Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Government Privacy United States Politics

Russian Hack of Elections System Was Far-Reaching, Senate Intel Committee Report Finds (npr.org) 365

An anonymous reader quotes a report from The New York Times: The Senate Intelligence Committee concluded Thursday that election systems in all 50 states were targeted by Russia in 2016 (Warning: source may be paywalled; alternative source), largely undetected by the states and federal officials at the time, but at the demand of American intelligence agencies the committee was forced to redact its findings so heavily that key lessons for the 2020 election are blacked out. Even key findings at the beginning of the report were heavily redacted. It concluded that while there is no evidence that any votes were changed in actual voting machines, "Russian cyberactors were in a position to delete or change voter data" in the Illinois voter database. The committee found no evidence that they did so. While the report is not directly critical of either American intelligence agencies or the states, it described what amounted to a cascading intelligence failure, in which the scope of the Russian effort was underestimated, warnings to the states were too muted, and state officials either underreacted or, in some cases, resisted federal efforts to offer help.
This discussion has been archived. No new comments can be posted.

Russian Hack of Elections System Was Far-Reaching, Senate Intel Committee Report Finds

Comments Filter:
  • Duh (Score:4, Interesting)

    by Ol Olsoc ( 1175323 ) on Friday July 26, 2019 @08:03AM (#58990268)
    The American voting system is trivial to hack. In fact, it is a good example of how back doors for one group's use are easily exploitable by others.
    • Re: (Score:2, Insightful)

      So the voting system has always been hackable, but was OK before Trump was elected, and based on the outcome of the next election, will be OK again (if he isn't elected) or not OK (if he is elected?). Amazing how that works. I hate Trump, but this is all nonsense.

      • by XXongo ( 3986865 ) on Friday July 26, 2019 @08:26AM (#58990414) Homepage

        So the voting system has always been hackable, but was OK before Trump was elected

        no.

        Up until the 2016 election, there hadn't actually been a professional, well-supported enemy organization that had the explicit aim of disrupting the American election.

        The system may have been hackable before this, but up to 2016 there hadn't been evidence of the organized attack on it. Now there is.

        (and, the voting systems had been getting easier and easier to hack as they became more computerized. Before about 2000, voting records would have been harder to hack because it would have required breaking into 10,000 offices to get at the file cabinets of 3x5 cards and piles of binders holding the registration information. Hard to do from Russia.)

        • Up until the 2016 election, there hadn't actually been a professional, well-supported enemy organization that had the explicit aim of disrupting the American election.

          And yet...

          From TFS: "It concluded that while there is no evidence that any votes were changed in actual voting machines"

          So, it might be more correct to say that "the Russians wanted to make us not trust election results, without actually doing anything to alter election results."

          IOW, in spite of us electing a President that is annoying at

          • by XXongo ( 3986865 )

            Up until the 2016 election, there hadn't actually been a professional, well-supported enemy organization that had the explicit aim of disrupting the American election.

            And yet...

            From TFS: "It concluded that while there is no evidence that any votes were changed in actual voting machines"

            Correct. They probed the election system repeatedly, but their hacking didn't change any votes in 2016. That was their freshman effort. But we can be pretty certain that they're going to try again... and they are getting more sophisticated.

          • by Nidi62 ( 1525137 )

            Up until the 2016 election, there hadn't actually been a professional, well-supported enemy organization that had the explicit aim of disrupting the American election.

            And yet...

            From TFS: "It concluded that while there is no evidence that any votes were changed in actual voting machines"

            So, it might be more correct to say that "the Russians wanted to make us not trust election results, without actually doing anything to alter election results."

            IOW, in spite of us electing a President that is annoying at best, it wasn't anyone's fault but our own....

            Or they wanted to make sure their exploits worked or were planning for future attacks. Also, as I posted in a thread lower down, I can break into your house, sit on the sofa and watch some TV, but as long as I don't steal anything or crack open one of your beers there's no problem? You still have a known and proven security vulnerability that should be fixed.

            • I can break into your house, sit on the sofa and watch some TV, but as long as I don't steal anything or crack open one of your beers there's no problem?

              It's called "illegal entry". It's a crime. If you "broke in" (as opposed to finding a door open and entering"), then it's a more severe crime.

              You still have a known and proven security vulnerability that should be fixed.

              Yeppers. Actually, we have at least 50 such systems, since our elections (yes, even the national ones) are run by the individual Stat

              • by XXongo ( 3986865 )

                But can we get off the "Trump didn't REALLY win the election because Russian hackers!" bandwagon?

                except that the report we're discussing doesn't say "Trump didn't really win because of Russian hackers", and none of the commentators here are saying "Trump didn't really win because of Russian hackers".

                A lot of comments posted here are indeed saying "we hate Trump", but the argument that the Russian hackers changed the election is simply not being made. You're attacking an argument nobody is making.

      • this is all nonsense.

        No, it isn't nonsense. It's a real problem. It's never been "OK".
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      The American voting system is trivial to hack. In fact, it is a good example of how back doors for one group's use are easily exploitable by others.

