Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Government Security United States Politics

FBI Says Foreign Hackers Breached State Election Systems (theguardian.com) 163

The FBI has uncovered evidence that foreign hackers breached two state election databases in recent weeks, and it has warned election officials across the country to some measures to step up the security of their computer systems. The Guardian reports: The FBI warning did not identify the two states targeted by cyber intruders, but Yahoo News said sources familiar with the document said it referred to Arizona and Illinois, whose voter registration systems were penetrated. Citing a state election board official, Yahoo News said the Illinois voter registration system was shut down for 10 days in late July after hackers downloaded personal data on up to 200,000 voters. The Arizona attack was more limited and involved introducing malicious software into the voter registration system, Yahoo News quoted a state official as saying. No data was removed in that attack, the official said. US intelligence officials have become increasingly worried that hackers sponsored by Russia or other countries may attempt to disrupt the November presidential election.
This discussion has been archived. No new comments can be posted.

FBI Says Foreign Hackers Breached State Election Systems

Comments Filter:
  • Attack:
    1) Break into registration system
    2) Deregister 5% of voters registered to the party you want to lose in close contest states.

    Defense:
    1) Get rid of registration and let everyone vote.

    • You think Illinois or Arizona are close states?
      • Arizona certainly is

        http://tucson.com/news/local/new-poll-has-trump-clinton-tied-in-arizona/article_01a67ecc-6e07-11e6-a2c4-6b0510540d4c.html
        • That is somewhat surprising. Being one of those far north states that is very blue I just figured that Arizona was only slightly less red than Texas since that is how they are often represented.
          • As far as I can tell, Arizona's reputation is almost entirely due to this asshat [arpaio.com].

            • Re: (Score:2, Troll)

              by Dread_ed ( 260158 )

              Well that and the fact that Arizona grew tired of the constant stream of illegal immigrants robbing, raping and killing their constituents. In an obviously misguided attempt to try to enforce immigration laws that our faithful supreme federal government would not they passed their own laws that would allow their local police departments to help control immigration.

              The Federal Government sued them and won the right to go on not enforcing federal immigration laws which are currently on the books, thereby ren

    • Removing voter registration prevents some attacks, but it makes others much easier.

    • by sycodon ( 149926 ) on Monday August 29, 2016 @01:42PM (#52791025)

      A Better Defense.

      1. Take the fucking registration systems OFF the internet.

      You'd think the State IT departments never heard of something called the Intranet.

      • by Albanach ( 527650 ) on Monday August 29, 2016 @03:20PM (#52791693) Homepage

        There was a GNU project [gnu.org] to create free software for online voting. In 2002, Jason Kitcat the project coordinator abandoned development, pointing to this quote from Bruce Schneier: "a secure Internet voting system is theoretically possible, but it would be the first secure networked application ever created in the history of computers."

        I don't see anything having changed in the intervening fourteen years, other than perhaps attackers getting more sophisticated. We may not have internet voting, but the idea that voting machines or those used in the tabulation of votes are connected to the internet is madness.

    • "... And we predict Arizona presidential voters have picked... Vladimir Putin? Karl, who were you working for this time?"

    • by Obfuscant ( 592200 ) on Monday August 29, 2016 @02:35PM (#52791449)
      Attack: 1) hacker uses a hacksaw to remove padlock on bicycle 2) hacker takes bicycle

      Defense: 1) get rid of padlock on bicycles so anyone can take them.

      1) Get rid of registration and let everyone vote.

      Yeah. Right. That will help remove fraud from the election process.

      • It works fine elsewhere. Have a big list of citizens. If you're a citizen, you can go in to vote. If you try to vote an are not, you get prosecuted.

        Non citizens have absolutely zero incentive to vote. Why bother taking the risk? This is why the data shows it almost never happens.

        • by Obfuscant ( 592200 ) on Monday August 29, 2016 @05:07PM (#52792455)

          If you're a citizen, you can go in to vote.

          Go in where? I get my ballots by mail.

          Non citizens have absolutely zero incentive to vote.

          Really? "If I vote for someone who promises to give me free stuff, I might get free stuff." Or "if I vote against someone who wants to enforce the laws that would deport me, maybe I won't be deported." Doesn't sound like zero incentive to me.

          Why bother taking the risk?

          With half the people in the country denying that it does or could take place, the risk is minimal. And when the person you helped elect takes charge. the risk goes away completely.

          This is why the data shows it almost never happens.

          Except in Chicago where it is a running joke. And of course, few waste time collecting data on something that they actively deny ever happens.

          • If you're a citizen, you can go in to vote.

            Go in where? I get my ballots by mail.

            So does my wife. She shouldn't need to register to do so.

            Non citizens have absolutely zero incentive to vote.

