reSee.it - Related Post Feed
@listen_2learn - The Researcher
Thread with clips from a conference on how the 2016 election was rigged. How would you hack a presidential election? I’m guessing these partisan election experts had a hand in the 2020 election because they disappeared afterwards, but they will soon be back. https://t.co/pDHfioOBV8
@listen_2learn - The Researcher
By December 13, 2016, if there was fraud, it had to be exposed by this date in order to have any hope of changing the outcome of the election. Hillary Clinton. Election denier and conspiracy theorist. https://t.co/ZAna9mQC0s
@KanekoaTheGreat - KanekoaTheGreat
Hacking America's Election System 1 hour of computer scientists, election security experts, and Senate Democrats talking about how easy it is to hack voting machines. @KariLake @katiehobbs @GenFlynn @realMikeLindell @bgmasters @PatrickByrne @JackPosobiec @DavidSacks @elonmusk https://t.co/sH4Ft0iMsB
@KanekoaTheGreat - KanekoaTheGreat
🚨BREAKING: Explosive video surfaces of FOX News stars Tucker Carlson, Laura Ingraham, and Sean Hannity slamming Trump's "insane" voting machine fraud allegations as "absurd," "ridiculous," and "complete BS"!
@KanekoaTheGreat - KanekoaTheGreat
#2 All electronic voting equipment can easily be hacked because all such equipment must receive programming before each election from memory cards prepared on election management systems which are computers often connected to the internet running out-of-date versions of Windows. If a county election management system is infected with malware, the malware can spread from that system to the USB drives, which then would transfer it to all the voting machines, scanners, and ballot-marking devices in the county. Most U.S. election systems are programmed by local county election officials or third-party vendors, who plug previously-used USB drives into computers connected to the internet before plugging those same USB drives into the optical scanners, tabulators, and voting machines that collect, count, and determine election results.
@KanekoaTheGreat - KanekoaTheGreat
#3 In 2019, the Associated Press reported that the vast majority of 10,000 election jurisdictions nationwide, including numerous swing states, were still using Windows 7 or older operating systems to produce ballots, program voting machines, count votes, and report results. Windows 7 officially reached its “end of life” on Jan. 14, 2020, meaning Microsoft stopped providing technical assistance or producing “patches” to address software vulnerabilities. https://apnews.com/article/operating-systems-ap-top-news-voting-voting-machines-pennsylvania-e5e070c31f3c497fa9e6875f426ccde1
@KanekoaTheGreat - KanekoaTheGreat
#4 Furthermore, not only are U.S. elections being programmed on computers running out-of-date software, but voting machine manufacturers have also installed remote-access software and wireless modems connecting voting machines directly to the internet. NBC News reported ten months before the 2020 election that ES&S, the largest U.S. election machine vendor, had installed at least 14,000 modems to connect their voting machines to the internet, even though many election security experts had previously warned that voting machines with modems were vulnerable to hackers. https://nbcnews.com/politics/elections/online-vulnerable-experts-find-nearly-three-dozen-u-s-voting-n1112436
@KanekoaTheGreat - KanekoaTheGreat
#5 Dominion Voting Systems, the second-largest U.S. election machine vendor, which has given public presentations acknowledging their use of modems in their voting machines, was also discovered to be running remote-access software during the 2020 election: In Georgia, 20-year election worker, Susan Voyles, testified that Dominion Voting Systems employees “operated remotely” on her ballot-marking devices and poll pads after the team experienced some technical problems with their machines. In Wisconsin, the Office of Special Counsel (OSC), headed by former state Supreme Court Justice Michael Gableman, also found that Dominion and ES&S voting machines were online and connected to the internet. In Michigan, attorney and Secretary of State candidate Matt Deperno, discovered a Telit LE910-SV1 modem chip embedded in the motherboard of an ES&S DS200 voting machine. Through these modems, hackers could theoretically intercept results as they’re transmitted on election night — or, worse, use the modem connections to reach back into voting machines or the election management systems to install malware, change software, or alter official results. Therefore, not only are hackers able to penetrate elections through vulnerable USB cards and election management systems but also through the very voting machines themselves.
@KanekoaTheGreat - KanekoaTheGreat
#6 This isn’t a problem exclusive to elections — all computers are hackable — and that is why election security experts have always recommended the use of hand-marked paper ballots and rigorous post-election audits. This also isn’t a partisan issue; both Democrats and Republicans are well aware of the secrecy, privatization, and hackable hardware and software that runs America’s elections. After the 2016 election, Clinton supporters and the corporate media would spend the next four years talking about how compromised America’s computerized voting system was. Sen. Ron Wyden, Sen. Amy Klobuchar, and Sen. Kamala Harris held numerous congressional hearings where they explained how easy it was to hack voting machines, how simple it was to locate unattended voting machines, and how numerous voting machines were connected to the internet. After the 2020 election, Trump supporters were censored and de-platformed (I was banned from Twitter) for pointing out the very same anomalies and vulnerabilities that Democrats and the corporate media had spent the last four years discussing. Regardless of politics, these problems are very real, they still exist today, and they are best explained by the computer scientists who have spent the last two decades researching them.
