Forgot your password?
typodupeerror
Government Security Politics

Hacker Exposes Parts of Florida's Voting Database 261

Posted by Soulskill
from the many-things-are-exposed-in-florida dept.
Dangerous_Minds writes "Some people feel that elections can be rigged and votes tampered with. One hacker, who goes by the name of Abhaxas, decided to prove that votes aren't secure by exposing parts of the Florida voting database. Said Abhaxas while posting the data, 'Who believes voting isn't tampered with?'"
This discussion has been archived. No new comments can be posted.

Hacker Exposes Parts of Florida's Voting Database

Comments Filter:
  • by Cito (1725214) on Sunday July 03, 2011 @05:29PM (#36648322) Homepage
    Hopefully this can help finally shed light on voting fraud to stuff the ballots in our election process. I've never been one for electronic voting as it's so much more easily tampered with. And only reason it's pushed so much is due to companies like diebold and the media who push so they can have up to the second voter tallies so they can sound like they are on top of everything when reporting.

    It needs to go back to the old way, which wasn't perfect, but was hell of a lot better than electronic voting.

  • by John Hasler (414242) on Sunday July 03, 2011 @05:35PM (#36648350) Homepage

    ...should be secret anyway. The only part of an election that should be secret is how each individual voted.

    • How is this leak related to the poll? Its just the poll workers -- a separate system from the voting machines -- so how does this affect voting security at all?

      Of course I agree that voting must be secret, integer, valid, transparent, accurate and reliable. Better use paper there, to allow independent verification.

      • Why do you need a machine to vote? Why not just pencil in an X next to the candidate's name like they do in other countries?
        • by compro01 (777531) on Sunday July 03, 2011 @07:00PM (#36648820)

          Why do you need a machine to vote? Why not just pencil in an X next to the candidate's name like they do in other countries?

          How is anyone supposed to profit from that kind of scheme?

          • Specific requirements for paper and pencil manufacturers. Erasers for vote tampering.

            Still profitable but obviously with much more overhead.

        • by jc42 (318812) on Sunday July 03, 2011 @07:19PM (#36648906) Homepage Journal

          Why not just pencil in an X next to the candidate's name like they do in other countries?

          Because that wouldn't produce income for the top people in the companies that make the electronic voting equipment. And, of course, those are people who have contributed to the re-election campaigns of the legislators who have promised to push electronic voting.

          Also, it's pretty well understood that secret, verifiable elections aren't exactly popular with "incumbent" legislators.

          Here in the US, we had that amusing case a couple of elections ago, where the CEO of Diebold (one of the main makers of electronic voting equipment) promised the Republicans in Ohio in writing that he would deliver Ohio to the Republicans in the next election. He delivered, too.

          Actually, I think the best comment on this issue was this story [democratic...ground.com]. (For the benefit of the whoosh-impaired, I'll point out that this is a satirical site. ;-)

          • by hedwards (940851)

            Back in 2005 weren't they caught applying patches to voting machines in Democratic leaning counties in Georgia. Supposedly it was a bug fix, but it was never really explained why the machines happened to be in swing counties that were leaning Democratic. It's entirely possible that there was a reasonable explanation, but without a paper trail or access to the source for both the original and the patch there's no way of knowing for sure.

            The really scary thing is that Diebold is heavily into ATMs as well and

            • by vux984 (928602)

              The really scary thing is that Diebold is heavily into ATMs as well and should really know how to secure the machines.

              Are you saying its scary because they make secure ATMs yet can't seem to even close a barn door when making voting machines, indicating deliberate incompetence?

              Or are you saying its scary that a company that is so incompetent on security is trusted with making ATM machines, which you expect suffer from security just as completely catastrophic as voting machines?

              Either way... yes ... it is sc

        • by timholman (71886)

          Why do you need a machine to vote? Why not just pencil in an X next to the candidate's name like they do in other countries?

          Umm, because in the rare circumstance that the difference in votes falls within the margin of error of spoiled ballots, the Democrats and Republicans begin a long drawn-out battle over who gets to count and interpret what those spoiled ballots mean? Like what happened 11 years ago in Florida during the U.S. presidential election?

          The switch to electronic voting didn't happen without a

          • In the UK spoiled ballots are spoiled ballots, and the only count they are ever attributed to is the spoiled ballot count - they are never interpreted precisely because of the chance of bias being introduced.

            IF your election is that close, then why not simply hold a second round of voting?

        • In the tax system complexity is there for the benefit of the rich. I expect a complex voting scheme is therefore to benefit the rich.
        • by Joce640k (829181)

          Why do you need a machine to vote? Why not just pencil in an X next to the candidate's name like they do in other countries?

