Election Hacking Thread

Pet_Proletariat · April 20, 2018, 3:26am

This thread was originally titled: How the Vote Hacking Was Done at DefCon25

But it’s become more about election hacking in general, so I changed the title. Enjoy.

The White Hats over at AlienVault provide a play by play of how they were able to hack the ExpressPoll 5000 a voter registry lookup device that is supposed to allow election workers to verify voters in a precinct, and print voting cards at the polling station.

They conclude that “All it would take is one naive or malicious poll worker, at any level, to compromise an election in this fashion.”

Since DefCon25, Wired Magazine released this list of recommendations.

Now this all seems like bad news and it is, but it gets worse, in January the House moved to eliminate the commission overseeing voting system security called the Election Assistance Commission or EAC even though the Department of Homeland Security in the same month, designated election systems as “critical infrastructure”

Here is H.R.634 - Election Assistance Commission Termination Act in it’s entirety.

We need to start a major push to secure our voting infrastructure, this is clearly a nonpartisan issue and an essential part of preserving our democracy.

matt · August 8, 2017, 8:10pm

This stuff is fascinating. It’s rare for voting machines to get out into the wild for this kind of testing, let alone 30 of them…

matt · August 8, 2017, 9:39pm

that’s incredible.

adfaklsdjf · August 9, 2017, 12:53am

I have to laugh so I don’t cry.

These were some hackers messing around in their free time. A targeted state-sponsored program could easily and massively tamper with the vote with these glaring flaws. It makes me wonder: how could it not have happened?

celena · August 9, 2017, 9:13am

Wow that is completely terrifying.

adfaklsdjf · August 31, 2017, 2:44pm

Attempting to address this subject in a slightly more “positive” manner… by “positive” I mean speaking in terms of what should be done rather than simply complaining about the way things are right now…

It’s worth noting that information security professionals more or less universally agree that voting shouldn’t be done electronically at all. Technology is just too problematic.

https://www.youtube.com/watch?v=w3_0x6oaDmI

(I know, I know… “electronic voting bad” is still kind of “negative” framing…)

Pet_Proletariat · September 1, 2017, 5:25pm

Wait what?! From the Times

Pet_Proletariat · October 10, 2017, 6:11am

Update from Politico, official report coming Tuesday.

Pet_Proletariat · October 10, 2017, 11:43pm

Defcon 25 full report on voting machine hacking. Have a glass of something pleasant before you read this one.

celena · October 11, 2017, 4:53am

So what do you think the likelihood is that this will ever be fixed?

mouseam · October 11, 2017, 10:13pm

zero to none.

Pet_Proletariat · October 12, 2017, 2:16am

@celena @mouseam I conquer. This topic isn’t getting the attention it deserves and this government wouldn’t act unless they it was in their best interest. #sad

Pet_Proletariat · October 14, 2017, 7:52pm

The New York Times follows up on this issue. It’s not enough but at least it’s a start…

Pet_Proletariat · October 26, 2017, 4:23pm

Plaintiffs in the lawsuit, who are mostly Georgia voters, want to scrap the state’s 15-year-old vote-management system — particularly its 27,000 AccuVote touchscreen voting machines, hackable devices that don’t use paper ballots or keep hardcopy proof of voter intent. The plaintiffs were counting on an independent security review of the Kennesaw server, which held electronic poll book data and ballot definitions for counties, to demonstrate the system’s unreliability.

Pet_Proletariat · November 3, 2017, 5:51pm

Samatha Bee has more on this story

https://youtu.be/rshKK-i_CGA

Pet_Proletariat · April 6, 2018, 7:12am

This is the best explainer video yet. Watch

https://youtu.be/w8eujrTyRRE

MissJava · April 6, 2018, 2:45pm

Step 4: Sip coffee and wait

My brain can’t figure out whether to laugh or cry

The special elections (and Virginia, etc.) give me so much hope that we can overcome some obstacles like gerrymandering and fake inflammatory news, but also no fucking way are we gonna be able to be ready for mid terms unless every state commits to paper backups. I don’t expect that to happen, but man November is a long time to wait on pins and needles in anticipation of wtf will go down.

Pet_Proletariat · April 6, 2018, 4:26pm

Just request an absentee paper ballot. click here to request yours today.

Pet_Proletariat · April 20, 2018, 3:27am

From Five Thirty Eight. Highly recommended! Read the whole thing, it’s great.

But what worries election security watchers most is that the U.S. isn’t being proactive enough in its work against state-sponsored hackers targeting the country’s election systems and political organizations. In February 2018, Adm. Mike Rogers, the head of the National Security Agency and Cyber Command, told the Senate Armed Services Committee that he had not been instructed by President Trump or Defense Secretary James Mattis to go after Russian hackers at their point of origin. “Everything, both as the director of the NSA and what I see on the Cyber Command side, leads me to believe that if we don’t change the dynamic here, this is going to continue, and 2016 won’t be viewed as something isolated,” Rogers said. That might mean that while U.S. intelligence agencies are monitoring Russian cyberactivity or gathering on-the-ground intelligence, they might not be taking offensive actions to prevent further attacks on state election systems.

MissJava · April 20, 2018, 4:40am

I didn’t realize Mattis has the authority to order further action on pursuing hackers, I’m trying to figure out why he won’t? Or maybe there’s a covert instruction to do it but they’re publicly pretending like they’re not so that drumpf doesn’t turn right around and tip off the enemy…or maybe my brain looks like this right now lol