Computerized Election Theft

Moderators: Elvis, DrVolin, Jeff

Re: Computerized Election Theft

Postby seemslikeadream » Wed Nov 01, 2017 5:37 pm

Georgia AG Quits Representing Election Officials In Lawsuit After Server Wiped


Alex Sanz/AP
By FRANK BAJAK Published NOVEMBER 1, 2017 2:26 PM

(AP) — The Georgia attorney general’s office will no longer represent state election officials in an elections integrity lawsuit in which a crucial computer server was quietly wiped clean three days after the suit was filed, The Associated Press has learned.

The lawsuit aims to force Georgia to retire its antiquated and heavily criticized touchscreen election technology, which does not provide an auditable paper trail.

The server in question was a statewide staging location for key election-related data. It made national headlines in June after a security expert disclosed a gaping security hole that wasn’t fixed for six months after he first reported it to election authorities. Personal data was exposed for Georgia’s 6.7 million voters as were passwords used by county officials to access files.

The assistant state attorney general handling the case, Cristina Correia, notified the court and participating attorneys Wednesday that her office was withdrawing from the case, according to an email obtained by the AP.

Spokeswoman Katelyn McCreary offered no explanation and said she couldn’t comment “on pending matters.”

Correia’s email said “multiple counsel” are being appointed to represent Secretary of State Brian Kemp — the main defendant — and the other defendants. It does not say whether the state would pay those lawyers. Both Kemp and state Attorney General Chris Carr are Republicans.

The server’s data was destroyed July 7 by technicians at the Center for Elections Systems at Kennesaw State University, which runs the state’s election system, Correia had previously informed attorneys in the case.

The erased hard drives are central to the lawsuit because they could have revealed whether Georgia’s most recent elections were compromised by hackers. Russian interference in U.S. politics, including attempts to penetrate voting systems, has been an acute national preoccupation since last year.

It’s not clear who ordered the server’s data irretrievably erased.

Kemp, who is running for governor in 2018, has denied ordering the data destruction or knowing about it in advance. His office’s general counsel issued a two-page report on Monday claiming Kennesaw State officials followed “standard IT practices” in wiping the server that “were not undertaken to delete evidence.” In its initial statement on the server wiping on Oct. 26, Kemp’s office called KSU’s wiping of the server reckless, inexcusable and inept.

The report says “current indications are” that the FBI retains an image of the server that it made in March when it investigated the security hole. The FBI has not responded to AP inquiries on whether it still has that image or has performed a forensic examination to determine whether data on the server might have been altered by hackers.

Executive Director Marilyn Marks of the Coalition for Good Governance, a plaintiff in the case, called the attorney general’s office’s withdrawal from the legal defense shocking but not unexpected.

She accused Kemp of hiding the facts of the case — perhaps even from the state attorney general’s office.

“There have been multiple conflicting stories of how and when the evidence on the servers was destroyed,” she said.
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Computerized Election Theft

Postby seemslikeadream » Thu Nov 02, 2017 2:21 pm

Kislayak met with officials at Kennesaw State University (which runs Georgia’s election system) in April 2016. (Source: KSU Magazine)

Image

Image


KSU’s ‘Year of Russia’ Has Guarded View of Improved U.S.-Russian Relations
MARCH 18, 2017 | PHIL BOLTON

L-R: William Hill of the National War College, Robert Kennedy, president of the Atlanta Council on International Relations and Victoria Smolkin, asst. professor of Russian history at Wesleyan College in Middleton, Conn.

Russian Ambassador Sergey Kislyak, right, chats after his speech given in Atlanta last year with George Perkovich, vice president of studies at the Carnegie Endowment for International Peace, who was slated to speak later in the program.
When visiting Atlanta in April last year, Russia‘s ambassador to the U.S said during a luncheon presentation downtown that relations between the two countries were at a low point, perhaps at the lowest point since the end of the Cold War. He had come to Atlanta to discuss with Kennesaw State University officials the “Year of Russia” program, which he viewed positively and with a hint of envy.

“I envy the students,” Sergey Kislyak told Global Atlanta during an interview after the an Atlanta Council on International Relations luncheon held at the Capital City Club, calling the program “a kind invitation.” “They’ll be digging into the history and exposed to views not normally available to them. This is enormously important so they can learn how it (the relationship) developed.”
http://www.globalatlanta.com/ksus-year- ... relations/
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Computerized Election Theft

Postby seemslikeadream » Sun Nov 05, 2017 10:32 am

ACTIVISM
Something Very Strange Is Going on in a Georgia Election Lawsuit
Georgia's attorney general won't defend Secretary of State Brian Kemp after unexplained election server 'wipe'.
By Brad Friedman / The BradBlog November 3, 2017, 8:19 AM GMT
1.9K197

The fallout following a lawsuit filed in Georgia after its U.S. House Special Election last June get curiouser and curiouser, as we learned this week that the state attorney general's office has now quit its defense of the Secretary of State and the state's other top election official defendants in the case.