            Really? "If I vote for someone who promises to give me free stuff, I might get free stuff." Or "if I vote against someone who wants to enforce the laws that would deport me, maybe I won't be deported." Doesn't sound like zero incentive to me.

            As a non citizen (of the US) I've not noticed anyone offering me such a reward for voting illegally in a US election.

            Why bother taking the risk?

            With half the people in the country denying that it does or could take place, the risk is minimal. And when the person you helped elect takes charge. the risk goes away completely.

            This is why the data shows it almost never happens.

            Except in Chicago where it is a running joke. And of course, few waste time collecting data on something that they actively deny ever happens.

            That case is the corruption of the voting system by the administrators of the voting system, not the voters.

            • So does my wife. She shouldn't need to register to do so.

              Why not? Why should she be mailed a ballot if she's just going to throw it away? If she's not interested enough in voting to register, why bother? Why should YOU even get close to a ballot that you can simply fill out and send in on her behalf when she isn't interested enough to even register?

              As a non citizen (of the US) I've not noticed anyone offering me such a reward for voting illegally in a US election.

              Oh, please. People don't need someone to walk up to them with a gilt-edged invitation to know that illegal voting can be beneficial to them. You think illegal aliens need someone to tell them that it would be in their

        • by Maritz ( 1829006 )

          It works fine elsewhere. Have a big list of citizens. If you're a citizen, you can go in to vote. If you try to vote an are not, you get prosecuted.

          Non citizens have absolutely zero incentive to vote. Why bother taking the risk? This is why the data shows it almost never happens.

          Mmhmm. If you're going to dial back standards to that level, just have a fucking online poll. It'll be about as secure.

          • It works fine elsewhere. Have a big list of citizens. If you're a citizen, you can go in to vote. If you try to vote an are not, you get prosecuted.

            Non citizens have absolutely zero incentive to vote. Why bother taking the risk? This is why the data shows it almost never happens.

            Mmhmm. If you're going to dial back standards to that level, just have a fucking online poll. It'll be about as secure.

            Because online voting is horribly insecure.
            Paper voting is effective and reasonably secure as long as you take measures to make it so.

    • by rtb61 ( 674572 )

      You do not eliminate registration, you allow on site registration on the day of the vote. You are not meant to be so fussed about preventing people from voting more than once, so much as being able to prosecute and penalise them quite severely after the event. So if there is real concern, simply take a photo at the polling station when they check off their name. The whole idea is to get as many eligible people to vote as possible and if not enough do, make it compulsory so they learn at least one of their

  • by Bob the Super Hamste ( 1152367 ) on Monday August 29, 2016 @01:16PM (#52790773) Homepage
    So it sounds like things won't change much in Illinois. I believe the saying goes:

    I’ve arranged with my executor to be buried in Chicago. Because when I die, I want to still remain active politically.

    • Living in Illinois myself, I find it interesting their voter registration system was breached. That's because, to my knowledge, it's not internet facing! Last time I registered to vote, I had to print out the paperwork and send it snail mail.

      I guess this means the server that processes voter registrations is internet facing, it just has no user interface. All of the vulnerabilities, none of the convenience!
  • Please stop this nonsense and autoregister everyone who is allowed to vote.

    • by Obfuscant ( 592200 ) on Monday August 29, 2016 @02:40PM (#52791483)

      Please stop this nonsense and autoregister everyone who is allowed to vote.

      So you send ballots to everyone, even those who have no desire to vote, and have not bothered to study any of the issues at all because of that. Why should they be voting if they really care so little about the process?

      Voter registration is so easy that it is a barrier only to those who really don't care to vote, and I think that not handing them a ballot is a good answer to the question "why should I register to vote when I don't want to?"

      • So you send ballots to everyone, even those who have no desire to vote, and have not bothered to study any of the issues at all because of that.

        It's cute you this makes them less informed than the average voter. 'Cause the people who "care so much" tend to vote for the first candidate on the ballot. http://insight.kellogg.northwe... [northwestern.edu]

        • It's cute you this makes them less informed than the average voter.

          Logical fallacy. I said nothing about the 'average voter'. I said that they would be uninformed because they have no interest in the process. It's not cute, it's the truth.

          Why do you seem to have a problem with letting people who have no interest in voting remain unregistered to vote?

          • I'm afraid the fallacy is on your part. Because inherent in your claim is that the people who do go and register have interest and are better informed.

            That is generally not the case.

            • Because inherent in your claim is that the people who do go and register have interest and are better informed.

              Wrong. I said nothing at all about people who are interested enough in voting enough register. The fact that a registered voter is or is not informed has nothing to do with the people who don't care about voting at all. You are applying a logical fallacy that "A isn't B" must mean "Not A is B". "Uninterested voters are not informed" does not imply that "Interested voters are informed."

              That is generally not the case.