@KanekoaTheGreat - KanekoaTheGreat
#7 Professor Matt Blaze of Georgetown University's Computer Science Department provided testimony on the vulnerabilities of the United States' election system during a congressional hearing titled "2020 Election Security" on January 9, 2020: “I come here today as a computer scientist who spent the better part of the last quarter century studying election system security… To be blunt, it’s a widely recognized really indisputable fact that every piece of computerized voting equipment in use at polling places today can be easily compromised in ways that have the potential to disrupt election operations, compromise firmware and software, and potentially alter vote tallies in the absence of other safeguards. This is partly a consequence of historically poor design and implementation by equipment vendors, but it’s ultimately a reflection of the nature of complex software. It’s simply beyond the state of the art to build software systems that can reliably withstand targeted attacks by a determined adversary in this kind of environment… Just as we don't expect the local sheriff to singlehandedly defend against military ground invasions, we shouldn't expect county election IT managers to defend against cyber attacks by foreign intelligence services.”
@KanekoaTheGreat - KanekoaTheGreat
#8 Professor J. Alex Halderman of the University of Michigan's Computer Science Department provided testimony on the vulnerabilities of the United States' election system during a congressional hearing titled "Russian Interference in U.S. Elections" on June 21, 2017: “I’m a professor of computer science and have spent the last ten years studying the electronic voting systems that our nation relies on. My conclusion from that work is that our highly computerized election infrastructure is vulnerable to sabotage and even to cyber attacks that could change votes... I know America’s voting machines are vulnerable because my colleagues and I have hacked them repeatedly as part of a decade of research studying the technology that operates elections and learning how to make it stronger. We’ve created attacks that can spread from machine to machine like a computer virus and silently change election outcomes. We’ve studied touch screen and optical scan systems, and in every single case, we’ve found ways for attackers to sabotage machines and steal votes… In close elections, an attacker can probe the most important swing states or swing counties, find areas with the weakest protection, and strike there. In a close election year, changing a few votes in key localities could be enough to tip national results.”
@KanekoaTheGreat - KanekoaTheGreat
#9 Professor Andrew Appel of Princeton University's Computer Science Department provided testimony on the vulnerabilities of the United States' election system during a congressional hearing titled "Election Cybersecurity" on September 28, 2016: “Installing new software is how you hack a voting machine to cheat. In 2009, in a courtroom of the superior court of New Jersey, I demonstrated how to hack a voting machine. I wrote a vote-stealing computer program that shifted votes from one candidate to another. Installing that vote-stealing program in a voting machine takes seven minutes per machine with a screwdriver. But really, the software I built was not rocket science. Any computer programmer could write the same code. Once it’s installed, it could steal elections without detection for years to come… Other computer scientists have demonstrated similar hacks on many models of machines. This is not just one glitch from one manufacturer of machines; it’s the very nature of computers. So how can we trust our elections when it is so easy to make the computers cheat?”
@KanekoaTheGreat - KanekoaTheGreat
#10 Senator Ron Wyden provided testimony on the vulnerabilities of the United States' election system during a congressional hearing titled "Election Security" on July 15, 2019: "The vast majority of ten thousand election jurisdictions nationwide use election management systems that run on old software that is soon going to be out-of-date and ripe for exploitation by hackers, according to an exhaustive analysis by the Associated Press. Pennsylvania, Wisconsin, Michigan, Florida, Iowa, Indiana, Arizona, and North Carolina, among others, are all at risk. Even the State of Georgia, which passed legislation to buy new voting machines, is on track to buy equipment that suffers from significant cyber security weakness. Our elections weren't secure last week, and they sure as heck aren't secure this week, and anybody who says otherwise is either selling you voting machines or simply has malicious intent towards our elections. 43% of American voters use voting machines that researchers have found have serious security flaws, including back doors. These companies are accountable to no one. They won’t answer basic questions about their cyber security practices. And, the biggest companies won’t answer any questions at all. Five states have no paper trail, and that means there is no way to prove the numbers the voting machines put out are legitimate. So much for cyber security 101."
@KanekoaTheGreat - KanekoaTheGreat
#11 Senator Elizabeth Warren published an article on her website on the vulnerabilities of the United States' election system titled "Strengthening Our Democracy" on June 25, 2019: "The harsh truth is that our elections are extremely vulnerable to attack: Forty-two states use voter registration databases that are more than a decade old. Laughably, in 2019, some still use Windows 2000 and Windows XP. Twelve states still use paperless machines, meaning there’s no paper trail to verify vote counts. Some states don’t require post-election audits. And ten states don’t train election officials to deal with cybersecurity threats." https://web.archive.org/web/20190917015401/https://elizabethwarren.com/plans/strengthening-democracy
@KanekoaTheGreat - KanekoaTheGreat
#12 In Dec. 2019, Senators Elizabeth Warren, Amy Klobuchar, Ron Wyden, and Mark Pocan sent letters to the three private equity firms that own the largest voting machine companies in the US expressing their concern about the industry's "vulnerabilities" and "lack of transparency." https://web.archive.org/web/20200119083321/https://www.warren.senate.gov/imo/media/doc/H.I.G.%20McCarthy,%20&%20Staple%20Street%20letters.pdf
@KanekoaTheGreat - KanekoaTheGreat
#13 Following Hillary Clinton's defeat in the 2016 election, the corporate media dedicated the next four years to writing hundreds of articles about the extent to which the United States' election system is online, compromised, and vulnerable to hackers. https://kanekoa.substack.com/p/110-articles-affirm-americas-computerized