We've been covering this mess for months now (years, really), but particularly since the lawsuit [PDF] was filed in July, after the somewhat surprising results from June's U.S. House Special Election in Georgia's 6th Congressional District, where GA's former Republican Sec. of State Karen Handel reportedly defeated Democratic candidate Jon Ossoff, but only on the state's 100% unverifiable Diebold touch-screen voting systems. (He defeated her nearly 2 to 1 on the only verifiable ballots in the race, the mail-in paper votes. Everything else regarding the results is unverifiable speculation.)

Late last week, we learned via Frank Bajak at the Associated Press, that technicians at Kennesaw State University's Center for Elections, which has been contracted to program all of Georgia's computer voting and tabulation systems systems for some 15 years, "wiped clean" the election server that was used to program the elections, ballots and tabulators, just days after the suit was filed in July. Its two backup servers were also subsequently wiped and "degaussed three times" in August, the day after the suit was moved from state to federal court.

GA's chief election official, Republican Sec. of State Brian Kemp, who is running for governor in 2018, claims he knew nothing of the server deletions until AP's report last week. Previously, a huge fan of the Center for Elections at Kennesaw, Kemp cited the "gross incompetence" and "undeniable ineptitude" of the folks at KSU for whatever happened. Nobody has yet to take credit, however, for giving the instructions to delete the servers which held critical evidence that plaintiffs had hoped to have forensically investigated as part of the lawsuit. And then yesterday, in another flip-flop, Kemp called the entire matter "#fakenews."

All of that is disturbing on its own, but even more so in light of revelations earlier this year that the election server in question—which stored personal data for all of GA's 6.7 million voters and the electronic ballot programming and administrative passwords for the state's voting and tabulation systems—was left completely accessible online, no password necessary, for at least six months. Kennesaw was notified about the vulnerability by a data security researcher in August of 2016 (months before last year's Presidential election), but they failed to secure the server until after Politico's Kim Zetter revealed the vulnerability just prior to the GA-06 U.S. House race this year. (Samantha Bee's "Full Frontal" covered much of the story up to this point on her show last night.)

Then, on Wednesday evening, AP's Bajak offered another bombshell in reporting that the Republican state attorney general's office, which had been defending Kemp, Kennesaw and the state Elections Board in the matter, has now pulled out from defending them. The reasons offered by the state AG and Kemp's campaign for Governor (he's running in 2018) have conflicted with each other or with known evidence obtained during the multi-partisan lawsuit, which a Kemp campaign spokesperson describes to AP yesterday as "a tasteless nothingburger cooked up by liberal activists who know their lawsuit is nothing short of stupid."

One of those "liberal activist" plaintiffs, Republican Marilyn Mark, a longtime election integrity advocate and executive director of the Coalition for Good Governance, confirms that nobody still knows who ordered the server deletion, nor why the state AG has dropped out of the case. "It's an enormous mystery, and the mysteries continue to increase every day," she says.

"I think that Brian Kemp is, and rightfully so, getting a black eye here," Marks tells me. "What he has done is shameful. There's no way to explain it. So I'm sure his defenders and campaign managers are doing everything they can to go on the offensive and try to make other people look like they are to blame, and that their candidate is innocent. But I think when people step back and say, wait a minute, if they erased the servers—and they did it twice—they did it for some reason. And it wasn't because our lawsuit was stupid."

She goes on to explain the "number of conflicting stories that Brian Kemp's people are telling" about when and why the compromised servers were deleted and why the AG's office is no longer willing to defend the case. She also details whether any of the information plaintiffs had hoped to examine from the servers might still be available in what is believed to be a partial copy of the servers obtained by the FBI when they came in to examine the reported data breach that occurred earlier this year, when the servers were discovered to have been left vulnerable online.

Georgia voters head to the polls for municipal elections being held next Tuesday, which will also be overseen by Kemp, programmed by Kennesaw, and run on the same wildly hackable, 100% unverifiable touch-screen voting and tabulation systems that lead to this entire mess in the first place.

She recently wrote [PDF] to Kemp and other election officials to ask them to make paper ballots available to voters since, as she tells me today, if the system was contaminated during the months it had been left vulnerable on the Internet, "They wouldn't have had time, even within the last year, to have cleaned up everything. Because, as you know, that malware can travel down to the memory cards, the voting machines, the optical scanners, and the jump servers down in the counties. Things could have traveled there in the last six months, year, two years—there's been no effort to try to disinfect all of the various components. I mean, there are 27,000 of these touch-screen voting machines in Georgia. There's no way that they should be in use when we know that this system was subject to a high degree of risk."