          Because in a land of cable TV, you need the results *NOW!*. If you have to wait a few hours for bits of paper to be counted people will have forgotten there was even an election.

  • by Anonymous Coward on Sunday July 03, 2011 @05:43PM (#36648378)

    That's the whole point of these voting machines, make it easier and save time for the users. A punchcard reader/sorta could easily accomplish that. You got physical validity and you get time saving. People can still mail in votes and a database that keeps only people who have voted already (and not who voted for who) could keep track of duplicate votes which puts up a *flag* for that person. If they done it this way, a database breach means little without physical access to the cards or machine.

    What about dead people voting fraud and vote coercion for mail in votes? Stricter law enforcement and record keeping as those things already happens i suppose.

  • Total non-sequitur (Score:4, Insightful)

    by artor3 (1344997) on Sunday July 03, 2011 @05:47PM (#36648402)

    So the fact that he was able to access a list of voters is supposed to prove that votes are rigged? How exactly does that follow?

    Voter fraud is a non-existent problem. It's a bogeyman used to get people scared so that they agree to more restrictions on voting, which in turn disenfranchises those who might otherwise resist the powers that be. It also serves the double duty of de-legitimizing any political opponents. Don't like the incumbent? Call him an imposter, and that way you can scream hatred and bile against him at every moment, and your supporters won't question it, because you've given them a way to rationalize all the hate.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      First of all, votes are supposed to be confidential.

      Second, you don't need electronic voting to get fast results. Canada still uses paper ballots and they have their final results within 24 hours.

      • by mevets (322601)

        Canadas federal ballots only have a single question: choose one of N candidates. Provincial ones are similar. Rarely you may get handed two ballots, one with a question of some burning issue. Municipal have more; often three ballots. Federal, Provincial and Municipal elections are always held on separate days.

        It is a lot easier to count these than the questionnaire that US voters are to fill out. I know you can just hit "party ticket", but they still have to be looked at.

    • by Jawnn (445279)
      While I agree that the vast majority of the allegations of "vote fraud" are, just as you say, a bogey-man aimed at stirring up a disaffected group of voters, closed electronic voting systems make it far easier to actually rig an election while at the same time, making it almost impossible to detect such shenanigans. Either open up the technology to audit and review or chuck it.
      • by PNutts (199112)

        No, what makes it almost impossible to detect such shenanigans is a lack of audits and audit trails.

    • by rwven (663186) on Sunday July 03, 2011 @06:00PM (#36648470)

      The point is that if he hacked in and and got this junk, someone could just as easily have gotten in and altered the data. I don't put it beyond corporations to under-the-table hire hackers to accomplish their end-goals (namely because I've seen it happen), and hacking a voter database is a pretty obvious target.

      And that's only the corporation side of things....

      • But he hasn't proven that he as access to anything that is not public. He's provided a dump of public data that should be public data.

        He hasn't even shown access to any tables that contain vote counts... not one. Simple fact of the matter is that he hasn't proven or even demonstrated access to any data that could be used to directory manipulate an election.

        The only thing I see is links to voter reports. If they manipulated those links/documents on election day they might be able to point media outle
        • you will know anonymous has gotten into your electronic voting system when Guy Fawks or Chuck Norris gets elected. Paper ballots are just as easy to tamper with... the is i just the old case of http://xkcd.com/538/ [xkcd.com]
    • by dkleinsc (563838) on Sunday July 03, 2011 @06:23PM (#36648610) Homepage

      Voter fraud is a non-existent problem.

      It's not quite non-existent. It's not hard to find residents of Chicago or Philadelphia who were part of political machines that regularly placed fraudulent votes. For instance, a common tactic was (maybe still is) to use dead people's names and addresses.

      However, efforts to restrict voting (at least in the US) have far more to do with disenfranchising poor people and black people than they do with any actual risk of fraud. For instance, photo ID requirements, a mere annoyance for middle-class white folks with a driver's license, are an insurmountable burden for members of the underclass that survive on public housing and food assistance. One tell-tale sign here is that the focus is on somebody who shows up to the polls and tries to cast a fraudulent vote, rather than the much easier ways of committing election fraud on a significant scale like manipulating the persons or machines responsible for counting the votes or effectively ballot-stuffing. If you were, say, a secretary of state with ties to a party's political campaign trying to commit election fraud, which would be easier - making a vulnerable voting machine and changing a number in Microsoft Access, or organizing hundreds of thousands of people to go to the polls and fraudulently casting votes?

