Announcement

Collapse
No announcement yet.

Election by Hackers

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Election by Hackers

    I'm becoming increasingly alarmed that this election will be decided by hackers. Seem farfetched?

    Remember that hackers only have to penetrate the voting machines in a couple of swing states. And then they only have to manipulate the results of a few counties within those states. That means the number of target systems to attack in order to change the entire outcome of the election is shockingly small.

    I'm not entirely convinced that it didn't happen 4 years ago.
    Kung Wu say, man who read woman like book, prefer braille!

  • #2
    Not farfetched at all. Brownback was re-elected and I can't find three people in this town who voted for him. My son had an issue with the electronic voting machine at the primary, and although the local election officials said it was nothing to worry about, I can see where his vote could have been thrown out.

    Comment


    • #3
      Originally posted by Eric View Post
      Not farfetched at all. Brownback was re-elected and I can't find three people in this town who voted for him. My son had an issue with the electronic voting machine at the primary, and although the local election officials said it was nothing to worry about, I can see where his vote could have been thrown out.
      They don't have to worry so long as they are not connected to the internet. Also, having a good up-to-date endpoint security (i.e. anti-malware software) also helps. The problem is that the bad guys can hide their tracks so well, the malware might get past any endpoint security signatures they might have. As a backup, I would also monitor IP addresses (on computer logs) and tune the SIEM in their SOC (if they have one) to watch for bandwidth spikes on the network (sure sign of exfiltration, unless they're really, really good and not in a hurry). Note that the IP addresses in the Illinois attack have already been traced back to Russia. It looks like the one in Arizona "might" have been stopped, but you can never be sure (remember when the number of compromised identities starting jumping after the state department hack - sometimes it takes the investigators a lot of time to piece together what/how things actually happened).

      Funny that everyone should be concerned about this now, it only seems like it was about 12 years ago that the CEO of Diebold gave Bush a 50K donation and guaranteed he would win. That spooked a lot of liberals at the time. Guess their concern was not as far-fetched

      Comment


      • #4
        His electronic ballot was dated August 5, 2014. He of course questioned it, and the local officials basically said, "Oh, but the candidates, and the races are correct. It'll be fine." Seemed fishy.

        Comment


        • #5
          Originally posted by shocka khan View Post
          They don't have to worry so long as they are not connected to the internet. Also, having a good up-to-date endpoint security (i.e. anti-malware software) also helps. The problem is that the bad guys can hide their tracks so well, the malware might get past any endpoint security signatures they might have. As a backup, I would also monitor IP addresses (on computer logs) and tune the SIEM in their SOC (if they have one) to watch for bandwidth spikes on the network (sure sign of exfiltration, unless they're really, really good and not in a hurry). Note that the IP addresses in the Illinois attack have already been traced back to Russia. It looks like the one in Arizona "might" have been stopped, but you can never be sure (remember when the number of compromised identities starting jumping after the state department hack - sometimes it takes the investigators a lot of time to piece together what/how things actually happened).

          Funny that everyone should be concerned about this now, it only seems like it was about 12 years ago that the CEO of Diebold gave Bush a 50K donation and guaranteed he would win. That spooked a lot of liberals at the time. Guess their concern was not as far-fetched
          You are talking about local governments - the federal government could not even protect their systems that contained Security Clearance Holders data. You have to assume they have been compromised.

          Comment


          • #6
            Originally posted by SB Shock View Post
            You are talking about local governments - the federal government could not even protect their systems that contained Security Clearance Holders data. You have to assume they have been compromised.
            I would call it a partial compromise. The hackers found a way in, they installed the malware, but it was detected (again, according to the news story) BEFORE data was exfiltrated. To me a total compromise would have been if they had been able to exfiltrate data. Also, I'm going to defend those election boards and the System Administrators, as the State Department breach was mostly due to the fact that there were platforms, middleware and applications that were beyond their support life and not adequately patched (I obtained and read a copy of the audit report prepared by the State Department IG for the audit immediately prior to the breach - LOTS of repeat issues). This has more to do with our Congress not approving funding to harden servers and government assets and less to do with inept help. Perhaps the state of Arizona was doing a better job of making sure that the entire infrastructure was managed than our Federal government.

            But not to tilt at windmills, I do agree with your point about being compromised. Until a thorough forensic investigation is completed, no one can say with absolute certainty that they have been compromised, so you have to err of the side of conservatism. One has to assume a compromise has occurred until conclusions are final.