There is much more today in my conversation with Marks than I can adequately summarize here. So please give today's show a listen for the full story here--- or, as much as we know about it to date --- along with many other mind-blowing details.
https://www.alternet.org/activism/georg ... -officials
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Computerized Election Theft

Postby seemslikeadream » Sun Nov 19, 2017 11:09 am

The Hard Truth Keeps Trickling Out, Little by Little

It increasingly looks like Russian hackers may have affected actual vote totals.
Getty

BY CHARLES P. PIERCE
JUN 13, 2017

The last outpost of moderate opinion on the subject of the Russian ratfcking during the 2016 presidential election seems to be that, yes, there was mischief done and steps should be taken both to reveal its extent and to prevent it from happening again in the future, but that the ratfcking, thank baby Jesus, did not materially affect the vote totals anywhere in the country. This is a calm, measured, evidence-based judgment. It is also a kind of prayer. If the Russian cyber-assault managed to change the vote totals anywhere, then the 2016 presidential election is wholly illegitimate. That rocks too many comfort zones in too many places.

(Bear in mind, for the moment, that we are discussing Russian ratfcking, and not the myriad problems with how we ourselves manage our elections. That's for another time, except in the context of how those inherent problems facilitated the Russian chicanery.)

It may well be that the Russians didn't affect the actual numbers last November but, as Bloomberg points out, that was not for lack of trying.

In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database. Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter. In all, the Russian hackers hit systems in a total of 39 states, one of them said. The scope and sophistication so concerned Obama administration officials that they took an unprecedented step -- complaining directly to Moscow over a modern-day "red phone." In October, two of the people said, the White House contacted the Kremlin on the back channel to offer detailed documents of what it said was Russia's role in election meddling and to warn that the attacks risked setting off a broader conflict.

One of the mysteries about the 2016 presidential election is why Russian intelligence, after gaining access to state and local systems, didn't try to disrupt the vote. One possibility is that the American warning was effective. Another former senior U.S. official, who asked for anonymity to discuss the classified U.S. probe into pre-election hacking, said a more likely explanation is that several months of hacking failed to give the attackers the access they needed to master America's disparate voting systems spread across more than 7,000 local jurisdictions.


This may be so, but it's becoming increasingly harder to believe that, in one of those 7,000 local jurisdictions, the Russians didn't strike gold. American democracy went out on the roof last fall.

Apparently, the Obama administration first caught wind of the attack when the Illinois system was seriously compromised.

Illinois became Patient Zero in the government's probe, eventually leading investigators to a hacking pandemic that touched four out of every five U.S. states. Using evidence from the Illinois computer banks, federal agents were able to develop digital "signatures" -- among them, Internet Protocol addresses used by the attackers -- to spot the hackers at work. The signatures were then sent through Homeland Security alerts and other means to every state. Thirty-seven states reported finding traces of the hackers in various systems, according to one of the people familiar with the probe. In two others -- Florida and California -- those traces were found in systems run by a private contractor managing critical election systems.

The Obama people went to condition red; the Department of Homeland Security tried to declare state election systems to be part of our critical national infrastructure, which they clearly are. The Republicans in Congress shot that down. Curiouser and curiouser, some states declined to cooperate fully with DHS. As the invaluable Marcy Wheeler pointed out on the electric Twitter machine Tuesday morning, one of the recalcitrant states was Georgia, where you can't audit the voting machines, and where they are having a crucial—and extremely expensive—special congressional election next Tuesday.

Depressingly, the Obama administration decided to keep a lid on most of what it knew so as not to undermine the public's confidence in the integrity of the election, even though those same people in the Obama administration knew that the integrity of the election was completely up for grabs. There are a lot of dangers to self-government, and one of those dangers that's done a lot of damage in my lifetime has been the feeling that the American people are such fragile ornaments that we don't dare risk telling them the truth of something lest they fall to the floor and shatter to pieces. This is just the latest example of this infantilizing attitude toward our general democratic obligation to be wise to what out government is doing.

We are creeping ever closer to actual evidence that there was Russian ratfcking of the vote totals in the last election. Not long ago, people wouldn't even suggest that out loud. We were made vulnerable to something like this because of the interference by the Supreme Court in Bush v. Gore, by the curious goings-on in Ohio in 2004, by a relentless campaign to convince the country of an imaginary epidemic of voter fraud, and by a decade of voter suppression by any means necessary. The Russians wanted to undermine the confidence Americans had in their elections? We made it pretty damn easy to do that.

http://www.esquire.com/news-politics/po ... ng-totals/
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Computerized Election Theft

Postby Belligerent Savant » Mon Dec 04, 2017 5:13 pm

.