@KanekoaTheGreat - KanekoaTheGreat
#14 The Guardian: Voting machine password hacks as easy as 'abcde' (April 15, 2015) “Touchscreen WinVote voting machines used in numerous elections between 2002 and 2014 used “abcde” and “admin” as passwords and could easily have been hacked from the parking lot outside the polling place, according to a state report… Anyone within a half mile could have modified every vote, undetected…the version of Windows operating on each of them had not been updated since at least 2004, that it was possible to “create and execute malicious code” on the WINVote and the level of sophistication to execute such an attack is low.” https://www.theguardian.com/us-news/2015/apr/15/virginia-hacking-voting-machines-security
@KanekoaTheGreat - KanekoaTheGreat
#15 New York Times: Millions of Voter Records Posted, and Some Fear Hacker Field Day (Dec. 30, 2015) “First and last names. Recent addresses and phone numbers. Party affiliation. Voting history and demographics. A database of this information from 191 million voter records was posted online over the last week, the latest example of voter data becoming freely available, alarming privacy experts who say the information can be used for phishing attacks, identity theft and extortion. It is not known who built the database, where all the data came from, and whether its disclosure resulted from an inadvertent release or from hacks…states are not taking the security of voter data seriously enough.” https://web.archive.org/web/20210212172828/https://www.nytimes.com/2015/12/31/us/politics/voting-records-released-privacy-concerns.html?_r=0
@KanekoaTheGreat - KanekoaTheGreat
#16 Wired: America’s Electronic Voting Machines Are Scarily Easy Targets (Aug. 2, 2016) “They are old, buggy, and insecure. If someone wanted to mess with the US election, these machines would be an easy way in. Most of these machines are running Windows XP, for which Microsoft hasn’t released a security patch since April 2014…researchers have demonstrated that many of them are susceptible to malware or, equally if not more alarming, a well-timed denial of service attack.”
@KanekoaTheGreat - KanekoaTheGreat
#17 Politico: How to Hack an Election in 7 Minutes (Aug. 5, 2016) “Princeton professor Andrew Appel decided to hack into a voting machine… He summoned a graduate student named Alex Halderman, who could pick the machine’s lock in seven seconds. Clutching a screwdriver, he deftly wedged out the four ROM chips—they weren’t soldered into the circuit board, as sense might dictate—making it simple to replace them with one of his own: A version of modified firmware that could throw off the machine’s results, subtly altering the tally of votes, never to betray a hint to the voter. The attack was concluded in minutes… the machines that Americans use at the polls are less secure than the iPhones they use to navigate their way there. We found the machine did not have any security mechanisms beyond what you’d find on a typical home PC, it was very easy to hack…foreign hackers could attack the state and county computers that aggregate the precinct totals on election night…They could attack digitized voter registration databases…They could infect software at the point of development, writing malicious ballot definition files that companies distribute, or do the same on a software patch… They could FedEx false software to a county clerk’s office and, with the right letterhead and convincing cover letter, get it installed. Even with optical scan voting, it’s not just the voting machines themselves—it’s the desktop and laptop computers that election officials use to prepare the ballots, prepare the electronic files from the OpScan machines, panel voter registration, electronic poll books. And the computers that aggregate the results together from all of the optical scans.” https://www.politico.com/magazine/story/2016/08/2016-elections-russia-hack-how-to-hack-an-election-in-seven-minutes-214144/
@KanekoaTheGreat - KanekoaTheGreat
#18 CBS: Hacker demonstrates how voting machines can be compromised (Aug. 10, 2016) “Concerns are growing over the possibility of a rigged presidential election. Roughly 70 percent of states in the U.S. use some form of electronic voting. Hackers told CBS News that problems with electronic voting machines have been around for years. The machines and the software are old and antiquated. The voter doesn't even need to leave the booth to hack the machine. For $15 and in-depth knowledge of the card, you could hack the vote… There are so many places in the voting process once it goes electronic that's vulnerable. We found that more than 40 states are using voting machines there that are at least 10 years old.” https://www.cbsnews.com/news/rigged-presidential-elections-hackers-demonstrate-voting-threat-old-machines/
@KanekoaTheGreat - KanekoaTheGreat
#19 ABC News: Yes, It's Possible to Hack the Election (Aug. 19, 2016) “Slight meddling in some swing precincts in swing states could tip the scales. If it’s a computer, it can be hacked… if sophisticated hackers want to get into any computer or electronic device, even one that is not connected to the internet, they can do so… In most states the data that are used to determine who won an election are processed by networked, computerized devices… There are almost no locations that exclusively use paper ballots… The process of recording which person got your vote can — almost always — be hacked. Malware can be implanted on voting machines. Almost none of these machines have any kind of malware detection software like those used at major corporations and government agencies. Even if they did, many of those cybersecurity tools are regularly defeated by today’s sophisticated hackers… In America’s often close elections, a little manipulation could go a long way… Smart malware can be programmed to switch only a small percentage of votes from what the voters intended. That may be all that is needed, and that malware can also be programmed to erase itself after it does its job, so there might be no trace it ever happened." https://abcnews.go.com/Politics/hack-election/story?id=41489017
@KanekoaTheGreat - KanekoaTheGreat