      • making a vulnerable voting machine and changing a number in Microsoft Access,

        just as likely to be that simple as having a region report a wrong count in your favor.

        you don't think the software that takes the vote isn't auditing the data? you don't think this audited data isn't checked against the central repository for votes? you don't think they'd have specialists checking the data for anomalies or unexpected results?

        to get away with it completely unscathed, the political party would have to have control over all the regional media (to give people the impression they are win

        • by MtHuurne (602934)

          to get away with it completely unscathed, the political party would have to have control over all the regional media (to give people the impression they are winning), access to the machine that takes the votes, access to the server who counts the votes, tackle the paper trail that's designed to prevent exactly this kind of abuse etc. etc. etc.

          Vote results rarely turn out exactly as predicted; only if the differences are really large it will be seen as a sign of fraud. If a new party would win an election out of the blue, it would be very suspicious. Because of gerrymandering and winner-takes-all systems, the overall winner between the two established parties can be decided by a relatively small amount of votes. The local media headlines won't say "fraud!" if a party that was predicted to get 48% of the votes gets 53% on election day.

          If the machi

          • I'd seriously doubt that a government funded project for voting polls would have such _easy_ to compromise security features.

            Vote results rarely turn out exactly as predicted; only if the differences are really large it will be seen as a sign of fraud.

            you will find that statistical anomalies will be verified, things like 1 machine (or 1 vote counter) has an unusual candidate count compared to counts done by adjacent machines. Also how exactly would a single machine be able to falsify votes on any meaningful scale undetected? there would be huge statistical anomalies then there is also the challenge of accessing the machines, (as

      • by Sooner Boomer (96864) <sooner,boomr&gmail,com> on Sunday July 03, 2011 @07:51PM (#36649064) Journal

        For instance, photo ID requirements, a mere annoyance for middle-class white folks with a driver's license, are an insurmountable burden for members of the underclass that survive on public housing and food assistance.

        Pray, do tell, how people that are able to sign up and live off of the public dole, then become too stupid (or otherwise unable) to get a FREE photo ID. Make the photo ID part of the requirement to use these benefits, and you'll cut down on foodstamp fraud too. This whole idea about poor people unable to get ID (which can be verified) is a disingenuous strawman arguement. "insurmountable burden", my ass - just another reason to perpetuate voter fraud!

        • The incentive for food and shelter is a lot more pressing than voting. You are being disingenuous if you don't admit that an ID requirement will mean that almost all people without cars will end up not voting. And it is pretty clear that Republicans are the ones with the strawman argument, since cheating in elections is practically the only political strategy they have left.
        • by tyrione (134248)

          For instance, photo ID requirements, a mere annoyance for middle-class white folks with a driver's license, are an insurmountable burden for members of the underclass that survive on public housing and food assistance.

          Pray, do tell, how people that are able to sign up and live off of the public dole, then become too stupid (or otherwise unable) to get a FREE photo ID. Make the photo ID part of the requirement to use these benefits, and you'll cut down on foodstamp fraud too. This whole idea about poor people unable to get ID (which can be verified) is a disingenuous strawman arguement. "insurmountable burden", my ass - just another reason to perpetuate voter fraud!

          Don't know which state you come from but a Personal ID is not FREE. It's $20 in Washington State. The Driver's License ranges from $25 to $50. Then of course you need proof of identity which requires a Notary Public Stamped Birth Certificate [another $25+ for the Notary Public stamp, and additional fee for the Birth Certificate at the Court House, plus you need to make sure your SS Card is on you to get the Birth Certificate. If you don't you have to go and have that, but if you are a homeless person I doub

          • Don't know which state you come from but a Personal ID is not FREE. It's $20 in Washington State. The Driver's License ranges from $25 to $50. Then of course you need proof of identity which requires a Notary Public Stamped Birth Certificate [another $25+ for the Notary Public stamp, and additional fee for the Birth Certificate at the Court House, plus you need to make sure your SS Card is on you to get the Birth Certificate. If you don't you have to go and have that, but if you are a homeless person I doub

          • by rastos1 (601318)

            Personal ID is not FREE. It's $20 in Washington State.

            With 40% of the US in poverty that's one helluva a lot of disenfranchised voters.

            Are you saying that 40% of US voters can't afford to spend 20$ on photo ID? I call bullshit. Are you saying that they can't put together 20$ if given a month of time? Even if they don't buy a 2 packs of cigarettes, drink no alcohol, and beg on the street corner for 2 days? I call bullshit. If you are not right-away homeless, then don't go to restaurant (I wasn't for a year),

        • by hedwards (940851)

          Because in practice it's not really free. It's been a while since I went to the DMV, but I don't recall those being open 24/7, in other words if you're really that hard up, chances are that you'd have to take a day off work.