            Jae Johnson (Homeland Security) had a meeting about a month ago with all state election officials and advised them to make sure their endpoint security was up-to-date. He also shared the IP addresses where the attacks originated from (with them - and in a confidential manner) and the instructions were (at least according to the article) that system logs should be scanned for accesses from those IP addresses.

            PS: And I don't know if you were aware, but the University of Tulsa has a nationally recognized computer forensics degree track. I wasn't aware of that for quite sometime, it surprised me that they were so advanced in that area. I know it has little to do with this topic, but I sometimes wish WSU had a degree program in cyber security or computer forensics. I've read nothing that indicates that they have such a program.

            Comment


            • #7
              Originally posted by shocka khan View Post
              I would call it a partial compromise. The hackers found a way in, they installed the malware, but it was detected (again, according to the news story) BEFORE data was exfiltrated. To me a total compromise would have been if they had been able to exfiltrate data. Also, I'm going to defend those election boards and the System Administrators, as the State Department breach was mostly due to the fact that there were platforms, middleware and applications that were beyond their support life and not adequately patched (I obtained and read a copy of the audit report prepared by the State Department IG for the audit immediately prior to the breach - LOTS of repeat issues). This has more to do with our Congress not approving funding to harden servers and government assets and less to do with inept help. Perhaps the state of Arizona was doing a better job of making sure that the entire infrastructure was managed than our Federal government.

              But not to tilt at windmills, I do agree with your point about being compromised. Until a thorough forensic investigation is completed, no one can say with absolute certainty that they have been compromised, so you have to err of the side of conservatism. One has to assume a compromise has occurred until conclusions are final.

              Jae Johnson (Homeland Security) had a meeting about a month ago with all state election officials and advised them to make sure their endpoint security was up-to-date. He also shared the IP addresses where the attacks originated from (with them - and in a confidential manner) and the instructions were (at least according to the article) that system logs should be scanned for accesses from those IP addresses.

              PS: And I don't know if you were aware, but the University of Tulsa has a nationally recognized computer forensics degree track. I wasn't aware of that for quite sometime, it surprised me that they were so advanced in that area. I know it has little to do with this topic, but I sometimes wish WSU had a degree program in cyber security or computer forensics. I've read nothing that indicates that they have such a program.
              BS - I have a letter from the US Government telling me all my data was compromised including my fingerprint data.

              Comment


              • #8
                SB Shock, I am not talking about the State Department breach, I am talking about the state elections department in Arizona specifically being breached.

                We all know the State Department breach was a full compromise with the exfiltration of a whole bunch of data.

                The Illinois state elections board breach was about 200K records (at least so far) and the breach in Arizona appears to have been contained.


                "The Arizona attack was more limited and involved introducing malicious software into the voter registration system, Yahoo News quoted a state official as saying. No data was removed in that attack, the official said."

                Comment


                • #9
                  The system may already be compromised. By us.

                  It's been noted in multiple states that in large urban voting populations, as the votes are counted, the more votes that are counted, the more the count skews toward Republican candidates. It's as if Republican voters have cast their votes in a way to ensure they would be the last votes counted, which is not expected by statistical analysis.

                  The software that counts votes cannot be audited. It is propietary, so anything that might be in there can never be checked. There are laws against outside parties recounting votes to check the accuracy of the count.

                  Kansas passed a law that does allow some auditing of voting records. The Secretary of State gets to pick 2 counties and give access to the paper trail in those elections. As the suspected anomaly in the electronic counting only occurs in large metropolitan areas, such as Wichita and Kansas City, and does not occur in locations with fewer voters, it's a simple matter to pick two counties in western Kansas and let people audit those records to "verify" that the electronic count is accurate.
                  Last edited by Aargh; August 29, 2016, 09:37 PM.
                  The future's so bright - I gotta wear shades.
                  We like to cut down nets and get sized for championship rings.

                  Comment


                  • #10
                    Originally posted by Aargh View Post
                    The system may already be compromised. By us.

                    It's been noted in multiple states that in large urban voting populationsm as the votes are counted, the more votes that are counted, the more the count skews toward Republican candidates. It's as if Republican voters have cast their votes in a way to ensure they would be the last votes counted, which is not expected by statistical analysis.

                    The software that counts votes cannpot be audited. It is propietary, so anything that might be in there can never be checked. There are laws against outside parties recounting votes to check the accuracy of the count.

                    Kansas passed a law that does allow some auditing of voting records. The Secretaru of State gets to pick 2 counties and give access to the paper trail in those elections. As the suspected anomaly in the electronic counting only occurs in large metropolitan areas, such as Wichita and Kansas City, and does not occur in locations with fewer voters, it's a simple matter to pick two counties in western Kansas and let people audit those records to "verify" that the electronic count is accurate.
                    Yes, and Kris Kobach says there is no need to audit the records. This is about a year old, has anything transpired?



