ballots to digital tallies is the best method we have to detect when something has gone wrong in an election — and there’s a good chance we simply won’t know if someone has altered the digital votes in the next election.

How did our election system get so vulnerable, and why haven’t officials tried harder to fix it? The answer, ultimately, comes down to politics and money: The voting machines are made by well-connected private companies that wield immense control over their proprietary software, often fighting vigorously in court to prevent anyone from examining it when things go awry.

I would add that even machines not connected to the Internet or wireless are still quite vulnerable as articulated by Zetter in Countdown to Zero Day.

 

 

Merrill: “likely to increase audits”

Merrill said her office will likely also increase its audits. Currently it randomly selects voting precincts to have primary results audited following elections; five percent of polling places that use optical scan machines are subject to the audit, as prescribed by Connecticut General Statutes 9-320f. Those counts are then matched against vote totals from optical scan machines.

 

From Westfair an extensive interview with Secretary of the State Denise Merrill on security improvements  CT ramping up cybersecurity efforts ahead of election – but will it be enough? <read>

Merrill said her office will likely also increase its audits. Currently it randomly selects voting precincts to have primary results audited following elections; five percent of polling places that use optical scan machines are subject to the audit, as prescribed by Connecticut General Statutes 9-320f. Those counts are then matched against vote totals from optical scan machines.

We will applaud any substantial changes to improve the audits.  There are many weaknesses in the current law and in its execution. <Citizen Audit’s latest report>

Philosopher: Some Conspiracy Theories are all too real

Yesterday’s conspiracy theories often become today’s incontrovertible facts…

[Conspiracy Theory is] a function similar to that served by the term “heresy” in medieval Europe…One bad effect of these terms is they contribute to a political environment in which it’s easier for conspiracy to thrive at the expense of openness. Another bad effect is their use is an injustice to the people who are characterised as conspiracy theorists…

.

We have talked of this before. We all believe conspiracy theories. Some are true, some are false, many are judged legitimate or false without investigation. You may be judged a dreaded ‘Conspiracy Theorist’ if you openly suspect a conspiracy not openly supported by the government and the corporate media.  A new article add some significant straight talk to the discussion.

From David Coady at the Conversation: We Shouldn’t Assume All ‘Conspiracy Theories’ Are False — Some Are All Too Real (“Conspiracy theories” are presumed to be, by definition, untrue.)  <read>

Yesterday’s conspiracy theories often become today’s incontrovertible facts…

To characterise a belief as a conspiracy theory is to imply it’s false. More than that, it implies people who accept that belief, or want to investigate whether it’s true, are irrational.

On the face of it, this is hard to understand. After all, people do conspire. That is, they engage in secretive or deceptive behaviour that is illegal or morally dubious.

Conspiracy is a common form of human behaviour across all cultures throughout recorded time, and it has always been particularly widespread in politics.

Virtually all of us conspire some of the time, and some people (such as spies) conspire virtually all of the time. Given people conspire, there can’t be anything wrong with believing they conspire. Hence there can’t be anything wrong with believing conspiracy theories or being a conspiracy theorist…

[Conspiracy Theory is] a function similar to that served by the term “heresy” in medieval Europe. In both cases these are terms of propaganda, used to stigmatise and marginalise people who have beliefs that conflict with officially sanctioned or orthodox beliefs of the time and place in question…

One bad effect of these terms is they contribute to a political environment in which it’s easier for conspiracy to thrive at the expense of openness. Another bad effect is their use is an injustice to the people who are characterised as conspiracy theorists…

When professional psychologists imply these terms it can constitute a form of gaslighting; that is, a manipulation of people into doubting their own sanity.

the Myth of “Secure” Blockchain Voting

From David Jefferson at Verified Voting: Verified Voting Blog: The Myth of “Secure” Blockchain Voting <read>

Internet voting has been studied by computer security researchers for over twenty years. Cyber security experts universally agree that no technology, including blockchains, can adequately secure an online public election. Elections have unique security and privacy requirements fundamentally different from and much more stringent than those in other applications, such as e-commerce. They are uniquely vulnerable because anyone on Earth can attack them, and a successful cyberattack might go completely undetected, resulting in the wrong people elected with no evidence that anything was amiss….

Election security is a matter of national security. Blockchains, despite all the hype surrounding them, offer no defense against any of these well-known threats to which all online elections are vulnerable.

From David Jefferson at Verified Voting: Verified Voting Blog: The Myth of “Secure” Blockchain Voting <read>

Several startup companies have recently begun to promote Internet voting systems, but with a new twist – using a blockchain as the container for voted ballots transmitted over the Internet from the voter’s private device. Blockchains are a relatively new system category a little akin to a distributed database. Proponents of blockchain voting promote it as a revolutionary innovation providing strong security guarantees that enable truly secure online elections. Unfortunately, these claims are false. Blockchains do not offer any real election security at all.

Internet voting has been studied by computer security researchers for over twenty years. Cyber security experts universally agree that no technology, including blockchains, can adequately secure an online public election. Elections have unique security and privacy requirements fundamentally different from and much more stringent than those in other applications, such as e-commerce. They are uniquely vulnerable because anyone on Earth can attack them, and a successful cyberattack might go completely undetected, resulting in the wrong people elected with no evidence that anything was amiss.