Re: my post on page 1 & 2 of this thread on Blockchain tech to (hopefully not ostensibly) prevent election fraud, etc.

https://cointelegraph.com/news/ny-assem ... logy-bills


New York Assemblyman Clyde Vanel (D-33) has filed four proposed laws that aim to promote research on the concrete possible applications of Blockchain technology by the state government.

The bills will create a legal language for the technology under state law and advance studies around its possible uses for local and state elections, including the verification of voter tallies.

Brief details of the bills
The first bill filed by Vanel will amend the state’s technology law to include sections that will provide definitions of the terms “Blockchain technology” and “smart contract,” as well as to provide a legal understanding for digital signatures that are stored on a Blockchain.

The second bill will mandate the state’s board of elections to conduct a study and evaluation of the use of the technology to safeguard voter records and the results of elections. The study, which will be conducted in 12 months, will assess whether a Blockchain platform is effective in limiting or preventing voter fraud, improving cybersecurity around digital voting platforms, maintaining better voter records, and efficiently sharing election results.

The third bill will call for the study and the establishment of a task force to assess whether a Blockchain platform can be utilized to store government records and to share information efficiently and fast. The bill will also require the task force to conduct at least one public hearing during its study and submit a final report on or before Jan. 1, 2019.

The fourth bill will mandate the creation of a virtual currency task force that will analyze the possible effect(s) of the digital currencies in the state’s financial markets.

Based on public records, three of the bills were already referred to a legislative committee that is related to government options.

User avatar
Belligerent Savant
 
Posts: 5217
Joined: Mon Oct 05, 2009 11:58 pm
Location: North Atlantic.
Blog: View Blog (0)

Re: Computerized Election Theft

Postby seemslikeadream » Fri Dec 15, 2017 2:43 pm

Hackers demand ransom for California voter database

Joe Uchill12/15/17 12:41 PM EST
Hackers have deleted a database of potential California voters with more than 19 million entries, demanding around $3,500 to restore it.

Researchers at the security firm MacKeeper's Kromtech research group first noticed the issue, but have not been able to identify the database's owner to notify them.

"We decided to go public to let everyone who was affected know," said Bob Diachenko, head of communications for Kromtech.

Kromtech primarily searches for misconfigured databases on cloud storage accounts that accidentally reveal private information to the public. In early December, they found a misconfigured database on an Amazon cloud account containing what appeared to be information on 19 million Californian citizens, including contact and mailing information as well as voting precinct information.

A redacted sample of the files discovered by Kromtech.

But while the company was investigating the misconfigured files, they noticed the files were suddenly removed and replaced with a ransom note demanding 0.2 bitcoin, or about $3,500.

Cloud storage accounts do not inherently list their owners. Often times, researchers like Kromtech will use the information from the exposed files to find and contact whoever controls the account to correct the security settings.

Kromtech had only had a chance to download one precinct's worth of data before the ransom note appeared and did not have enough information to figure out who owned the account. Diachenko said Kromtech had contacted the California secretary of State, who had similarly little luck finding the account holder.
The California secretary did not respond to The Hill by press time.

Many groups, including political consultants and advertisers, collect information on voters and potential voters.

"We've seen this kind of ransom attack before," said Diachenko, who noted that cybercriminals had been targeting the MongoDB platform used for this database since January of this year.

The ransom note linked the attack to a group known as "cru3lty," which Diachenko said Kromtech has seen in the past. Though bitcoin transactions are largely anonymous, the transactions from anonymous buyers and sellers are available for public view. Diachenko said that the bitcoin account connected to this ransom appears to have successfully taken a handful of ransoms in the past.

Diachenko speculated that the size of the database would make it unlikely for the criminals to download and store a complete copy. Instead, he believes there is a good chance the files were immediately deleted and would never be restored even with a paid ransom.

Kromtech, a division of MacKeeper, outlined the discovery in a blog posted Friday.

With few leads to go on about who to contact about the database, it's unclear if the victim is even aware its files have been pilfered.

"We can only guess what happens next," said Diachenko.
http://thehill.com/policy/cybersecurity ... a8.twitter
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: Computerized Election Theft

Postby stickdog99 » Mon Dec 18, 2017 5:09 am

totally absurd
stickdog99
 
Posts: 6304
Joined: Tue Jul 12, 2005 5:42 am
Blog: View Blog (0)

Re: Computerized Election Theft

Postby Elvis » Sun Oct 14, 2018 9:41 pm

I Hacked a Mock Election Site. Here's Why That Matters.

The fake hack carried real lessons for the security of our election system.

By RIVER O'CONNOR
August 21, 2018

It took me around 10 minutes to crash a simulation of the upcoming midterm elections. Once I accessed the shockingly simple and vulnerable set of tables that make up the state election board’s database, I was able to shut down the public-facing website that would tally the votes, throwing their count into confusion. The data were lost completely. Just like that, tens of thousands of votes were up for potential debate, muddying an electoral system already prone to confusion, doubt, and finger-pointing.

