Tag: Hacking Elections

Republicans Vote Against Funding Election Security

The Daily Escape:

Palacio del Segundo Cabo, Havana Cuba. Built in 1772, it was the royal post office. 2018 photo by Nestor Marti for Smithsonian Magazine

Are Republicans committed to free and fair elections? Maybe not. Republicans in the Senate had a chance to say “yes” on August 1st, when an amendment adding funding for election security failed to pass.

With all the cross talk about election meddling, you could be forgiven if you think that our very democracy may be under threat. But when given a chance to take a concrete step, adding $250 million to help confront this challenge, the Republican majority in the Senate said no. From The Hill:

Senators voted 50-47 against adding an amendment from Sen. Patrick Leahy (D-VT) that would have provided the funding. Sixty votes were needed to include the proposal in the appropriations legislation under Senate rules. Sen. Bob Corker (R-TN) was the only GOP senator who voted in support of the amendment to an appropriations measure. The proposal, spearheaded by Leahy, would have provided $250 million for state election security grants.

How is this a partisan issue? Doesn’t every American want to protect our electoral system? Republicans argued that more funding wasn’t needed, that states haven’t yet spent the $380 million previously approved by Congress. Sen. James Lankford (R-OK) said it was “far too early” for the Senate to sign off on more money:

We don’t know how the first $380 million has even been spent, and the intelligence committee did an extensive research on how much money was needed and the $380 million amount was what was needed for the moment.

Sounds reasonable. If only there were some sort of accounting system that allowed you to find out how much was spent, and what the remaining need might be. And yet, not knowing where the Pentagon spends its money hasn’t stopped Congress from giving them even more than they asked for.

Surprising what expenditures cause the GOP to develop fiscal responsibility. They just gave $12 billion to bailout America’s farmers. They happily voted to create a $1 trillion deficit with their corporate tax cuts. Trump wants to add another $100 billion in tax cuts, because more has to be better.

But with an expenditure designed to head off a possible vote heist, that’s when America needs more fiscal accountability.

We’ve learned that Russian cyber warriors already have targeted the re-election campaign of Sen. Claire McCaskill, (D-MO), and that Facebook closed 32 accounts because they exhibited behavior similar to that of accounts belonging to Russian hackers. Facebook said that more than 290,000 accounts followed at least one of the fake pages.

Our electoral legitimacy crisis is real. We are witnessing a slow-moving insurrection driven by the Republicans, the Citizens United decision, Koch operatives, Evangelicals, Russian cyber hacks, along with determined vote suppression by Republican state legislatures. All are working to make your vote less valuable. Republicans have been trying for years to destroy the value of your vote with voter suppression and gerrymandering.

If the Russians want to help them, the GOP seems to be OK with that, too.

From Charlie Pierce: (emphasis by Wrongo)

The only reason to vote against this bill is because you don’t want the money spent to confront the crisis. States can’t do this alone—and too many of them are controlled by people who don’t want the job in the first place….The idea that we’re nickel-and-diming this particular problem as what can only be called an anti-democratic epidemic rages across the land is so preposterous as to beggar belief. We are febrile and weak as a democratic republic. Too many people want to keep us that way.

The only thing that can save us is TURN-OUT this fall.

Kiss our democracy good-bye if you stay home!

Facebooklinkedinrss

Hackers Break Into Our Voting Machines

The Daily Escape:

London, England

Nobody knows whether the Russians hacked the 2016 presidential election. One thing on which there seems to be broad agreement is that no foreign power was able to change the actual vote totals, since we have 192,480 precincts in the US. And we use so many different vote collection and vote processing technologies throughout the country, hacking would be very difficult.

