War on Freedom

Voting machine hackers have 5 tips to save the next election!

on . Posted in War on Freedom

Hackers took only a few minutes to break into electronic voting machines.

LAS VEGAS, Nevada (PNN) - August 8, 2017 - America depends on the sanctity of the vote. In the wake of the 2016 election, that inviolability is increasingly in question, but given that there are 66 weeks until midterm elections, and 14 weeks until local 2017 elections, there's plenty of time to fix the poor state of voting technology, right? Wrong. To secure the voting infrastructure in the Fascist Police States of Amerika in time for even the next presidential election, government agencies must start now. At Def Con 2017 in Las Vegas, Nevada, one of the largest hacker conferences in the world, Carsten Schurmann demonstrated that FPSA election equipment suffers from serious vulnerabilities. It took him only a few minutes to get remote control of a WINVote machine used in several states in elections between 2004 and 2015. Using a well-known exploit from 2003 called MS03-026, he gained access to the vote databases stored on the machine. This kind of attack is not rocket science and can be executed by almost anyone. All you need is basic knowledge of the Metasploit tool.

Had Schurmann hacked the WINVote during an election, he could have changed the vote totals stored on the machine, observed voters while they were voting, or simply turned off the machine during voting day to cause havoc. This is not exactly the kind of news that increases public trust in election results. But the really bad news is that since the WINVote voting machine does not provide a paper trail, manipulations of the database would not have been detectable. The same goes for many of the voting machines still in use, which prevent auditors from checking that the votes reflect voter intent.

All of this poses a threat against the heart of FPSA elections. The people responsible for maintaining and updating these outdated and vulnerable devices are obliged to take steps to rectify the shortcomings and to minimize the risk of disruption through cyber-attacks. Reiterating that everything is secure and safe enough will not do. Here are five recommendations on how to tackle this challenge:

1. Retire old and outdated voting machines.

A voting machine is outdated when it has known security holes. For example, other hackers at Def Con 2017 demonstrated that the Diebold Express-pollbook is exposed to the openSSL vulnerability CVE-2011-4109. Outdated voting machines should either be updated or dumped.

Furthermore, we know from history that all voting machines can be hacked. Voting machines that do not produce a voter verifiable audit paper trail should be decommissioned. In the end paper gives election officials a way a deliver a correct result, even if the technology fails due to hacking attacks, system malfunction, or power outages. If the cost is prohibitive, then revert to pencil and paper or older non-electronic equipment.

2. Secure voter registration systems and voter databases against hacking attacks.

To ensure that hackers cannot steal or alter voter registrations requires that the data is encrypted and that the cryptographic keys are carefully curated. Adjust administrative processes to minimize the risk of data leakage and unauthorized access. Harden the security of the database systems, for example, by deploying them only on secured and dedicated servers.

3. Require risk limiting audits for any precinct that uses electronic voting machines.

A risk-limiting audit is a statistical method to verify an election result and to detect vote tampering independent of the voting machine technology. By picking a truly random sample of the paper trail of suitable size and inspecting it, one can gain confidence in the correctness of the election results.

4. Adjust the rules of procurement and maintenance of election voting systems.

Policies and laws should reflect that voting machines are used in an ever-changing environment, which is under the adversary’s control. Hence a continuous delivery and installation of security patches should be mandatory. An up-to-date voting machine decreases the risks of hackers disrupting the voting day activities.

5. Improve training of polling station staff.

Election officials need to be able to handle cryptographic keys and to protect them in the face of social engineering and other hacking attacks. Most people could master this after attending a one-day workshop, which covers the basics of IT security.

In the current geopolitical climate protecting the election technologies against hacker attacks is tantamount to protecting the integrity of the election. Many counties have already made good progress. In Colorado risk-limiting audits are required, and in Maryland paper trails are mandatory. Unfortunately, it seems unlikely that every state can be completely secured within the next 66 weeks. However, taking the first steps toward legislating for risk-limiting audits and hardening the security of the systems in use should be achievable everywhere.

Eulogies

Eulogy for an Angel
1992-Dec. 20, 2005

My Father
1918-2010

brents dad

Dr. Stan Dale
1929-2007

stan dale

A. Solzhenitsyn
1918-2008

solzhenitsyn

Patrick McGoohan
1928-2009

mcgoohan

Joseph A. Stack
1956-2010

Bill Walsh
1931-2007

Walter Cronkite
1916-2009

Eustace Mullins
1923-2010

Paul Harvey
1918-2009

Don Harkins
1963-2009

Joan Veon
1949-2010

David Nolan
1943-2010

Derry Brownfield
1932-2011

Leroy Schweitzer
1938-2011

Vaclav Havel
1936-2011

Andrew Breitbart
1969-2012

Dick Clark
1929-2012

Bob Chapman
1935-2012

Ray Bradbury
1920-2012

Tommy Cryer
1949-2012

Andy Griffith
1926-2012

Phyllis Diller
1917-2012

Larry Dever
1926-2012

Brian J. Chapman
1975-2012

Annette Funnicello
1942-2012

Margaret Thatcher
1925-2012

Richie Havens
1941-2013

Jack McLamb
1944-2014

James Traficant
1941-2014

jim traficant

Dr. Stan Monteith
1929-2014

stan montieth

Leonard Nimoy
1931-2015

Leonard Nimoy

Stan Solomon
1944-2015

Stan Solomon

B. B. King
1926-2015

BB King

Irwin Schiff
1928-2015

Irwin Schiff

DAVID BOWIE
1947-2016

David Bowie

Muhammad Ali
1942-2016

Muhammed Ali

GENE WILDER
1933-2016

gene wilder

phyllis schlafly
1924-2016

phylis schafly

John Glenn
1921-2016

John Glenn

Charles Weisman
1954-2016

Charles Weisman

Carrie Fisher
1956-2016

Carrie Fisher

Debbie Reynolds
1932-2016

Debbie Reynolds

Roger Moore
1917-2017

Roger Moore

Adam West
1928-2017

Adam West