          But, really the biggest problem is that the level of fraud in that segment of voters isn't any higher than it is in other segments. And while we're at it, why don't we just require that all ballots be signed by the person as well. I mean hell, somebody could put an X and sign that it was

    • by ShakaUVM (157947)

      >>So the fact that he was able to access a list of voters is supposed to prove that votes are rigged?

      You're right. It doesn't. It shows it is *possible* for votes to be rigged, but we've known that for a long time. A fellow CS guy at UCSD (at UW now), named Yoshi Kohno, has written a long series of papers and presentations on how easy it is to own electronic voting machines. Open USB port? Plug in your specially prepared flash drive, and you can make the machine tapdance for you, if you want.

      For examp

  • by thesandbender (911391) on Sunday July 03, 2011 @05:55PM (#36648448)
    If anyone took 30 seconds to scan this scandalous "voting" data it's very apparent that this is data about the elections and not the actual voting or voters. All of this data can and should be public knowledge (e.g. Elections, Candidates, Races, what special interest groups are working the polls as well as voter statistics). A quick google search will give you almost all of this data because want it should be public knowledge.

    This would be a story if this data wasn't available.
    • I'll add to this that the voting roster and your voting record (when and where) are public record as well... the only thing that's private is who you voted for. Everything else is a matter of public knowledge and should be, this is the only way you can keep things honest. If there are X number of votes, that should match X number of registered voters. By the same token, districts should only have X number of voters and you should only vote in your district (which is why you need to know where someone vot
    • by Legion303 (97901)

      Poll workers' login and password should be public knowledge?

      Actually, it probably is now. I don't just mean the ones on this list, I mean anyone who becomes a poll worker there in the future. Looks like the password is first initial + last initial + last 4 of SSN (although I like to think the 4 digits are a user-supplied PIN).

  • You tricked me into clicking on a link that had an ad for Glen Beck!!! ARRGGH!
  • It's too bad no one wants to use the solution to this problem.

    Step 1. You register to vote. (Yes, we already do this...)
    Step 2. You are given a unique set of voter's registration digits. (Yes, we already do this...)
    Step 3. You vote, and enter some of your voter's registration digits. (Currently we enter all of them -- Dumb).
    Step 4. Your ballot is cryptographically signed with the digits you did not disclose. (See, all digits get used; Just some are kept secret).
    Step 5. You submit your ballot, t

    • by hedwards (940851)

      There's still no paper trail under this scheme and there isn't any way of the voter verifying that the vote was properly registered. Which was the kind of problem which led to both elections that resulted in Bush winning.

  • Only the poll worker user database is sensitive. Everything else is public.

    No voting information for cast ballots or the personal info for voters in the district.

    I can only hope the access control list is on append only media.

    • by Z00L00K (682162)

      But it was rather obvious that the passwords weren't encrypted. If the passwords were encrypted - even with an algorithm like 'crypt' it would have slowed down any attack considerably.

      Anyway - since this was presented one might wonder how this hacker got access to the stored data in the first place since there had to be physical access in some way.

      But in my opinion - as much as possible of the implementation and data in a voting system should be visible to the public so that anyone can trace back their own

  • by DoofusOfDeath (636671) on Sunday July 03, 2011 @09:26PM (#36649522)

    I'm sorry that this is off-topic, but I can't find any other forum to ask this.

    Starting a month or two ago, Slashdot is showing me very few postings when I read the discussions. It's not the rating filter; I've tried many different settings on that. I've tried both D1 and D2 discussion systems, and that doesn't help. I just want things to be the way they used to be.

    Is this a problem that many people are having, or have I done something uniquely stupid to my settings?

  • The veracity of an election is not based upon technology, so being able to hack into a server run by a state board of election means little. An election is a system, a tightly-controlled process completely specified in legal language, with many interlocking parts and thousands of people involved. At each interface point in the process, there are cross-checks to verify accuracy. You can't "fix" an election just by cracking into some file system somewhere, you'd have to beat the entire system.

    For example,

    • by Z00L00K (682162)

      I would still say that it is possible, and looking into how bad the identity of people is checked and verified in the US I wouldn't be surprised if there is stuffing done anyway.

Reality must take precedence over public relations, for Mother Nature cannot be fooled. -- R.P. Feynman

Working...