Categories
Latest News

5 Ways Hackers Could Influence The Election

When Republican presidential nominee Donald J. Trump said he hoped the Russian government had found Hillary Clinton’s 30,000 missing emails, he wasn’t just taking a swipe at his opponent. He highlighted a very real and present danger to our democracy.

While social media users were atwitter about whether or not The Donald had committed treason—for the record, he didn’t—I don’t know if his quasi-seditious braggadocio reveals anything about his loyalty to the country he hopes to represent at home and abroad. Personally, it made me wonder about his fitness to lead a nation daily engaged in cyber military operations that almost certainly make the Stuxnet attack on Iran’s nuclear program look like Day One.

And far more importantly, it made me question whether Trump understands just how serious the threat of hacking is — and that such a lack of understanding could cost him the election.

The Stakes Have Never Been Higher

We now have fresh evidence that suggests Russia (its leader, an apparent fan of the Republican nominee) hacked the DNC, and that another incursion into the computer systems used by Hillary Clinton’s presidential campaign (as well as the Democratic Congressional Campaign Committee) discovered days later also appeared to be the work of a Russian government agency, according to The New York Times.

If the idea of a foreign country influencing the outcome of the 2016 race is both slightly terrifying and gets your patriotic juices flowing, consider that WikiLeaks founder Julian Assange has also suggested he intends to harm Hillary Clinton’s candidacy, also according to the Times.

The problem of hacking with regard to this election, however, is far from contained to espionage for advantage and the caprices of self-proclaimed moral crusaders.

Here are five other ways hacking could influence the election.

1. Hacker Fraud

Currently 25 states accommodate voters who qualify to cast a ballot through either a website or via email. And then there’s online voter registration. Each of these conveniences carries with it the potential for subversion and exploitation.

It’s also worth noting that our most sacred right in this nation does not enjoy protection from Homeland Security. Each state runs its own voting, and cyber security competence is something that varies greatly from state to state.

2. Rigged Voting Machines

Not all states “airgap” their voting machines. Airgapping means the machines are never connected to the Internet, and thus are much harder to compromise.

While there isn’t anything precluding a hacker from attempting to rig a machine one way or another, an article on the left-leaning CounterPunch site, argued that the states where machines are most vulnerable to compromise lean anti-Clinton.

3. Registration Information

When Hollywood Presbyterian Medical Center earlier this year lost access to crucial files to hackers, they had to pay a ransom of $17,000. What happens if a similar attack on a state’s voter information is successful? Here too, Homeland Security has no oversight, and state cyber security protocols vary widely.

4. Campaign Data

As Julian Assange has clearly demonstrated, the incredibly rich, granular and varied personal information that political campaigns collect to better target potential voters is not sufficiently protected from outside malefactors.

5. Voter Suppression

One thing that hackers do particularly well is spam, and doubtless there are numerous email lists that target particular demographics in crucial voting districts. All that needs to happen here is a little misinformation: maybe the spam says your polling station is closed, or due to a terrorist threat there may be delays. It doesn’t take much to discourage potential voters.

Is This a Job for Homeland Security?

With both candidates receiving daily intelligence briefings, it seems like a good time to wonder out loud about the security of that information, since strategies and messaging based on it will almost certainly be emailed among campaign staff and stored on campaign servers.

While there is wisdom in the states controlling their own voting systems that finds its origins in our Constitution, there is also a new threat out there. And while I’m not sure it makes sense to put voting under the control of a federal entity, it might benefit from greater oversight.

As Stewart Baker, a former top guy at Homeland Security and the National Security Administration said recently regarding the cyber threat in this election: “It’s hanging chads weaponized.”

Source: http://www.huffingtonpost.com/adam-levin/5-ways-hackers-could-infl_b_11325584.html

Categories
Latest News

Voting machine password hacks as easy as ‘abcde’, details Virginia state report

Touchscreen voting machines used in numerous elections between 2002 and 2014 used “abcde” and “admin” as passwords and could easily have been hacked from the parking lot outside the polling place, according to a state report.

The AVS WinVote machines, used in three presidential elections in Virginia, “would get an F-minus” in security, according to a computer scientist at tech research group SRI International who had pushed for a formal inquiry by the state of Virginia for close to a decade.

In a damning study published Tuesday, the Virginia Information Technology Agency and outside contractor Pro V&V found numerous flaws in the system, which had also been used in Mississippi and Pennsylvania.

Jeremy Epstein, of the Menlo Park, California, nonprofit SRI International, served on a Virginia state legislative commission investigating the voting machines in 2008. He has been trying to get them decertified ever since.

Anyone within a half mile could have modified every vote, undetected, Epstein said in a blog post. “I got to question a guy by the name of Brit Williams, who’d certified them, and I said, ‘How did you do a penetration test?’” Epstein told the Guardian, “and he said, ‘I don’t know how to do something like that’.”

Reached by phone, Williams, who has since retired, said he did not recall the incident and referred the Guardian to former colleagues at Kennesaw State University who have taken over the certification duties he used to perform for Virginia and other states.

“You could have broken into one of these with a very small amount of technical assistance,” Epstein said. “I could teach you how to do it over the phone. It might require an administrator password, but that’s okay, the password is ‘admin’.”

Bypassing the encrypted WEP wireless system also proved easy. The password turned out to be “ABCDE”, according to the state’s security assessment – and getting the password “would take a few minutes and after that you don’t need any tools at all”, said Epstein.

The commission that stripped the machines of certification also found that the version of Windows operating on each of them had not been updated since at least 2004, that it was possible to “create and execute malicious code” on the WINVote and that “the level of sophistication to execute such an attack is low”.

The WINVote machine, manufactured by Advanced Voting Solutions, a now-defunct Texas company, has been under siege by Epstein and others for years; the units have been used in at least two dozen elections across the state. Mississippi and Pennsylvania stopped using them several years ago. Epstein said it is likely no one will ever know whether or not they were tampered with.

“There are no logs kept in the systems,” Epstein said. “I’ve examined them.” In order to determine anything about the machines’ histories, in fact, a very high level of technical sophistication would be required, on a level with the FBI looking at images of deleted files on a suspect’s hard drive.

“Bottom line is that if no Virginia elections were ever hacked (and we have no way of knowing if it happened), it’s because no one with even a modicum of skill tried,” Epstein wrote on his blog.

 

Source: http://www.theguardian.com/us-news/2015/apr/15/virginia-hacking-voting-machines-security