No, a Teen Did Not Hack a State Election (propublica.org) 73
Headlines from Def Con, a hacking conference held this month in Las Vegas, might have left some thinking that infiltrating state election websites and affecting the 2018 midterm results would be child's play. Articles reported that teenage hackers at the event were able to "crash the upcoming midterm elections" and that it had taken "an 11-year-old hacker just 10 minutes to change election results." A first-person account by a 17-year-old in Politico Magazine described how he shut down a website that would tally votes in November, "bringing the election to a screeching halt." But now, elections experts are raising concerns that misunderstandings about the event -- many of them stoked by its organizers -- have left people with a distorted sense of its implications. From a report: In a website published before r00tz Asylum, the youth section of Def Con, organizers indicated that students would attempt to hack exact duplicates of state election websites, referring to them as "replicas" or "exact clones." (The language was scaled back after the conference to simply say "clones.") Instead, students were working with look-alikes created for the event that had vulnerabilities they were coached to find. Organizers provided them with cheat sheets, and adults walked the students through the challenges they would encounter. Josh Franklin, an elections expert formerly at the National Institute of Standards and Technology and a speaker at Def Con, called the websites "fake." "When I learned that they were not using exact copies and pains hadn't been taken to more properly replicate the underlying infrastructure, I was definitely saddened," Franklin said. Franklin and David Becker, the executive director of the Center for Election Innovation & Research, also pointed out that while state election websites report voting results, they do not actually tabulate votes. This information is kept separately and would not be affected if hackers got into sites that display vote totals.
Yes Uri (Score:1)
Yeh sure, the election wasn't hacked, those hacked emails were all nothingburgers and Slashdot wasn't deluged with a bunch of "Texas Houswives" suddenly concerned about "Bengazi".
Also computers never get hacked, even modern ones, Windows XP used in these old voting machines without paper trials has stood the test of time. No need to add any kind of paper trail, or test their security, since mother time has tested it for you!
Also Russian asbestos is totally tasty and edible and should be used as a filler in
Re:Yes Uri (Score:5, Insightful)
Yeh sure, the election wasn't hacked
You have evidence it was? Please share, I have seen no evidence in the mainstream press, just speculation.
those hacked emails were all nothingburgers
Hacking into the email of a political party is not "hacking the election", see, the elections are run by the states, and a political party has no part in the running of an election.
Your spewage on Windows XP, paper trails, and Russian Asbestos don't merit a response.
The Hillary Campaign tried to run a very different, data-driven campaign in 2016 than candidates had previously employed, and her campaign's data told her there was no need to visit several "blue wall states" in the general election, that she should instead maximize her fund-raising on either coast.
Hillary lost (or Trump won) because of simple mistakes made by her campaign, nothing more - but rather than accept that simple fact, we are spending countless millions of dollars investigating opposition research put together by the losing candidate in the last election (at a cost of millions of dollars) because her supporters are too butt-hurt to accept that "the smartest, most prepared woman" ran a lousy campaign and lost.
Re: Yes Uri (Score:1)
Re: Yes Uri (Score:1)
This is slashdot FFS (Score:1)
Linux geeks and programmers on Slashdot, we known damn well they hacked the website, not the voting machine and we also know damn well that any voting machine without a paper audit trail, reports whatever the votes the Russian hacker says it should report.
Stop the PR effort against auditability, and help get the last of the states still using non-auditable voting machines to get their shit together.
There should *not* be a single voting machine now that cannot be audited, yet Florida and Pennsylvania, both s
Re: (Score:2)
Stop the PR effort against auditability, and help get the last of the states still using non-auditable voting machines to get their shit together.
Simple question - Imagine you are running an election, and you have electronic polls that create and audit trail and a tally. What do you do when the total and the audit trail don't match?
If you always trust the audit trail, then why have the automated tally?
Lying in a "good" cause (Score:5, Insightful)
Sometimes people feel so strongly about a cause, for example the dangers of electronic voting, that they think its ok to distort information or even outright lie for that cause. Its becoming very common - and I think its always wrong.
Re: (Score:1)
It's not about the dangers of electronic voting. Democrats don't care about that - you can tell because their bills for "securing" the election are never about the voting machines but instead about hiring private contractors to secure servers "against foreign cyber threads" AKA "Russian hackers."
This has nothing to do with showing flaws with voting machines. If it did, they would be hacking voting machines. No, this is part of a continued left-wing effort to convince people that our elections are fraudulent
Re: (Score:2)
Sometimes people feel so strongly about a cause, for example the dangers of electronic voting, that they think its ok to distort information or even outright lie for that cause.
We see this play out all the time in the mainstream press, how many "racist/homophobic/sexist customer" insulted me on the CC receipt claims have proven to be false? How about the black students that put nooses around campus to alert everyone to the rampant racism on campus? Or the lesbian couple that wrote anti-homosexual slurs on their own garage door, to prove their neighbors were anti-gay? The list, literally goes on and on.
The latest trend is for elected officials to claim police harassment/mistreatmen
I actually said this the first time... (Score:3)
While the organizers of the event themselves stoked the misunderstanding, everything about it smelled like a kids hacking competition with an election theme rather than a real thing. Even if you assumed that the headliner child was some sort of once in a lifetime super genius, it certainly wouldn't have been the case for the majority of the participants to succeed, which did occur.