I’m 17. And I’m not even a very good hacker.

I’ve attended the hacking convention DEF CON in Las Vegas for over five years now, since I was 11 years old. While I have a good conceptual understanding of how cyberspace and the internet work, I’ve taken only a single Python programming class in middle school. When I found out that the Democratic National Committee was co-sponsoring a security competition for kids and teens, however, my interest in politics fed into curiosity about how easy it might be to mess with a U.S. election. Despite that limited experience, I understood immediately when I got to Las Vegas this year why the professionals tend to refer to state election security as “child’s play.”

The Voting Machine Village at DEF CON, the aforementioned competition where attendees tackled vulnerabilities in state voting machines and databases, raised plenty of eyebrows among election boards and voting machine manufacturers alike. It’s a hard pill to swallow for the public, too: No one wants to believe that—after waiting in a lengthy line, taking time off from work or finding a babysitter in order to vote—their ballot could be thrown away, or even worse, altered.

Consequently, people started to take notice as reports came in from both the intelligence community and organizations like the DNC about the ease with which a foreign power could potentially do such a thing. Since electronic voting was introduced in the early 2000s, leaders in both Washington and our state capitals have repeatedly failed to keep up with rapid advances in information technology and cybersecurity.

The replica state election websites used in this year’s competition were built on MySQL, a database management system that stores data in simple tables containing columns and rows. By inputting a command into the search bar to see all the website’s tables, I could then see all of its data, including vote tallies, candidate names and tables of basic website functions. Once someone has that kind of access, they can do plenty of damage. First, the organizers instructed us to double candidates’ vote tallies. Then, with the assistance of volunteers, some of us easily changed the names of candidates or even their parties, or inflated the vote tallies to ridiculously high, Putinesque numbers.

The entirety of the hacking came down to entering no more than two lines of code: the first to display all columns and rows for the site, the second to alter the vote tally. Of the few dozen participants, most completed the very simple hack assigned by the instructors. About a quarter figured out how to rename or delete other candidates and their parties from the list.

But even after doing something as relatively tame, from a computer science perspective, as messing around with a few numbers, I wanted to see how much damage I could do without the competition’s instructions or staff assistance. First, I wrote down the IP address of the server hosting the competition, no different than the first step a foreign agent would take. Then, I accessed the DEF CON-hosted website from a secure Wi-Fi spot and Googled a list of common MySQL commands. The whole thing, from search to shutdown, took me less than five minutes.

To take down the entire website, all I needed to do was enter a command to drop the table—to remove it from the database entirely, in other words. This caused the page to return an execution error, which took a reset of the website’s host server to fix. Essentially, I had crashed the website, similar to the denial of service attacks more familiar to the public, but more direct and even more effective.

This is where the staff got a little bit confused, as the instructions had told us only how to change the number of votes. I had to crash the website again, right in front of them, before they believed I had anything to do with it.

The fact that someone as untrained as myself could theoretically bring an election to a screeching halt with nothing but a quick Google search should be a wake-up call. While inflating Gary Johnson’s vote tally to over 90 billion is good for a laugh, a more malicious agent—not to mention a team of well-funded and highly skilled hackers—could do real damage. A close congressional race could be flipped by the addition of a few hundred extra votes, the installation of malware, stolen security credentials, or the shutdown of a website during the final tally, like my escapade last week. The possibility, or even the likelihood, of such an event is precisely why the chief security officer of the Democratic National Committee, Bob Lord, interviewed me and my fellow competition participants to see what kind of defense those without experience could potentially develop.

I didn’t quite know what to expect when I started the competition, but I know it shouldn’t have been that easy. Someone with my skills wouldn’t have stood a chance against a professionally protected website. Anyone with a Wi-Fi-enabled device could theoretically have done what I did to the mock election database.

Unfortunately, the people who have the power to do something about this issue are in denial. But that doesn’t change the facts on the ground. America is supposed to set a world standard for free and open elections—the idea of “one person, one vote” is part of our identity. The failure to address such a widespread and well-documented effort by foreign powers to compromise that principle puts our democracy, and our position of leadership, at risk.

I’m still not particularly interested in a tech career, but one day I hope to be in a position to prevent something like this from happening in real life. After the competition, both the staff and the competitors agreed—we need a tech-literate government with the resources and the will to secure our elections. Or at least one that can stop a 17-year-old with basic command line skills and 10 free minutes between classes from electing Gary Johnson president-for-life.


Correction: This story has been edited to more accurately reflect such a hypothetical attack.