#20 The Atlantic: How Electronic Voting Could Undermine the Election (Aug. 29, 2016) “…computer-security experts think electronic voting is a very, very bad idea. For years, security researchers and academics have urged election officials to hold off on adopting electronic voting systems, worrying that they’re not nearly secure enough to reliably carry out their vital role in American democracy. Their claims have been backed up by repeated demonstrations of the systems’ fragility. When the District of Columbia tested an electronic voting system in 2010, a professor from the University of Michigan and his graduate students took it over from more than 500 miles away to show its weaknesses; with actual physical access to a voting machine, the same professor—Alex Halderman—swapped out its internals, turning it into a Pac Man console. Halderman showed that a hacker who has access to a machine before election day could modify its programming—and he did so without even leaving a mark on the machine’s tamper-evident seals…pure electronic voting is simply too dangerous: We must use paper, either directly filled out by the voter or as a voter verifiable paper audit trail…” https://www.theatlantic.com/technology/archive/2016/08/how-electronic-voting-could-undermine-the-election/497885/
@KanekoaTheGreat - KanekoaTheGreat
#21 FOX: Princeton Professor demonstrates how to hack a voting machine (Sept. 18, 2016) “I have demonstrated how to hack the AVC Advantage voting machines that we use in New Jersey... The touch screen voting machine, the type used in about ten states, can be tampered with... By simply swapping the machine's computer chip for his own... I figured out how to make a slightly different computer program that, just before the close of the polls, shifts some votes around from one candidate to another. I wrote that computer program onto a memory chip like this, and now to hack a voting machine, you have to get seven minutes alone with it, with a screwdriver.” https://www.foxnews.com/video/5131074167001#sp=show-clips
@KanekoaTheGreat - KanekoaTheGreat
#22 Fortune: Watch This Security Researcher Hack a Voting Machine (Nov. 4, 2016) “Researchers at cybersecurity startup Cylance said they were able to hack into the Sequoia AVC Edge Mk1, used to count votes in states including California, Florida, and New Jersey, and change the final tally it produced. In Cylance's hacking demonstration, researchers were able to alter the memory of the machine as well as the paper trail it created to change vote counts and precinct records. To pull off the hack, the researchers slipped in a custom PC memory card that overwrote software embedded in the device. Cylance said it had notified Dominion Voting Systems (née Sequoia), the voting machine's maker, and government authorities about the threat.” https://fortune.com/2016/11/04/voting-machine-hack-watch-video-cylance/
@KanekoaTheGreat - KanekoaTheGreat
#23 Vox: Here’s how hackers can wreak havoc on Election Day (Nov. 7, 2016) “Voting machines are old and vulnerable, and voter databases are connected to the internet. Many voting machines are running software that’s over a decade old, like Windows XP, which Microsoft hasn’t issued a security patch for since 2014. Others store ballots on memory cards, which could be used to insert viruses that can cause the machines to malfunction or alter votes. Take the Sequoia AVC Edge, for example, which is used in 12 states. It was hacked by a group of academics who installed malware that made the machine unable to do anything but play Pac-Man... Across the country, state voter registration data is synced with the internet; the integration has allowed people to register online or at the DMV. But it also means those databases are vulnerable to hackers… In Indiana last month, a security researcher demonstrated how he was able to quickly break into the state’s database and edit people’s voter information. Last year, another researcher found 191 million hacked voter registration records sitting on an open database that apparently anyone could find.” https://www.vox.com/2016/11/7/13512748/hackers-election-day-voting-machines-databases-2016
@KanekoaTheGreat - KanekoaTheGreat
#24 PBS: Here’s how hackers might mess with electronic voting on Election Day (Nov. 8, 2016) “…vulnerabilities in electronic ballots, make hacking a major possibility on Election Day… Five states — New Jersey, Delaware, Georgia, Louisiana, and South Carolina — will cast votes on digital systems without leaving a paper trail. The same applies to several jurisdictions in battleground states like Pennsylvania and Ohio. Cyber vulnerabilities exist in all of these locations. Most revolve around the age of machines and their software. The Brennan Center report estimated 43 states will use voting machines in 2016 that are more than 10 years old. Many of these devices contain outdated software — think Microsoft Windows XP or older — without security updates. Meanwhile, the mainframes of other machines are guarded by easy-to-pick padlocks or by no barrier at all. With the kind of stealth and sophistication that’s already out there, why wouldn’t a nation-state, cyber-criminal gang, or activist group go into election systems that are completely vulnerable? …much of this voting technology is proprietary, so forensic auditors couldn’t independently scrub for and detect malicious software, especially given such code might delete itself after Election Day… Some counties use devices that collect and calculate results at once, such as the AccuVote TS and TSX voting machines. But the software for these popular machines lacks basic cybersecurity, like encryption or strong passwords. Marketplaces for voter registration data have sprouted on the Dark Web over the last year, according to an election hacking report from the ICIT. Prices vary, but one listing offered 0.5 Bitcoins ($300) for a single state’s database.” https://www.pbs.org/newshour/science/heres-how-hackers-could-mess-with-electronic-voting
@KanekoaTheGreat - KanekoaTheGreat
#25 Slate: Now Is the Time to Replace Our Decrepit Voting Machines (Nov. 17, 2016) “With antiquated voting devices at the end of their projected lifespans still in widespread use across the country, the U.S. is facing an impending crisis in which our most basic election infrastructure is unacceptably vulnerable to breakdown, malfunction, and hacking... No one expects a laptop to run reliably for more than a decade. Yet on Election Day 2016, 42 states used voting machines that were at least 10 years old, and 13 of those states used ones more than 15 years old. Perhaps even more troubling, these aging machines are particularly vulnerable to hacking... These older devices often rely on unsupported software (we found machines still operating on Windows 2000) that doesn’t receive the regular security patches that help protect against modern methods of cyberattacks and hasn’t been through the relatively rigorous federal certification program that exists today. What’s more, many of these systems don’t have physical paper trails or ballots to back up the results, meaning there’s no way to independently verify how voters intended to cast their ballots in the case of a suspected hack. Voters complained of touchscreen calibration errors that “flipped” votes in North Carolina, Texas, Nevada, and Georgia and interfered with selecting straight party tickets in Pennsylvania. Optical scan machines malfunctioned in parts of Michigan and Massachusetts, and a few in Illinois had to be replaced because a memory card blew.” https://slate.com/technology/2016/11/now-is-the-time-to-fix-our-old-voting-machines.html