                    "Kobach argued the records are not part of the open records act, and said they’re covered under the same issues from a previously rejected lawsuit."

                    Silly me, we should all trust Mr. Kobach, shouldn't we. After all, he gave some sterling advice to the city council in Farmer's Branch, Texas. Farmer's Branch is a suburb of Dallas.



                    So far, including legal fees, it has cost the city of Farmer's Branch the paltry sum of $6 million to defend this worthless ordinance, which, by the way (and according to the article) never saw the light of day (i.e. it was never enforced).

                    I wonder what the people in Derby would think if the city council relied on Mr. Kobach's 'advice' and it cost them $6 million?

                    Perhaps if the people of Kansas retire Mr. Kobach after this election cycle, he could go to work for Hillary Clinton. He has about the same ethical standards.........

                    Comment


                    • #11
                      FB_IMG_1472503137791.jpg
                      There are three rules that I live by: never get less than twelve hours sleep; never play cards with a guy who has the same first name as a city; and never get involved with a woman with a tattoo of a dagger on her body. Now you stick to that, and everything else is cream cheese.

                      Comment


                      • #12
                        Originally posted by shocka khan View Post
                        Yes, and Kris Kobach says there is no need to audit the records. This is about a year old, has anything transpired?
                        Yes. several things have happened. I think it's a final court ruling that says the voting record cannot be audited under state law that existed at the time the lawsuits were brought.

                        Since then the legislature has passed a bill, I believe written by Kobach, that allows an audit of a sampling of election results. The way it works is that Kobach gets to pick 2 counties where the paper records can be compared to the electronic count.
                        The future's so bright - I gotta wear shades.
                        We like to cut down nets and get sized for championship rings.

                        Comment


                        • #13
                          Originally posted by Aargh View Post
                          Yes. several things have happened. I think it's a final court ruling that says the voting record cannot be audited under state law that existed at the time the lawsuits were brought.

                          Since then the legislature has passed a bill, I believe written by Kobach, that allows an audit of a sampling of election results. The way it works is that Kobach gets to pick 2 counties where the paper records can be compared to the electronic count.
                          I think it's funny how people bastardize the term 'audit'.

                          First of all, for it to truly be an audit, the auditor should be able to select the sample. Kobach is selecting the sample, so he is technically designing the testing, which violates IIA, AICPA and most governing board standards regards independence.

                          Secondly, there are 105 counties in Kansas. Unless at least one of the two selected are Johnson, Sedgwick or Shawnee, the sample taken would fail to provide enough coverage to provide comfort as to whether the results were reliable. If the 'sample' included
                          20 items and was judgmentally selected by the auditor, then it would be acceptable. If I were doing the judgmental selection, I would make sure I included at least one populous county, as I'm betting that their underlying process supporting the voting will be different
                          in those counties specifically due to the heavy volume of voters (as opposed to, say Hamilton County, Kansas).

                          This isn't an audit. It's more like the old Johnny Carson 'Carnack the magnificent' routine, where Carnack would 'know' the answer before Ed McMahon read the question.

                          The legislature passed a fig leaf that Kobach is using to cover his privates with.

                          Comment


                          • #14
                            Originally posted by shocka khan View Post
                            SB Shock, I am not talking about the State Department breach, I am talking about the state elections department in Arizona specifically being breached.

                            We all know the State Department breach was a full compromise with the exfiltration of a whole bunch of data.
                            I wasn't talking about the State Department breach. I was talking about the intrusion into Office of Personnel Management's information systems that was not detected for over a year. I think you are missing the point - if these hackers can penetrate the federal government security - the states security will be no match unless they they are still using the chad system. 2nd, if those states are admitting a "partial breach" right now - you can bet it much, much worse. The first thing bureaucrats do is go full CYA to avoid accountability.

                            Comment


                            • #15
                              the only way tpo be safe from hacks is to not be on the Internet.

                              Do you think the possibility of a hack might be a good reason to have total audit capability of the results and have the paper records from the voting machines available to be tallied in case of something unusual showing up in the results? That's what Beth Clarkson (statistician for the National Institute for Aerospace Research) wants in Kansas. Right now we have laws preventing any recount, so if we get hacked, there's nothing we can do.

                              There is one safety measure against being hacked. Be boring. With that in mind , Kansas is pretty much immune from hackers.
                              The future's so bright - I gotta wear shades.
                              We like to cut down nets and get sized for championship rings.

                              Comment

                              Working...
                              X