If the real thing were so trivial so that an 11 year old could casually do it, then one of the *huge* number of veteran security researchers would have found those problems for real in the real sites.
Re: (Score:1)
Re: (Score:2)
It was "Day of Code" meets "Election Hacking" - the kids were all but handed step-by-step instructions on how to "compromise" the websites in question - websites which apparently were little more that public results websites, the hacking of which proves nothing.
But...but...11-year-old hackers! (Score:2)
You mean an 11-year-old boy and 11-year-old girl didn't just hack all-der-voting-machines with their mad-crazy l33t hacking skills alone?!?
You lied to me AGAIN, media! DAMN YOUR HOUSE OF LIES!
Re: (Score:2)
I don't think you quite grasp the degree to which how many Americans have literally no voice in things.
Gerrymandering only impacts House elections and state assembly and other local elections, gerrymandering has no impact on Senate or Presidential races, where state electoral votes are assigned based on the state-wide totals each candidate receives.
Your willingness to declare your vote meaningless in all elections is interesting, I suspect it is you that doesn't quite grasp how the election process works.
No "THIS ONE THING" can defeat an election (Score:4, Informative)
As I commented in another thread on election security, unless you have run an actual election, you probably don't appreciate the sheer scale of what's involved in securing an election. I am an election officer in Virginia. Let me shed some light on the subject.
An election is a massively live event involving hundreds of millions of individuals spread out over 7 time zones (don't forget Guam) and an entire continent-sized geographic area.
51 independent elections are held, each with their own rules of procedure, equipment, and personnel, with the exception of some common rules for federal elections.
Within these 51 elections there are thousands of individual voting precincts where the actual votes are counted. Each one of those 51 x 000s precincts are under the complete supervision and control of volunteers. No politician or government worker ever administers the casting of a vote. This is done by your neighbors, a veritable small army of people.
A voter can only vote in the same physical place where they are a resident. You cannot vote remotely.
Before you can cast your vote, in most states you must prove your identity and residency. In all states, this process is entirely disconnected from the actual casting of a ballot.
Except in two states that allow mail-in voting (shame on them), your vote is completely private. No one can force you to vote against your conscience. No one can force you to prove how you voted.
The threat surface of such an undertaking is massive. There is the possibility of fraud in registering voters. There is possible fraud in selecting and configuring equipment. There is possible fraud in authentication. There is possible fraud in training (or lack thereof). There is possible fraud in counting. There is possible fraud in administration and reporting. And on and on.
There is no "this one thing" that can defeat an election. To successfully throw an election is a non-trivial task of monumental proportions. Of course that doesn't stop people from trying.
The gold standard preventative tools we use to secure a vote are:
- Contemporaneous, independent protocols recording the votes, such as scanned paper ballots, hourly running call logs of the number of voters voting, and duplicate end-of-day reports placed under court custody
- 100% Chain-of-custody controls of equipment
- Black-box testing
- Training, training, training
- Aggressive de-duplication and data cleansing.
Anyone who tells you that some 11 year-old can "throw" an election with a hack on some copy of a reporting web site is just trying to sell you something or gain some internet fame.
Re: (Score:3)
What most of us advocate is that the electronic machines print a paper receipt which the voter verifies, then drops in a secure ballot box.
This is called a paper ballot - what is the purpose of the machine?
That way even if a 100% reliable and undetectable hack occurs, there's an audit trail which will reveal the fraud and provide an accurate vote count.
So, you take the electronic results, tally up your "audit trail" (paper ballots) and compare the numbers, and if there is a discrepancy always trust the "audit trail" (paper ballot)? WTF? Why bother with the voting machines at all, just hand out paper ballots and count them up?
Re: No "THIS ONE THING" can defeat an election (Score:1)
Re: (Score:2)
The purpose of a paper ballot is to have a voter-verifiable record.
The purpose of scanning is to reduce the enormous error rate of hand-counted ballots down as far as possible. As a freebie, you also get a second contemporaneous record in the form of the scan image.
What makes this imperfect is that human beings still have to mark the paper, and the error rate on that is thousands of times greater than the error rate of scanning.
In a perfect world, the humans would be using computers to perfectly mark a ball
Re: (Score:2)
"But you're mistaken about election security. You don't need to hack the entire thing, only a relatively small number of key precincts... "
But WHICH precincts are "key"? You mean the ones in Florida, Pennsylvania, Wisconsin, and Michigan? The Blue Wall that was supposed to protect Clinton in 2016?
If throwing an election were as easy as you say, then President Trump would not be President Trump today.
Re: (Score:1)
There is no "this one thing" that can defeat an election.
No, you need two things; "this one thing" plus illegal halting of a legitimate recount.
11 year old hackers (Score:4, Insightful)
Only exist in film.
Re: (Score:2)
Oh come on now. Don't ya know they're so skilled they can hack the Gibson.
Re: (Score:2)
Are you suggesting that all the 11 year olds who get in trouble for hacking their school computers are all just victims of some vast conspiracy?
Is it aliens? Please tell me it has aliens.
Don't know what they were reading... (Score:2)
...Headlines from Def Con, a hacking conference held this month in Las Vegas, might have left some thinking ...
... but all the articles I read on the topic left me with the impression that it was a duplicate copy of the election system, not the real, live election system itself.
Re: (Score:2)