@KanekoaTheGreat - KanekoaTheGreat
#26 PBS: Recounts or no, U.S. elections are still vulnerable to hacking (Dec. 26, 2016) “Pennsylvania is one of 11 states where the majority of voters use antiquated machines that store votes electronically, without printed ballots or other paper-based backups that could be used to double-check the balloting. There’s almost no way to know if they’ve accurately recorded individual votes — or if anyone tampered with the count. More than 80 percent of Pennsylvanians who voted on Nov. 8 cast their ballots on such machines, according to VotePA, a nonprofit seeking their replacement. A recount would, in the words of VotePA’s Marybeth Kuznik, a veteran election judge, essentially amount to this: “You go to the computer, and you say, ‘OK, computer, you counted this a week-and-a-half ago. Were you right the first time?'” These paperless digital voting machines, used by roughly 1 in 5 U.S. voters last month, present one of the most glaring dangers to the security of the rickety, underfunded U.S. election system. Like many electronic voting machines, they are vulnerable to hacking. But other machines typically leave a paper trail that could be manually checked. The paperless digital machines open the door to potential election rigging that might not ever be detected. Researchers would like to see the U.S. move entirely to computer-scannable paper ballots since paper can’t be hacked. Many advanced democracies require paper ballots, including Germany, Britain, Japan, and Singapore. Wallach and his colleagues believe a crafty team of pros could strike surgically, focusing on select counties in a few battleground states where “a small nudge might be decisive,” he said…Vote-tallying systems, typically at the county level, are also tempting targets. They tend to be little more than PCs running a database. Tabulation databases at the county level, which collect results from individual precincts, are supposed to be “air-gapped” or disconnected from the internet at all times — though experts say they sometimes get connected anyway. They’re considered insecure for other reasons; many have USB ports where malware could be introduced. Forty-three states use machines more than a decade old. Most run on vintage operating systems such as Windows 2000 that pre-date the iPhone and are no longer updated with security patches.” https://www.pbs.org/newshour/nation/recounts-no-u-s-elections-still-vulnerable-hacking
@KanekoaTheGreat - KanekoaTheGreat
#27 Politico: U.S. elections are more vulnerable than ever to hacking (Dec. 29, 2016) “America's political system will remain vulnerable to cyberattacks and infiltration from foreign and domestic enemies unless the government plugs major holes and commits millions of dollars in the coming years… Hackers even invaded two state voter registration databases, spurring an FBI alert that sparked questions about whether a broader attack was coming. As for Election Day itself, 15 states — including swing state Pennsylvania — still rely at least partly on electronic voting machines that leave no paper trail. That’s despite years of warnings from digital security specialists, who say the touch-screen machines are prone to being hijacked and would provide no effective way to disprove claims of digital vote tampering… Democrats like Lieu say Republicans are playing with fire, warning the GOP could be in Russia’s crosshairs come 2018. And have no doubt, he added, foreign hackers “could absolutely swing an election” if the U.S. fails to lock its doors.” https://www.politico.com/story/2016/12/election-hacking-vulnerabilities-233024
@KanekoaTheGreat - KanekoaTheGreat
#28 ScientificAmerican: Our Voting System Is Hackable by Foreign Powers (March 1, 2017) “It is entirely possible for an adversary to hack American computerized voting systems directly and select the next commander in chief. A dedicated group of technically sophisticated individuals could steal an election by hacking voting machines in key counties in just a few states. Indeed, University of Michigan computer science professor J. Alex Halderman says that he and his students could have changed the result of the November election… It needn’t be a superpower like Russia or China. Even a medium-sized country would have the resources to accomplish this, with techniques that could include hacking directly into voting systems over the Internet, bribing employees of election offices and voting-machine vendors, or just buying the companies that make the voting machines outright. It is likely that such an attack would not be detected, given our current election security practices... We need to audit computers by manually examining randomly selected paper ballots and comparing the results with machine results. Audits require a voter-verified paper ballot, which the voter inspects to confirm that his or her selections have been correctly and indelibly recorded. Since 2003 an active community of academics, lawyers, election officials, and activists has urged states to adopt paper ballots and robust audit procedures…It is important that audits be performed on every contest in every election so that citizens do not have to request manual recounts to feel confident about election results." https://www.scientificamerican.com/article/our-voting-system-is-hackable-by-foreign-powers/#
@KanekoaTheGreat - KanekoaTheGreat