River O’Connor is a senior at the Ocean Research College Academy in Everett, Wash.
https://www.politico.com/magazine/story ... ker-219374
“The purpose of studying economics is not to acquire a set of ready-made answers to economic questions, but to learn how to avoid being deceived by economists.” ― Joan Robinson
User avatar
Elvis
 
Posts: 7413
Joined: Fri Apr 11, 2008 7:24 pm
Blog: View Blog (0)

Re: Computerized Election Theft

Postby Marionumber1 » Tue Oct 16, 2018 9:10 pm

A couple weeks ago, No Lies Radio did a great show on computerized election theft with Mark Crispin Miller, Bob Fitrakis, and Jonathan Simon as panelists: https://www.youtube.com/watch?v=FpsnI0Uasrk What's important is that it goes beyond the partisan lens of "Republicans are cheating" and looks at election fraud as a key anti-democratic weapon in TPTB's arsenal, alongside political assassinations and human compromise. For instance, it touches on why the Democrats refuse to challenge electronic vote rigging even though they're usually the ones most hurt by it. The panel is 3 hours long but definitely worth the watch.
Marionumber1
 
Posts: 374
Joined: Sat Jul 08, 2017 12:42 am
Blog: View Blog (0)

Re: Computerized Election Theft

Postby Elvis » Wed Oct 17, 2018 2:53 am

Thanks, those guys are great. I assume vote manipulation is used by both parties, depending on factors like local officials etc., and probably sometimes just sold to the highest bidder. Money talks, money votes.
“The purpose of studying economics is not to acquire a set of ready-made answers to economic questions, but to learn how to avoid being deceived by economists.” ― Joan Robinson
User avatar
Elvis
 
Posts: 7413
Joined: Fri Apr 11, 2008 7:24 pm
Blog: View Blog (0)

Re: Computerized Election Theft

Postby Marionumber1 » Wed Oct 17, 2018 11:27 am

Who is perpetrating and benefiting from electronic vote rigging is an interesting question. I personally believe that it's a two-tiered system, with different mechanics at the national and local levels.

Elections of national significance (president, Senate, House, governor, state legislatures) have been rigged pretty consistently in one direction: for Republicans in general elections and corporate Democrats/establishment Republicans in primaries. When you get down to elections that primarily matter locally (prosecutor, sheriff, county executives, alderman, etc.), the fraud is mainly up to local pockets of corruption in the area, and there's a lot more variation in which party benefits. Because a small group of private voting machine companies (with numerous corporate, intelligence, and right-wing ties) has so much influence over the process, it is possible for them to exert significant control over national elections. However, they also need some level of complicity from local election officials to look the other way and, if necessary, cover up the irregularities when anyone tries to look too deeply.

A good way to ensure that is to keep the local elections just as corrupt as the national ones. Bev Harris has documented that Jeffrey Dean, a convicted embezzler and Diebold's vice president of R&D, put two features into the central tabulator that facilitate local election theft: a double set of books and fractional vote counting. Even before that, the central tabulator software, known as GEMS, had no security because its database could easily just be modified with Microsoft Access. Page 23 of this court filing in an Arizona election lawsuit reveals that a particularly shady Diebold technician named Sophia Lee quietly told election officials about this GEMS backdoor, selling it to them under-the-table as a way to "clean up results". For local networks of organized crime who have an incentive to control positions like the prosecutor, sheriff, etc., Diebold (and quite likely other vendors as well) were secretly offering exactly the tools they needed.

If the voting machine vendors and the locals (which includes election officials, regional contractors, and their friends on the outside) are both rigging elections, albeit with different motivations, they both have an incentive to protect this corrupt system.
Marionumber1
 
Posts: 374
Joined: Sat Jul 08, 2017 12:42 am
Blog: View Blog (0)

Re: Computerized Election Theft

Postby stickdog99 » Wed Oct 17, 2018 6:35 pm

I have an idea. Let's all just trust proprietary programs designed for easy, unauditable manipulation to spit the out right answer. What could possibly go wrong?

Computers don't count votes. Computer programmers do.
stickdog99
 
Posts: 6304
Joined: Tue Jul 12, 2005 5:42 am
Blog: View Blog (0)

Re: Computerized Election Theft

Postby Elvis » Tue May 28, 2019 3:56 pm

I missed this last year; probably better source than Vice, but someone sent me this so passing it along:

https://www.vice.com/en_us/article/mbdw ... a-soda-can

Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States
Remote-access software and modems on election equipment 'is the worst decision for security short of leaving ballot boxes on a Moscow street corner.'

Tech by VICE
by Kim Zetter
Jul 17 2018, 5:00am

The nation's top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them.

In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had "provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006," which was installed on the election-management system ES&S sold them.

The statement contradicts what the company told me and fact checkers for a story I wrote for the New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. "None of the employees, … including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software," the spokesperson said.