      And heaven forbid you dare to expect voters to actually identify themselves as the person eligible to vote.

      Funny how the people all apoplectic over "Russians hacked our election!" seem to be the ones who jump to calling someone RAAAAACIS' just for expecting positive voter id - something the UN requires for "free and fair elections" [ipu.org]:

      Ensure the integrity of the ballot through appropriate measures to prevent multiple voting or voting by those not entitled thereto;

      • And heaven forbid you dare to expect voters to actually identify themselves as the person eligible to vote.

        Quite the different story. I fully support a phased in voter ID effort, where you get a voter ID card with your picture on it when you register. There are some issues, and they are big ones. The first issue is that the Voter ID business is brought up at every election, as a touchstone, like abortion or flag burning or the pledge of Allegiance. Always as fear that chocolate people or communistical leeeburuls are going to steal the election.

        The other thing is, I've had a voter ID for so many years, it's fal

    • Not all states (or even regions) use the same system. I get a paper ballot that is speed counted by a machine. But if the machine reformats itself the paper ballots are still there.

    • Nothing has changed (Score:5, Interesting)

      by tomhath ( 637240 ) on Friday July 26, 2019 @08:54AM (#58990614)

      "Russian cyberactors were in a position to delete or change voter data" in the Illinois voter database.

      Kennedy was elected in 1960 in large part thanks to all the vote fraud in Chicago orchestrated by Mayor Daley. [wikipedia.org] Can you think of any other politicians who live in Chicago?

      • by XXongo ( 3986865 )
        So, what you're saying that the only credible allegation of election fraud that you can find was a charge by Republicans that Democrats committed election fraud 60 years ago.

        OK.

      • by swell ( 195815 )

        "Can you think of any other politicians who live in Chicago?"

        Actually, yes. Colonel Jacob Arvey, who led the Democratic National Committee and was my boss at the time. He was close to Daley and he was very close to Israel. Though he was never elected to anything and quite unknown to the public, he was a powerful actor behind the scenes. Mayor Daley was an interesting character but didn't have the power or skill to manipulate a presidential election. It was mostly Arvey who put Kennedy in the White House.

    • Re:Duh (Score:4, Insightful)

      by hey! ( 33014 ) on Friday July 26, 2019 @08:56AM (#58990626) Homepage Journal

      It's far from trivial to hack *as a whole*, because it's decentralized. Each of the 50 states oversees its own elections and delegates running the elections to more local bodies.

      In my state we use paper ballots that are electronically tabulated. We get results just as fast as with voting machines, has shorter lines at the polling places (because we aren't limited by machines available), and if there is ever a shockingly unexpected result we can audit it, or even do a hand recount. Good luck hacking that.

      But what's trivial is to find a swing state with no paper audit trail and mess with them. That could easily be fixed by mandating paper ballots with electronic tabulation, which is safer, faster, and cheaper than voting machines.

      But even if you lock down voting systems, there are other ways to tamper with elections. You can mess with voter registration databases, creating long lines in precincts which tend to favor a candidate you want to lose. Creating long lines and otherwise inconveniencing voters you don't want to vote is a favorite strategy of *domestic* election tamperers, because as long as hard evidence of their intent doesn't surface they won't face prosecution.

      • by Ogive17 ( 691899 )
        I'm in Ohio. A few national election cycles ago I was voting on a Diebold machine and the paper ballot backup was jammed, so it was not registering my votes in this manner. I brought it up to the polling officials.. they just shrugged and said there was nothing they could do. It's annoying to me as I will vote best candidate (in my opinion) and not simply down party lines (like 80% of voters).
    • by necro81 ( 917438 )

      The American voting system is trivial to hack

      I disagree with this assertion, and even your choice of words.

      There is no "American voting system" in the sense of a single unified structure through which all elections are administered. In the U.S., voting is executed at the state and local level, through a complicated mishmash of state-level administrative systems (like voter roles) that are implemented by county and municipal officials. The election "hardware" (i.e., registration log books, ballot ge

    • Comment removed based on user account deletion
  • by Anonymous Coward

    You think that would have happened on my watch or Barack's watch? You can't answer that, but I promise you it wouldn't have, and it didn't. [realclearpolitics.com]

    So, per Joe Biden, all this "Russian election hacking" is just fake news.

  • by mschaffer ( 97223 ) on Friday July 26, 2019 @08:31AM (#58990450)

    Thanks to everyone wanting to see the final election results on the 11 pm news our election system has been compromised. We should go back to mechanical voting machines and paper ballots.

  • by Anonymous Coward

    This happened when Obama was President.

    If the Deep State (CIA, NSA etc) had been focused on Russia instead of spying on Trump, they might have done something about this.

    I don't know which is worse, the Russians or the non-elected bureaucrats who keep trying to influence the elections.

  • It's been said during the Cold War where it had proxy wars, dangers of nuclear war, etc. but at least Americans generally would work together. Nowadays it may be more dangerous because we are fighting each other.