There are many foundational computer security problems that must be solved before we can safely conduct elections online, and we are not close to solving any of them. The use of blockchains does not even address these problems. Here are just a few:

  • No reliable voter identification: There is no foolproof way of determining exactly who is trying to vote remotely through the Internet. All known and proposed methods have grave weaknesses, and blockchains do not address the issue at all.
  • Malware: The voter’s device may be infected by a virus or counterfeit app that could change votes even before they are even transmitted, or it may silently discard the ballot, or send the voter’s name and vote choices to a third party, thereby enabling coercion, retaliation, vote buying and selling, or pre-counting of votes, all undetectably. Blockchains cannot address malware.
  • Denial of service attacks: A server can be overwhelmed with fake traffic from a botnet so that real ballots cannot get through. Blockchains as proposed for elections use multiple redundant servers, but they offer no additional protection against denial of service attacks beyond what is achievable with a conventional system having the same aggregate communication capacity.
  • Penetration attacks: No servers, including blockchain servers, are immune to remote penetration and surreptitious takeover by determined sophisticated attackers. Even though blockchains use multiple servers, if attackers can disable or gain control of more than 1/3 of them they can totally disrupt or control the outcome of the election.
  • Nonauditability: Online voting systems, including blockchain systems, do not allow for the kind of true, voter-verified paper ballot backup that is necessary for a meaningful recount, audit, or statistical spot check. Thus, the most powerful and common-sense tools we have for protection against cyberattack are unavailable.

Election security is a matter of national security. Blockchains, despite all the hype surrounding them, offer no defense against any of these well-known threats to which all online elections are vulnerable. National rivals like Russia have demonstrated a capacity and willingness to interfere with our electoral processes and would have no difficulty disrupting or undermining a blockchain election. In this era of ubiquitous cyber threats, it is reckless and irresponsible to introduce any kind of online voting in the U.S.

We emphasize that these are just a few of the problems. We especially note that any online voting system must be subject to a comprehensive, truly independent security review followed by sufficient open public testing. The current proposed system in West Virginia is touted publicly, yet its details and alleged security review are secret. Unlike Bitcoin that itself has proven vulnerable, the West Virginia system is apparently not open to the public to participate in holding the blockchain.

Deputy Scott Bates Selects 36 Districts for Audit

On Thursday Deputy Secretary of the State Scott Bates selected 36 districts for the post-primary audit.<press release with selected districts>

Departing from past practice, the Official Audit Procedures, and the law as it has always been interpreted, the Deputy selected three statewide races from each party to be audited in their respective primaries and then selected only one party primary to be audited in each district. The Official Audit Procedures, and the law indicate that 5% of the districts in each primary be audited with a minimum of 20% of the races randomly selected by the municipal clerk from all races on each ballot.

On Thursday Deputy Secretary of the State Scott Bates selected 36 districts for the post-primary audit.<press release with selected districts>

Departing from past practice, the Official Audit Procedures, and the law as it has always been interpreted, the Deputy selected three statewide races from each party to be audited in their respective primaries and then selected only one party primary to be audited in each district. The Official Audit Procedures, and the law indicate that 5% of the districts in each primary be audited with a minimum of 20% of the races randomly selected by the municipal clerk from all races on each ballot.

Israeli Firm Proves Our Point: Fax is as risky as Online Voting

As we have been saying for years, Online/Internet voting risks include email and fax voting.
<Since 2008>

Story today in the Washington Post:
Report: Hackers Target Fax Machines
Phone Line Connected To Computer Network Can Offer Access

As we have been saying for years, Online/Internet voting risks include email and fax voting.
<Since 2008>

Story today in the Washington Post:

Report: Hackers Target Fax Machines

Phone Line Connected To Computer Network Can Offer Access
By MIRANDA MOORE Washington Post

The fax machine is widely considered to be a dinosaur of inter-office communications, but it may also present a vulnerable point where hackers can infiltrate an organization’s network, according to a new report from Israel-based software company Check Point. The company said that the vulnerability was identified as a result of research intended to discover potential security risks, and not as the result of any attack.

Hackers can gain access to a network using the phone line connected to a fax machine, which is often connected to the rest of an organization’s network. By sending an image file that contains malicious software over the phone line, hackers are able to take control of the device and access the rest of the network. The researchers were able to do this using only a fax number, which is often widely distributed by organizations on business cards and websites.
The report estimates that there are more that 17 million fax machines in use in the United States alone. The legal and medical fields both continue to rely heavily on fax machines to conduct business, since they are widely considered to be a more secure form of transmitting sensitive information and signatures compared to email. Banking and real estate also frequently transfer documents containing signatures via fax.

With the advent of all-in-one products that include fax functions as well as printing and scanning, fax machines may be more prevalent in homes and office than people realize. This particular vulnerability only applies if such a machine is connected to a telephone line, however.

The only machines tested were from HP’s line of all-in-one printers, but according to the report, these vulnerabilities are likely to be found in machines from any manufacturer that use similar technology. HP issued a patch for its products before the report was published, which is available for download from its support website.

The report advises that if a fax machine is too old to support a software update, or if the manufacturer has yet to issue a patch to fix the vulnerability, fax capabilities should be used only on a segmented part of the network without access to critical data. The report also advises that the phone line connected to an all-in-one type machine should be disconnected if a user or organization does not use the fax functions.