ES&S did not respond on Monday to questions from Motherboard, and it’s not clear why the company changed its response between February and April. Lawmakers, however, have subpoena powers that can compel a company to hand over documents or provide sworn testimony on a matter lawmakers are investigating, and a statement made to lawmakers that is later proven false can have greater consequence for a company than one made to reporters.

ES&S is the top voting machine maker in the country, a position it held in the years 2000-2006 when it was installing pcAnywhere on its systems. The company's machines were used statewide in a number of states, and at least 60 percent of ballots cast in the US in 2006 were tabulated on ES&S election-management systems. It’s not clear why ES&S would have only installed the software on the systems of “a small number of customers” and not all customers, unless other customers objected or had state laws preventing this.

The company told Wyden it stopped installing pcAnywhere on systems in December 2007, after the Election Assistance Commission, which oversees the federal testing and certification of election systems used in the US, released new voting system standards. Those standards required that any election system submitted for federal testing and certification thereafter could contain only software essential for voting and tabulation. Although the standards only went into effect in 2007, they were created in 2005 in a very public process during which the security of voting machines was being discussed frequently in newspapers and on Capitol Hill.

Election-management systems are not the voting terminals that voters use to cast their ballots, but are just as critical: they sit in county election offices and contain software that in some counties is used to program all the voting machines used in the county; the systems also tabulate final results aggregated from voting machines.

Software like pcAnywhere is used by system administrators to access and control systems from a remote location to conduct maintenance or upgrade or alter software. But election-management systems and voting machines are supposed to be air-gapped for security reasons—that is, disconnected from the internet and from any other systems that are connected to the internet. ES&S customers who had pcAnywhere installed also had modems on their election-management systems so ES&S technicians could dial into the systems and use the software to troubleshoot, thereby creating a potential port of entry for hackers as well.

In May 2006 in Allegheny County, Pennsylvania, ES&S technicians used the pcAnywhere software installed on that county's election-management system for hours trying to reconcile vote discrepancies in a local election, according to a report filed at the time. And in a contract with Michigan, which covered 2006 to 2009, ES&S discussed its use of pcAnywhere and modems for this purpose.

"In some cases, the Technical Support representative accesses the customer’s system through PCAnywhere—off-the-shelf software which allows immediate access to the customer’s data and network system from a remote location—to gain insight into the issue and offer precise solutions," ES&S wrote in a June 2007 addendum to the contract. "ES&S technicians can use PCAnywhere to view a client computer, assess the exact situation that caused a software issue and to view data files."

Motherboard asked a Michigan spokesman if any officials in his state ever installed the pcAnywhere software that ES&S recommended they install, but got no response.

The presence of such software makes a system more vulnerable to attack from hackers, especially if the remote-access software itself contains security vulnerabilities. If an attacker can gain remote access to an election-management system through the modem and take control of it using the pcAnywhere software installed on it, he can introduce malicious code that gets passed to voting machines to disrupt an election or alter results.

Wyden told Motherboard that installing remote-access software and modems on election equipment “is the worst decision for security short of leaving ballot boxes on a Moscow street corner.”

In 2006, the same period when ES&S says it was still installing pcAnywhere on election systems, hackers stole the source code for the pcAnyhere software, though the public didn’t learn of this until years later in 2012 when a hacker posted some of the source code online, forcing Symantec, the distributor of pcAnywhere, to admit that it had been stolen years earlier. Source code is invaluable to hackers because it allows them to examine the code to find security flaws they can exploit. When Symantec admitted to the theft in 2012, it took the unprecedented step of warning users to disable or uninstall the software until it could make sure that any security flaws in the software had been patched.

Around this same time, security researchers discovered a critical vulnerability in pcAnywhere that would allow an attacker to seize control of a system that had the software installed on it, without needing to authenticate themselves to the system with a password. And other researchers with the security firm Rapid7 scanned the internet for any computers that were online and had pcAnywhere installed on them and found nearly 150,000 were configured in a way that would allow direct access to them.

It’s not clear if election officials who had pcAnywhere installed on their systems, ever patched this and other security flaws that were in the software.

“[I]t's very unlikely that jurisdictions that had to use this software … updated it very often,” says Joseph Lorenzo Hall, chief technologist for the Center for Democracy and Technology, “meaning it's likely that a non-trivial number of them were exposed to some of the flaws found both in terms of configuration ... but also flaws that were found when the source code to that software was stolen in 2006.”

ES&S said in its letter to Wyden that the modems it installed on its election-management systems for use with pcAnywhere were configured only to dial out, not receive calls, so that only election officials could initiate connections with ES&S. But when Wyden's office asked in a letter to ES&S in March what settings were used to secure the communications, whether the system used hard-coded or default passwords and whether ES&S or anyone else had conducted a security audit around the use of pcAnywhere to ensure that the communication was done in a secure manner, the company did not provide responses to any of these questions.