Over the weekend at Def Con, a convention of hackers held in Las Vegas, hackers managed to break into many different US electronic voting systems, taking control of some of them in less than 90 minutes. The hackers successfully broke in through the voting system hardware, or through wireless communication. From The Hill:

…[the hackers] at the annual DEF CON in Las Vegas were given physical voting machines and remote access…[and] within minutes, hackers exposed glaring physical and software vulnerabilities across multiple US voting machine companies’ products. Some devices were found to have physical ports that could be used to attach devices containing malicious software. Others had insecure Wi-Fi connections, or were running outdated software with security vulnerabilities like Windows XP.

By the end of the weekend, every one of the 30 machines, including those used to tabulate votes and to check voters in when they go to the polls, had been hacked. The Telegraph reported that:

They purchased 30 different election machines from a US Government auction…

Who knew you can buy these voting machines at a US government auction? Is there a legitimate purpose for them after they’ve been decommissioned? Isn’t this a way for hackers to study the weaknesses in these machines, and maybe figure out a way to hack ones that are currently in use? This is where penetration testing becomes so important. Ethical hackers (penetration testers) carry out scans to filter out potentially exploitable vulnerabilities. They attempt to exploit the vulnerabilities in a system to determine whether it is possible to hack in to get unauthorized access. Find out more at https://www.synack.com/blog/penetration-testing-vs-vulnerability-scanning/. This could have been used with these decommissioned voting machines, although perhaps just not selling them would have been easier.

The idea that electronic voting machines could be hacked has been around for a while. Computer programmer Harri Hursti, hacked into Diebold voting machines in 2005. That hack is now known as the “Hursti Hack“. Electronic voting machines require regular software security updates. Updates lead to a re-do of each state’s voter machine certification process, which can cost over $1 million to complete.

Gizmodo reports that even though the most recent election security standards were released in 2015, most state’s machines are only compliant with standards from 2002 because of the costs of updates. That cost breaks down to about $30-$40 per voter, and most states just don’t have the money.

OTOH, a hack of the last presidential election would have only needed to change the votes in three states (Wisconsin, Michigan, and Pennsylvania) to be successful in changing the result. And the absolute margin of victory in each of those states was small enough that it could have been accomplished without accessing all polling places. Still, no credible group is saying hacking on that scale occurred in 2016.

It is glib to suggest that the answer is to use paper ballots. With upwards of 150 million votes to count, that would require a huge number of volunteers. It begs the question of what method of “auditing” the count will be used, and who will perform it.

If we persist in electronic voting, those states would need to adopt a comprehensive sampling methodology for the machines before results can be certified. This would mean that we simply can’t accept using machines that don’t provide a paper trail, or a way to audit their vote tally.

We need to remember that we call the winners based on initial uncertified vote tallies. Before we know it, someone has conceded while we’re still counting votes. Hillary Clinton’s popular vote margin grew for about a month after the 2016 election as more and more votes were counted, even though it had no bearing on the Electoral College.

For the presidency, the federal government could specify that states that can’t certify their results up to a pre-set federal standard of accuracy, using a pre-set methodology, wouldn’t be allowed to cast votes in the Electoral College. This would pressure the states to put in better protections against hacking.

Finally, the federal government should pay for any required upgrades.

Continuing Wrongo’s tour of music by old guys, here is “Why Worry” from a 1986 PBS recording by Chet Atkins, the Everly Brothers, Mark Knopfler, and Michael McDonald. This song was written by Mark Knopfler for The Everly Brothers, and it beautifully demonstrates their unique harmony:

https://www.youtube.com/watch?v=CkFcQRiFL68

Those who read the Wrongologist in email can view the video here.

Facebooklinkedinrss

Our Election System Is Under Threat

The Daily Escape:

The Dark Hedges near Ballymoney, County Antrim, Northern Ireland. (Featured in the Game of Thrones as the King’s Road) – photo by Colin Park

America is also walking down a dark path. We need to work on the integrity of our election process. From the WSJ:

To understand the scale of the hacking attempts against election systems in the 2016 presidential election, consider South Carolina. On Election Day alone, there were nearly 150,000 attempts to penetrate the state’s voter-registration system, according to a postelection report by the South Carolina State Election Commission.