              That is irrelevant to the discussion about why you don't just send ballots to everyone who is a citizen. It would be an arg

      • So you send ballots to everyone, even those who have no desire to vote, and have not bothered to study any of the issues at all because of that. Why should they be voting if they really care so little about the process?

        Surprisingly, that's exactly how things work in some democracies, specially in direct democracies where population is always voting on everything (e.g.: Switzerland).

        People un-interested in voting generally throw away the ballot.
        (Though probably there are few trying to find way around the - relatively simple - voter identification, and try to cast illegally an extra vote)

        But such widespread diffusion of ballots is necessary in a country which votes every couple of months instead of every couple of year.

  • Its the best new prospect for real computer contract work in Russia, Ukraine, Bulgaria, Estonia, etc. in years!

  • by Anonymous Coward

    The FBI has uncovered evidence that foreign hackers breached two state election databases in recent weeks, and it has warned election officials across the country to some measures to step up the security of their computer systems.

    The FBI later specified to not step it up so much that they cannot break in if need be.

  • No...just, no. (Score:5, Interesting)

    by daveschroeder ( 516195 ) * on Monday August 29, 2016 @01:27PM (#52790847)

    No one actually has to "hack" anything -- just get the thought out there. No matter who wins, stories like this will be cited by the losing side as "proof" the election was "rigged" or "hacked", and that the winner didn't win legitimately. I can think of few things more damaging to the democratic institution.

    See also:

    A Powerful Russian Weapon: The Spread of False Stories [nytimes.com]

    • Re: (Score:3, Informative)

      by PopeRatzo ( 965947 )

      No one actually has to "hack" anything -- just get the thought out there. No matter who wins, stories like this will be cited by the losing side as "proof" the election was "rigged" or "hacked", and that the winner didn't win legitimately.

      One side is already making this argument, and is recruiting an army of armed "observers" to stand around polling places and act menacing.

      http://www.washingtontimes.com... [washingtontimes.com]

      http://www.vanityfair.com/news... [vanityfair.com]

      • One side is already making this argument, and is recruiting an army of armed "observers" to stand around polling places and act menacing.

        Citation required. No, neither of your links talks about armed observers, and nothing about acting "menacing".

        And you'll have to explain why asking people to keep an eye on the process is worse than the New Black Panther party "keeping an eye on the process" by acting menacing and shouting racial slurs at potential voters.

        As for the second link claiming there is no fraud and no fraud could possibly change the result of a "national election". It's interesting that they then list a bunch of voting fraud a

        • Re: (Score:2, Informative)

          by PopeRatzo ( 965947 )

          Citation required. No, neither of your links talks about armed observers, and nothing about acting "menacing".

          No offense, but when you've promoted "Second Amendment solutions" to prevent a president from appointing judges, and you're promoting a civilian "Deportation Force", and you're ginning up the notion that if you lose the election, it's because it was "rigged", what the fuck do you think he's talking about? You can't be that stupid.

          And you'll have to explain why asking people to keep an eye on the pr

          • No offense, but when you've promoted "Second Amendment solutions" to prevent a president from appointing judges, and you're promoting a civilian "Deportation Force", and you're ginning up the notion that if you lose the election, it's because it was "rigged", what the fuck do you think he's talking about? You can't be that stupid.

            So no, you are intending offense, and you have no actual quote or citation that shows him calling for "armed observers to act menacing". You're making it up.

            As for your fear of "second amendment solutions", what was actually said what that "second amendment people" know how to deal with the political process of infringement of their second amendment rights. It's amazing to me, ten minutes before he made that comment every anti-Trump person on the planet knew all about how much political influence the NRA

    • No matter who wins, stories like this will be cited by the losing side as "proof" the election was "rigged" or "hacked"

      Exactly the reason why if I worked for the FBI I'd make up a story like this. Then get the popcorn out..

  • by WillAffleckUW ( 858324 ) on Monday August 29, 2016 @01:27PM (#52790849) Homepage Journal

    We use these things called paper ballots.

    So does Oregon.

    We all vote by mail, so hack all you want.

    We can always rerun the paper ballots again.

    • And select the "right" ones when you do. Or find more in the trunk of someone's car...
    • by DaHat ( 247651 )

      We use these things called paper ballots.

      So does Oregon.

      We all vote by mail, so hack all you want.

      We have a similar process here in Washington... just one problem, it is horribly insecure.

      We can always rerun the paper ballots again.

      Because there are no ways to cast any more ballots than you are legally entitled to under the OR or WA system, no way at all.

      Right now I'm working on a couple of higher priority personal projects, once they are out of the way I go back to trying to find a lawyer interested in the

    • by bigpat ( 158134 )

      Paper based forms with optical scanners seems to work out best these days. Then you can get quick results on election night from the optical scanner results and you just need to have real people manually count the ballots later in order to confirm the automated results.