Even if ES&S and its customers configured their remote connections to ES&S in a secure manner, the recent US indictments against Russian state hackers who tried to interfere in the 2016 presidential elections, show that they targeted companies in the US that make software for the administration of elections. An attacker would only have had to hack ES&S and then use its network to slip into a county's election-management system when the two systems made a remote connection.

In its letter to Wyden, ES&S defended its installation of pcAnywhere, saying that during the time it installed the software on customer machines prior to 2006, this was "considered an accepted practice by numerous technology companies, including other voting system manufacturers."

Motherboard contacted two of the top vendors—Hart InterCivic and Dominion—to verify this, but neither responded. However, Douglas Jones, professor of computer science at the University of Iowa and a longtime expert on voting machines confirmed that other companies did routinely install remote-access software during this period.

“Certainly, [Diebold Election Systems] did the same, and I'd assume the others did too,” he told Motherboard. “In the case of [Diebold], many of their contracts with customers included the requirement of a remote-login port allowing [the company] to have remote access to the customer system in order to allow customer support.”

He notes that election officials who purchased the systems likely were not aware of the potential risks they were taking in allowing this and didn’t understand the threat landscape to make intelligent decisions about installing such software.

All of this raises questions about how many counties across the US had remote-access software installed—in addition to ES&S customers—and whether intruders had ever leveraged it to subvert elections.

Although Wyden's office asked ES&S to identify which of its customers were sold systems with pcAnywhere installed, the company did not respond. ES&S would only say that it had confirmed with customers who had the software installed that they "no longer have this application installed."

The company didn't respond to questions from Motherboard asking when these customers removed the software—whether ES&S had instructed them to do so back in 2007 when the company says it stopped installing the software on new systems it sold or whether it had only recently told customers to remove it following concerns raised in the 2016 presidential elections that Russian hackers were targeting election networks in the US. As late as 2011 pcAnywhere was still being used on at least one ES&S customer's election-management system in Venango County, Pennsylvania.

ES&S wrote in its letter to Wyden that it would be willing to meet privately in his office to discuss election security. But when the company was asked to attend a hearing on election security last week before the Senate Committee on Rules and Administration, ES&S declined to send anyone to answer Senate questions.

Wyden says he’s still waiting for ES&S to respond to the outstanding questions he sent the company in March.

“ES&S needs to stop stonewalling and provide a full, honest accounting of equipment that could be vulnerable to remote attacks,” he told Motherboard. “When a corporation that makes half of America’s voting machines refuses to answer the most basic cyber security questions, you have to ask what it is hiding.”




More good stories on that page:

Voting Machine Manual Instructed Election Officials to Use Weak Passwords
A vendor manual for voting machines used in about ten states shows the vendor instructed customers to use trivial, easy to crack passwords and to re-use the passwords when changing log-in credentials.
“The purpose of studying economics is not to acquire a set of ready-made answers to economic questions, but to learn how to avoid being deceived by economists.” ― Joan Robinson
User avatar
Elvis
 
Posts: 7413
Joined: Fri Apr 11, 2008 7:24 pm
Blog: View Blog (0)

Re: Computerized Election Theft

Postby Marionumber1 » Wed May 29, 2019 12:21 am

Wow Elvis, thanks for posting these two articles. It is very scary to consider what this means for our electronic voting landscape, not just in terms of outside hacking but also the far more pressing threat of insider manipulation. These e-voting vendors are allegedly only using remote access for legitimate purposes but there would be little stopping them from using it to manipulate vote counts. Such a risk unfortunately dates back quite a while. Triad GSI, the highly suspicious contractor that programmed Ohio's punch card tabulators in 2004, was documented by the Conyers Report as having the ability to remotely access those tabulators. And in 2006, the tabulator in Shelby County TN (home to Memphis) was found to have PC Anywhere (the same software mentioned in the article) illegally installed on it: http://web.archive.org/web/20080222135557/http://www.bbvforums.org/forums/messages/1954/44242.html
Marionumber1
 
Posts: 374
Joined: Sat Jul 08, 2017 12:42 am
Blog: View Blog (0)

Re: Computerized Election Theft

Postby Elvis » Wed May 29, 2019 10:58 am

There's a widespread attitude that 'the people in charge of these things would never allow such a vulerable system.' The news that it is happening is a great shock to this sensibility; people would rather not believe it.
“The purpose of studying economics is not to acquire a set of ready-made answers to economic questions, but to learn how to avoid being deceived by economists.” ― Joan Robinson
User avatar
Elvis
 
Posts: 7413
Joined: Fri Apr 11, 2008 7:24 pm
Blog: View Blog (0)

PreviousNext

Return to General Discussion

Who is online

Users browsing this forum: Belligerent Savant and 42 guests