If hackers were that persistent against a state that President Donald Trump won with 54.9% of the vote, what did they try to do in the states that were in play? Quite a bit, it turns out. More from the WSJ: (emphasis by the Wrongologist)

In harder-fought Illinois, for instance, hackers were hitting the State Board of Elections “5 times per second, 24 hours per day” from late June until Aug. 12, 2016, when the attacks ceased for unknown reasons, according to an Aug. 26, 2016, report by the state’s computer staff. Hackers ultimately accessed approximately 90,000 voter records, the State Board of Elections said.

The next day, Illinois temporarily took its voter-registration database and public-facing website offline. No records were altered, according to the state, and the issue was resolved before Election Day. The hackers haven’t been identified.

Many hackers, including state-sponsored ones, use automated programs to target hundreds or even thousands of computers to check for vulnerabilities. All of this is done by bots. This happens to ALL websites, (including Wrongo’s) not just to election systems. Confirming intrusions can be difficult, even if intrusion detection technology is deployed. But many municipalities and counties have not deployed it, since it can be very expensive.

Time Magazine reported that the number of actual successful intrusions in the 2016 election cycle, where hackers gained sufficient access to attempt to alter, delete or download any information, was “fewer than a dozen”.

The tally of hacking (or attempted hacking) into state election databases was widespread in the 2016 election. Jeanette Manfra, acting deputy undersecretary for cyber-security and communications at the Department of Homeland Security, said at a Senate Intelligence Committee hearing last month:

There is evidence that 21 states were targeted by hackers

From the NYT:

By 2020, cyberattacks could try to alter or erase voter registration databases…or do something else to interfere with actual voting on Election Day…public confidence in the fairness of our electoral process could decrease further, even if the hacks are unsuccessful, as incendiary and unsupported claims about voter fraud, cheating and altered vote totals spread via social media.

America needs to start from the premise that one state’s (any state’s) insufficient protections against hacking in presidential elections affects us all. From mobile device management to company firewalls, companies like Fleetsmith can provide cybersecurity to numerous companies, protecting them from hackings and it’s time for the US government to follow in their footsteps and do the same, otherwise, there may be detrimental impacts. Protecting government databases is critical and needs to be done yesterday. From Wrongo’s experience as a former provider of outsourced services to both state and federal governments, it is clear that the IT staff at many government agencies lack the expertise or budgets to harden the electoral system against attacks.

We have been discussing the hacking of the voter databases, not vote results. These databases have little to do with the actual vote tallies in a given election. But if the US developed one giant database that recorded everyone’s votes along with names, addresses, and SSNs, people’s identities could be stolen.

Unfortunately, that’s exactly what Trump’s Presidential Advisory Commission on Election Integrity plans to build. Nearly all states have said that they will not comply with the commission’s request for voter data. When the winners of one election cycle try to pick the rules, referees and judges for the next cycle, it’s clearly a system at risk of shutting out true democratic input.

The story of possible Russian hacking in our 2016 election, and the possible Trump family involvement in the Russian efforts diverts our attention from the real story, which is that cyber security in the US is a gaping vulnerability.

It threatens our security, our economy and our democracy.

We need a musical break. Over the weekend, there was a two-day Rock concert at Dodger Stadium in Los Angeles called “Classic West”. Many old groups performed over two days. Here, we focus on the Eagles, who played with the son of the late Eagle, Glenn Frey. His 23 year-old son Deacon Frey stood in for his legend of a father, in front of 50k fans, who accepted him as part of the family. It was a fitting tribute. The Eagles also added Vince Gill, who sang “Take It to the Limit“, and “Lyin’ Eyes“. But here is Deacon Frey delivering an emotional moment on “Take It Easy“:

https://www.youtube.com/watch?v=ZQCFwL3uoPE

Those who read the Wrongologist in email can view the video here.

Facebooklinkedinrss