#29 Politico: Will the Georgia Special Election Get Hacked? (June 14, 2017) “A 29-year-old former cybersecurity researcher with the federal government’s Oak Ridge National Laboratory in Tennessee, Lamb, who now works for a private internet security firm in Georgia, wanted to assess the security of the state’s voting systems. When he learned that Kennesaw State University’s Center for Election Systems tests and programs voting machines for the entire state of Georgia, he searched the center’s website… Lamb found on the center’s website a database containing registration records for the state’s 6.7 million voters; multiple PDFs with instructions and passwords for election workers to sign in to a central server on Election Day; and software files for the state’s ExpressPoll poll books — electronic devices used by poll workers to verify that a voter is registered before allowing them to cast a ballot. There also appeared to be databases for the so-called GEMS servers. These Global Election Management Systems are used to prepare paper and electronic ballots, tabulate votes and produce summaries of vote totals. The files were supposed to be behind a password-protected firewall, but the center had misconfigured its server so they were accessible to anyone, according to Lamb. “You could just go to the root of where they were hosting all the files and just download everything without logging in,” Lamb says. The site was also using a years-old version of Drupal — content management software — that had a critical software vulnerability long known to security researchers. “Drupageddon,” as researchers dubbed the vulnerability, got a lot of attention when it was first revealed in 2014. It would let attackers easily seize control of any site that used the software. A patch to fix the hole had been available for two years, but the center hadn’t bothered to update the software, even though it was widely known in the security community that hackers had created automated scripts to attack the vulnerability back in 2014… In addition to failing to install the 2-year-old patch on its server software, Georgia, in testimony in the injunction hearing last week revealed, is still using a version of software on its touch-screen machines that was last certified in 2005. That voting software is running on the machines on top of a Windows operating system that is even older than this.” https://www.politico.com/magazine/story/2017/06/14/will-the-georgia-special-election-get-hacked-215255/
@KanekoaTheGreat - KanekoaTheGreat
#30 NPR: If Voting Machines Were Hacked, Would Anyone Know? (June 14, 2017) “U.S. officials are increasingly worried about how vulnerable American elections really are… But even if most voting machines aren't connected to the Internet, says cybersecurity expert Jeremy Epstein, "they are connected to something that's connected to something that's connected to the Internet." … A recently leaked National Security Agency report on Russian hacking attempts has heightened concerns. According to the report, Russian intelligence services broke into an election software vendor's computer system and used the information it gained to send 122 election officials fake emails infected with malicious software. Bloomberg News reported Tuesday that Russia might have attempted to hack into election systems in up to 39 states. University of Michigan computer scientist Alex Halderman says it's just the kind of phishing campaign someone would launch if they wanted to manipulate votes. "That's because, before every election, the voting machines have to be programmed with the design of the ballots — what are the races, who are the candidates," says Halderman. He notes that the programming is usually done on a computer in a central election office or by an outside vendor. The ballot program is then installed on individual voting machines with a removable memory card. "So, as a remote attacker, I can target an election management system, one of these ballot programming computers. If I can infect it with malicious software, I can have that malicious software spread to the individual machines on the memory cards, and then change votes on Election Day," says Halderman.” https://www.npr.org/2017/06/14/532824432/if-voting-machines-were-hacked-would-anyone-know
@KanekoaTheGreat - KanekoaTheGreat
#31 HuffPost: Good News For Russia: 15 States Use Easily Hackable Voting Machines (July 17, 2017) "Touch-screen machines can be programmed to change votes and are nearly impossible to audit, computer experts say… Manufacturers like Diebold touted the touch screens, known as direct-recording electronic (DRE) machines, as secure and more convenient than their paper-based predecessors. Computer experts were skeptical since any computer can be vulnerable to viruses and malware, but it was hard to get ahold of a touch-screen voting machine to test it. The manufacturers were so secretive about how the technology worked that they often required election officials to sign non-disclosure agreements preventing them from bringing in outside experts who could assess the machines. In September 2006, they published a research paper and an accompanying video detailing how they could spread malicious code to the AccuVote TS to change the record of the votes to produce whatever outcome the code writers desired. And the code could spread from one machine to another like a virus. That was more than a decade ago, but Georgia still uses the AccuVote TS. The state is one of five ― the others are Delaware, Louisiana, New Jersey, and South Carolina ― that rely entirely on DREs for voting. Ten other states use a combination of paper ballots and DRE machines that leave no paper trail. Many use a newer version of the AccuVote known as the TSX ― even though computer scientists have demonstrated that machine, too, is vulnerable to hacking. Others use the Sequoia AVC Advantage, which Princeton professor Andrew Appel demonstrated could be similarly manipulated in a 2007 legal filing. Appel bought a Sequoia machine online for $82 and demonstrated that he could remove 10 screws and easily replace the Sequoia’s memory card with a modified version that would alter the outcome of an election… Computer scientists like Halderman, Appel, and Felten have been warning states about the risks of DRE machines for over a decade, urging them to replace touch-screen machines with paper ballots that can be read with an optical scanner and easily audited after an election. Paper ballots create a physical copy of the voter’s choice that can be checked against the results; with DRE machines, it’s impossible to verify whether the choice the person intended to select is, in fact, what the machine recorded.” https://www.huffpost.com/entry/electronic-voting-machines-hack-russia_n_5967e1c2e4b03389bb162c96
@KanekoaTheGreat - KanekoaTheGreat
#32 CNET: Defcon hackers find it’s very easy to break voting machines (July 30, 2017) “When the password for a voting machine is "abcde" and can't be changed, the integrity of our democracy might be in trouble. The Advanced Voting Solutions WinVote machine, dubbed "America's worst voting machine," came equipped with this simple password even as it was used in some of the country's most important elections. AVS went out of business in 2007, but Virginia used its insecure machines until 2015 before dropping them for scrap metal. That means this vulnerable hunk of technology was used in three presidential elections, starting with George W. Bush's re-election in 2004 to Barack Obama's in 2012… "It's really just a matter of plugging your USB drive in for five seconds, and the thing's completely compromised at that point," Synack co-founder Jay Kaplan said. "To the point where you can get remote access. It's very simple." … Once you're out of the voting program on the machine, it's just like any old Windows XP computer," Synack found. https://www.cnet.com/news/privacy/defcon-hackers-find-its-very-easy-to-break-voting-machines/