    A documentary about a journalist couple that were able to get out of a Warsaw Pact country, Yugoslavia I think, which she said when USSR collapsed Putin left E. Germany with not much show for his efforts except a 12 year old washer. That left an impression on him as he moved up into power. Then ye

  • Redacted?
    But it had to be Russia and we can read all about it now in real time?
    If its "heavily redacted" AC we don't have anything new AC.
    People all over the USA went to vote AC. They voted in a way that did not fit in with the results expected by the "media" and big "tech".
    Why AC?
    One side of politics had a winner that talked in person all over the USA.
    Another side of politics stayed out of many states and still expected to win.
    The ability to be seen talking on real topics all over the USA was a hint
  • Secure process (Score:5, Interesting)

    by edi_guy ( 2225738 ) on Friday July 26, 2019 @09:28AM (#58990876)

    After the 2000 election fiasco I was a strong proponent of digitizing the whole thing. "Why the heck do we have to go through this nonsense, we can know the results almost instantly" But over time as I saw how ridiculously bad the security was on election machines, the true incompetence of local election officials, and all of that I've reversed course.

    I'm either for a moonshot style effort of making the most secure, transparent, digital voting process possible...heck using quantum crypto or whatever. Or, paper ballots. The latter is annoying, but intrinsically safer due to the distributed nature, and essentially air-gapping. Well worth the miniscule cost and annoyance. The former I would only do if it were carried out literally like an Apollo project where you are pulling experts from many fields to put something new together. And not in secret, but out for the whole world to see and try to crack. And not running Windows ME.

    • I must laugh at the meme here on slashdot that paper ballots are wonderful and secure. Here in Chicago, they've been fixing elections with those for over a century. Easy and trivial to hijack a paper ballot election.

    • by MTEK ( 2826397 )

      If it's not already done (I'm guessing not), contractors who provide the voting machines should have their security practices and equipment (hardware/software) audited by a competent third party.

    • Re:Secure process (Score:4, Interesting)

      by swillden ( 191260 ) <shawn-ds@willden.org> on Friday July 26, 2019 @10:33AM (#58991272) Journal

      After the 2000 election fiasco I was a strong proponent of digitizing the whole thing.

      After the 2000 election I -- and probably every other security engineer and researcher, including hundreds of prominent ones who signed an open letter -- strongly opposed electronic voting. At that time we had no clue whatsoever about how to build secure electronic voting systems. Between then and now there's been a significant amount of research into the topic, and we're starting to get some idea, but I think we're still not there.

      What has come out of the research between then and now that we absolutely should implement is ideas for end-to-end auditable voting [wikipedia.org] systems. These designs are a result of applying the mindset and methods of cryptographic research to voting. The basic idea is that it should not be necessary to blindly trust any element of the voting process, particularly the counting. It should be possible for every voter to verify that their vote was counted correctly (but not in a way that allows them to prove how they voted to any third party, to prevent coercion and vote buying), and it should be possible for the candidates and any interested third party willing to do the work to verify that no votes were inserted.

      These E2E verifiable voting designs are still paper-based, though with a lot of computing -- and a lot of math -- used in the ballot generation and counting. Perhaps someday future research will enable verifiable and anonymous electronic voting (I'm not holding my breath; it seems to me there are some fundamentally intractable obstacles), but in the meantime we should seriously investigate use of the E2E schemes. One of them, Scantegrity [wikipedia.org], has been used in some real municipal elections in Maryland, with good results.

      How about this time we actually listen to security researchers and professionals, and take the approach they recommend?

  • ...NPR this morning was talking about it.

    OK first, it's clear that the media *had* to find some alternative narrative after the Mueller hearings, which didn't deliver the sticky-poo that they'd hoped it would.

    So now we're back to "Russians manipulating our elections!". Some observations in no particular order:

    - originally, this narrative was "Russians hacked our voting machines"* promulgated by the Clinton campaign to explain how Hillary lost when she was assumed to be an automatic victor...when this was b

  • by littlewink ( 996298 ) on Friday July 26, 2019 @10:59AM (#58991526)

    Just b/c someone, from an ip address in Russia, loads a page from a machine in the USA belonging to an election system does not mean that anyone was "hacked", or that anyone was trying to change election results, or, in fact, anything at all!

    There are many robot systems the world over that scan all reachable web sites, scraping web pages for at least as many reasons as there are persons in the world. None of these is necessarily malevolent, none of them necessarily Russian hackers.

    Quit being fucking paranoid!

    The report states:"The committee and Department of Homeland Security have said Russian-affiliated hackers probed the election systems of 21 states. Officials say there's no evidence that vote tallies were changed."

    Of course, to the paranoid, that doesn't mean that vote tallies weren't changed. But before making claims, how about providing some minuscule, microscopic, real trace of what we call "evidence", of serious hacking with the intent to change an election - some smoking gun, and especially, a bullet and a dead body (speaking metaphorically) if you can find one!

"Conversion, fastidious Goddess, loves blood better than brick, and feasts most subtly on the human will." -- Virginia Woolf, "Mrs. Dalloway"

Working...