WTF Community

Election Hacking Thread


#41

Interesting Opinion piece…in NYT which discusses how a perfect technology of today - electronic voting machines, could end up being more of a problem. We face so many areas of vulnerability.

Every government is a machine, and every machine has its tinkerers — and its jams. From the start, machines have driven American democracy and, just as often, crippled it. The printing press, the telegraph, the radio, the television, the mainframe, cable TV, the internet: Each had wild-eyed boosters who promised that a machine could hold the republic together, or make it more efficient, or repair the damage caused by the last machine. Each time, this assertion would be both right and terribly wrong. But lately, it’s mainly wrong, chiefly because the rules that prevail on the internet were devised by people who fundamentally don’t believe in government.
>
The Constitution itself was understood by its framers as a machine, a precisely constructed instrument whose measures — its separation of powers, its checks and balances — were mechanical devices, as intricate as the gears of a clock, designed to thwart tyrants, mobs and demagogues, and to prevent the forming of factions. Once those factions began to appear, it became clear that other machines would be needed to establish stable parties. “The engine is the press,” Thomas Jefferson, an inveterate inventor, wrote in 1799.

In the spring of 2000, an article in Wired announced that the internet had already healed a divided America: “We are, as a nation, better educated, more tolerant, and more connected because of — not in spite of — the convergence of the internet and public life. Partisanship, religion, geography, race, gender, and other traditional political divisions are giving way to a new standard — wiredness — as an organizing principle for political and social attitudes.” Of all the dizzying technological boosterism in American history, from the penny press to the telegraph to the radio, no pronouncement was battier. In the years since, partisan divisions have become fully automated functions, those wires so many fetters.

The machine is no longer precisely constructed, its every action no longer measured. The machine is fix upon fix, hack after hack, its safety mechanisms sawed off. It has no brake, no fail-safe, no checks, no balances. It clatters. It thunders. It crushes the Constitution in its gears. The smell of smoke wafts out of the engine room. The machine is on fire.


#42

Some defensive maneuvering on protecting votes in a hypothetical blocked/corrupted voting scenario. An experiment is testing the ‘system’ in a pretend way, for now.

On Thursday, Cybereason, a Boston-based cybersecurity firm, will game out an exercise that puts pretend hackers up against pretend city emergency responders to see what would happen if cybercriminals aimed to disrupt an election by keeping people from voting.

The experiment is happening without computers, however.

Axios:

Why it matters: There are dozens of ways to interfere with an election without touching voting equipment, ranging from causing traffic jams to blasting air conditioning in a polling place on an already cold day. Nearly all of our attention to election security has focused on attacks Russia has already tried or on the most obvious target — the voting machines themselves. But the next wave of attacks won’t play by the rulebook we expect bad guys to use.

Tabletop exercises are group games that are sort of like a two-team Dungeons & Dragons — no computers, just paper and brains. It’s an interesting scenario to play out in your head. What needs to happen …

Voters need to know where and when to vote. A hacker could conceivably depress voter turnout by uploading false stories about polling place changes or extended hours for polls that plan to close on time.

Voters need to get to the polls. Hackers could close a major bridge, preventing people from getting to the polls. They could tie up transportation by informing bus drivers they’ve been given an extra day off.

Voters need to wait in line to cast a vote. False reports of gun violence near polling places or a nearby explosion might reduce the amount of time someone might be willing to wait.

Ross Rustici, Cybereason’s senior director of intelligence services, says the experiment likely will be harder for the pretend city team which has to anticipate and defend, but the more difficult it is now, the better prepared local and state officials may be come the midterms.


#43

This is what an end game would be for Russian influencers. Polls do show we are caught in a unending skepticism about the validity of our upcoming elections.

What happens next…fewer voters perhaps?

I know the midterms are galvanizing many to urgently get to the polls, but the underlying mistrust of how safe our voting systems are is now at an all time low. (31%)

Significant quote
the intense focus by the media and the federal government on Russia’s election interference efforts could be eroding voters’ confidence in democratic institutions.

About 1 out of every 3 American adults thinks a foreign country is likely to change vote tallies and results in the upcoming midterm elections, according to a new NPR/Marist poll released Monday.

The finding comes even as there is no evidence Russia or any other country manipulated or tried to manipulate the vote count in 2016 or at any other point in American history.

The results give credence to what election officials have been worried about since at least the summer of 2016: that the intense focus by the media and the federal government on Russia’s election interference efforts could be eroding voters’ confidence in democratic institutions.

The U.S. intelligence community agrees Russia used a number of different strategies to influence the minds of voters leading up to the 2016 election: posing as Americans to spread false and misleading information on social media, hacking into campaign and political party servers to release narrative-shifting emails, and targeting voting infrastructure like registration databases.

But there’s been no indication any ballots were ever manipulated, as 31 percent of Americans think is likely to happen in November.

https://www.npr.org/2018/09/17/647420970/npr-marist-poll-1-in-3-americans-think-foreign-country-will-change-midterm-votes


#44

U.S. Cyber Command operation disrupted Internet access of Russian troll factory on day of 2018 midterms

The U.S. military blocked Internet access to an infamous Russian entity seeking to sow discord among Americans during the 2018 midterms, several U.S. officials said, a warning that the group’s operations against the United States are not cost-free.

The strike on the Internet Research Agency in St. Petersburg, a company underwritten by an oligarch close to President Vladi­mir Putin, was part of the first offensive cyber campaign against Russia designed to thwart attempts to interfere with a U.S. election, the officials said.

“They basically took the IRA offline,” according to one individual familiar with the matter who, like others, spoke on the condition of anonymity to discuss classified information. “They shut ‘em down.”

The operation marked the first muscle-flexing by U.S. Cyber Command, with intelligence from the National Security Agency, under new authorities it was granted by President Trump and Congress last year to bolster offensive capabilities.

Whether the impact of the St. Petersburg action will be long-lasting remains to be seen. Russia’s tactics are evolving, and some analysts were skeptical of the deterrent value on either the Russian troll factory or on Putin, who, according to U.S. intelligence officials, ordered an “influence” campaign in 2016 to undermine faith in U.S. democracy. U.S. officials have also assessed that the Internet Research Agency works on behalf of the Kremlin.


#45

Very little has been done to shore up the election process. #FixIsIn

State election officials opt for 2020 voting machines vulnerable to hacking

The new machines still pose unacceptable risks in an election that U.S. intelligence officials expect to be a prime target for disruption by countries such as Russia and China.

The machines that Georgia, Delaware, Philadelphia and perhaps many other jurisdictions will buy before 2020 are an improvement over the totally paperless devices that have generated controversy for more than 15 years, election security experts and voting integrity advocates say. But they warn that these new machines still pose unacceptable risks in an election that U.S. intelligence officials expect to be a prime target for disruption by countries such as Russia and China.