      Easier said than done, but it is very important that elections have verifiable results based on the physical ballots and not just a computer spitting out some result.

    • Doesn't matter if you use paper ballots when your registration was deleted from the database. Your vote won't count no matter how many times it is re-run.

  • 200,000 voters how meany are dead? but still are on the rolls?

  • by WolfgangVL ( 3494585 ) on Monday August 29, 2016 @01:31PM (#52790891)

    Voting is no longer safe, we are obviously going to have to suspend elections until we are 100% sure the computers are trustworthy!

    • There's no reason we can't have a transparent, well-monitored paper ballot. With all the issues that have surfaced, I think that's our best option. The average poll-worker does not have the technical expertise to maintain security on a computerized system, and the real experts have demonstrated so many flaws in widely-used voting machines that they should be scuttled.

    • by bigpat ( 158134 )

      Voting is no longer safe, we are obviously going to have to suspend elections until we are 100% sure the computers are trustworthy!

      Really though, people should suspend the secret ballot if there are legitimate widespread issues with vote tampering. The secret ballot is less important than the ability to maintain the integrity of the election itself. Sure that opens some people up to voter intimidation, but you have to trust that enough people are going to vote in their best interests to overwhelm any voter intimidation.

      If you are trying to boot strap a civil society using democratically elected institutions then you have a chicken a

    • Voting is no longer safe, we are obviously going to have to suspend elections until we are 100% sure the computers are trustworthy!

      Thanks Obama!

  • Call me a paranoid conspiracy theorist but wouldn't this be more likely to be at least sponsored domestically?

    • Why would the rich and powerful in the US, who have already "bought" their politicians, need to rig the election any further?

      In other words: only an outside entity (who doesn't benefit from Citizens United and unlimited campaign contributions) would need to rig an election using "alternate" methods

      • Because the peons don't always vote like they're supposed to.

        Ancient Socialist from Vermont got 46% of the vote in the primary. This will not do.

        • It was the "russian" hacks that exposed the DNCs attempts to block Sanders though. Why would the "establishment" block Sanders, and then hack itself to expose the manipulation?

          • They didn't hack themselves. Again, the peons don't always do what they are supposed to.

            But one might as well take advantage of an opportunity. So time for some old-fashioned red-baiting.

      • by JustNiz ( 692889 )

        The thing about the big corporates is they will always waste a disproportionately large amount of money on risk mitigation.

      • Strange, I posted something like this and it disappeared... anyway...

        Because some rich and powerful will lose the election if they don't hack it.

        Both foreigners and locals buy American politicians (there are reports from both R and D). But now that hacking is allowed, that might not be enough, for anyone.
        Why would the people that are used to rigging elections in the traditional way steer from the "alternate" method now that it exists and is available for anyone?

        In other words: anyone seriously interested in

    • Call me a paranoid conspiracy theorist but wouldn't this be more likely to be at least sponsored domestically?

      Foreign hackers could be hired by domestic US political interests. Just because the actual attack originated outside the US does not preclude the attack having been funded and ordered by some person/group in the US.

      Maybe that's why Hillary Clinton has been so determined to scrub her email history from her stint as SoS. She would have been in the perfect position and had the perfect opportunity to make the necessary foreign contacts and arrangements to set something like this up.

      Maybe this is part of what Ju

      • by JustNiz ( 692889 )

        I didn't think of the Assange angle (interesting thought) but the "Foreign hackers hired by Hillary" thing was pretty much exactly what I was getting at.

  • Why does ANY of this information need to be on networks with Internet access?

    I'm betting the real reason is so that both parties can more easily harvest that data for electoral gain. Public Servants, my copious backside.
    • Yes, that's exactly why.

      In Ohio you can download the registered voter file [state.oh.us] any time you want. It's all public record. No hacking needed. It includes name, DOB, address, party registration (if applicable), and which elections you voted in back to about 2004.

  • I used to subscribe to comp.risk (usenet), article after article was about the vulnerability of electronic voting.
    https://en.wikipedia.org/wiki/... [wikipedia.org]

    It's real situation that is only going to get worse.

  • by Rob_Bryerton ( 606093 ) on Monday August 29, 2016 @04:13PM (#52792055) Homepage

    FBI Says Foreign Hackers Breached State Election Systems

    So anyone who believes ANYTHING the FBI says, at this point in time especially, is a complete moron. Instead, let's apply the "FBI Says" headline filter to the text, and observe the results.

    FBI Lackeys Breached State Election Systems. Blames Foreign Hackers

    Now, that's much more believable, right? Sorry FBI, you have absolutely ZERO credibility. Anyone with more than a few functional neurons KNOWS that the likelihood of anything you say being an outright fabrication or lie approaches 100%.

It's currently a problem of access to gigabits through punybaud. -- J. C. R. Licklider

Working...