@KanekoaTheGreat - KanekoaTheGreat
#33 CNN: We watched hackers break into voting machines (Aug. 11, 2017) “These are supposed to be the latest machines, they're still used in elections, and they're running ancient software. I think that if somebody wanted to, it would be pretty easy to fake an election…So if you are a voter in America, we're likely hacking the machine that you vote on. There are a few dozen of these machines and also electronic poll books… We can go ahead and impact this log within 10 seconds, and you can gain access to the operating system. We could actually remove this and clone this particular USB. We could go back and start looking at and reverse engineering what's on this image and determining the various ways that we can impact this particular operating system.” https://www.youtube.com/watch?v=HA2DWMHgLnc
@KanekoaTheGreat - KanekoaTheGreat
#34 The Intercept: The U.S. Election System Remains Deeply Vulnerable (Oct. 3, 2017) "The Harvard report, titled “Voter Identity Theft: Submitting Changes to Voter Registrations Online to Disrupt Elections,” concludes that online attackers can alter voter registration information in as many as 35 states and the District of Columbia by buying personal information through either legitimate or illegitimate sources. Voter registration information is public, and many states allow citizens to make changes online, even if they registered in person or by mail. A determined hacker could buy voter lists from the 36 jurisdictions that allow online registration, and separately buy the personal information used to confirm a voter’s identification – such as Social Security or driver’s license numbers – to get in and make changes. Voting software is another potential target for hackers. The Intercept has previously reported on a top-secret National Security Agency report detailing a cyberattack by a Russian intelligence agency on at least one U.S. voting software supplier. The attackers sent spear-phishing emails to more than 100 local election officials just days before the November election, according to the highly classified report that was provided anonymously to The Intercept." https://theintercept.com/2017/10/03/us-election-2016-state-voting-systems/
@KanekoaTheGreat - KanekoaTheGreat
#35 New York Times: The Myth of the Hacker-Proof Voting Machine (Feb. 2, 2018) “Examining the election-management computer at the county’s office — the machine used to tally official election results and, in many counties, to program voting machines — they found that remote-access software had been installed on it. Remote-access software is a type of program that system administrators use to access and control computers remotely over the internet or over an organization’s internal network. Election systems are supposed to be air-gapped — disconnected from the internet and from other machines that might be connected to the internet. The presence of the software suggested this wasn’t the case with the Venango machine, which made the system vulnerable to hackers. Anyone who gained remote access to the system could use the software to take control of the machine. Logs showed the software was installed two years earlier and used multiple times, most notably for 80 minutes on November 1, 2010, the night before a federal election… In the 15 years since electronic voting machines were first adopted by many states, numerous reports by computer scientists have shown nearly every make and model to be vulnerable to hacking. The systems were not initially designed with robust security in mind, and even where security features were included, experts have found them to be poorly implemented with glaring holes… ES&S has in the past sometimes sold its election-management system with remote-access software preinstalled, according to one official; and where it wasn’t preloaded, the company advised officials to install it so ES&S technicians could remotely access the systems via modem, as Venango County’s contractor did, to troubleshoot and provide maintenance… An ES&S contract with Michigan from 2006 describes how the company’s tech support workers used remote-access software called pcAnywhere to access customer election systems. And a report from Allegheny County, Pennsylvania, that same year describes pcAnywhere on that county’s election-management system on June 2 when ES&S representatives spent hours trying to reconcile vote discrepancies in a local district race that took place during a May 16th primary. An Allegheny County election official told me that remote-access software came pre-installed on their ES&S election-management system… On election nights, many polling places around the country transmit voting results to their county election offices via modems embedded in or connected to their voting machines. Election officials and vendors insist that the modem transmissions are safe because the connections go over phone lines and not the internet. But as security experts point out, many of the modems are cellular, which use radio signals to send calls and data to cell towers and routers belonging to mobile carriers — Verizon, Sprint, AT&T. These routers are technically part of the internet. Even when analog (landline) modems are used instead of cellular ones, the calls still likely pass through routers, because phone companies have replaced much of their analog switching equipment in recent years with digital systems. Because of this, attackers could theoretically intercept unofficial results as they’re transmitted on election night — or, worse, use the modem connections to reach back into election machines at either end and install malware or alter election software and official results... To subvert machines via their modem connection, an attacker could set up a device known as an IMSI-catcher (or stingray, as they’re also called) near precincts or county election offices to intercept and alter vote tallies as they’re transmitted. IMSI-catchers — which law enforcement, militaries and spies use — impersonate legitimate cell towers and trick phones and other devices in their vicinity into connecting to them instead of legitimate towers. ‘‘The incorrect assertion that voting machines or voting systems can’t be hacked by remote attackers because they are ‘not connected to the internet’ is not just wrong, it’s damaging,’’ says Susan Greenhalgh, a spokeswoman for the National Election Defense Coalition, an elections integrity group. ‘‘This oft-repeated myth instills a false sense of security that is inhibiting officials and lawmakers from urgently requiring that all voting systems use paper ballots and that all elections be robustly audited.’’ …The top voting machine maker in the country, ES&S, distributes modems or modeming capability with many of its DRE and optical-scan machines. About 35,000 of ES&S’s newest precinct-based optical scanner, the DS200, are used in 31 states and the District of Columbia and can be outfitted with either analog or cellular modems to transmit results. Maryland, Maine, Rhode Island and the District of Columbia use only DS200 machines statewide (though they also use two other systems specifically for disabled voters and absentee ballots); Florida and Wisconsin use the DS200s in dozens of counties, and other states use them to lesser degrees. ES&S’s earlier model M100 optical scanners, which also can be equipped with modems, have long been used in Michigan — a critical swing state in the 2016 presidential election — though the state is upgrading to DS200 machines this year, as well as machines made by Dominion Voting Systems. Dominion’s machines use external serial-port modems that are connected to machines after an election ends.” https://www.nytimes.com/2018/02/21/magazine/the-myth-of-the-hacker-proof-voting-machine.html
@KanekoaTheGreat - KanekoaTheGreat
#36 Slate: America's Voting Systems Are Highly Vulnerable to Hackers (Feb. 22, 2018) “Did Russia shift the election’s outcome by hacking registration rolls or voting machines? The fact is that it’s impossible to say. In September, the Department of Homeland Security informed officials in 21 states that Russians had hacked into their registration systems in the run-up to the election. Whether the hackers manipulated the rolls—removed names, or switched their precincts—no one has investigated; perhaps no one could investigate, as so many months had passed before the hack was revealed… J. Alex Halderman a professor of computer science at the University of Michigan, testified that only a handful of vendors and contractors provide the equipment used in election machines. “Attackers could target one or a few of these companies and spread malicious code to election equipment that serves millions of voters,” he said. “Furthermore, in close elections, decentralization can actually work against us. An attacker can probe different areas of the most important ‘swing states’ for vulnerabilities, find the areas that have the weakest protection, and strike there.” For the past decade, Halderman has run the “red teams”—the simulated attacker—in games to test the vulnerability of election machines. In those games, he testified, his team “could reprogram the machine to invisibly cause any candidate to win. We also created malicious software—vote-stealing code—that could spread from machine to machine like a computer virus, and silently change the election outcome…This month, the Center for American Progress released a study measuring the degree to which each of the 50 states meets these basic standards. The results were alarming. Paperless voting systems—touch screens with no paper backups—are still used in 14 states. Only 26 states require post-election audits. Forty-one states use database software that was created more than a decade ago—so long ago that the vendors no longer track vulnerabilities or send patches to the users. More distressing still, some of the worst laggards, by these measures, are battleground states. Florida gets an F, judged as “incomplete” or “unsatisfactory” on six of seven security metrics. Pennsylvania and Arizona get D’s. Iowa, Michigan, Nevada, Virginia, and Wisconsin get C’s. No state gets an A. Just 10 get B’s.” https://slate.com/news-and-politics/2018/02/americas-voting-systems-are-still-dangerously-vulnerable-to-hacking.html
@KanekoaTheGreat - KanekoaTheGreat
#37 New York Times: I Hacked an Election. So Can the Russians. (April 5, 2018) “After the chaos of the 2000 election, we were promised a modern and dependable way to vote, Halderman says in the video. “I’m here to tell you that the electronic voting machines Americans got to solve the problem of voting integrity - they turned out to be an awful idea. That’s because people like me can hack them all too easily. Our highly computerized election infrastructure is vulnerable to sabotage and even to cyberattacks that could change votes. Halderman has testified before Congress on the issue. He says that while it’s promising that the Senate Intelligence Committee has recently shown some understanding of the problem, states must act too. Step 1: Buy a voting machine on eBay, or if you are the North Koreans, hack the manufacturer and steal their software code. Step 2: Write a virus. Step 3: Email your virus to every election official responsible for programming the voting machines with new ballots. Many of these officials are easy to find online. Step 4: Sip coffee and wait. Step 5: Hijack the ballot programming and let the election officials copy your invisible malicious code onto the voting machines. Step 6: Watch your code silently steal votes... What chance do the people running your local elections really have against Russia or North Korea?” https://www.nytimes.com/video/opinion/100000005790489/i-hacked-an-election-so-can-the-russians.html
@KanekoaTheGreat - KanekoaTheGreat
#38 The New Yorker: America Continues To Ignore Risks of Election Hacking (April 18, 2018) “America’s voting systems are hackable in all kinds of ways. As a case in point, in 2016, the Election Assistance Commission, the bipartisan federal agency that certifies the integrity of voting machines, and that will now be tasked with administering Congress’s three hundred and eighty million dollars, was itself hacked. The stolen data—log-in credentials of E.A.C. staff members—were discovered, by chance, by employees of the cybersecurity firm Recorded Future, whose computers one night happened upon an informal auction of the stolen passwords. Another case to consider: the Department of Homeland Security recently discovered a number of rogue cell phone simulators—technical tools that are commonly called “Stingrays”—in Washington, D.C., and has been unable to identify who was operating them…As a pair of Princeton computer scientists, Andrew Appel and Kyle Jamieson, have pointed out, cell phone simulators, which mimic legitimate cell towers, happen also to be handy and inexpensive vote-hacking devices. On the Freedom to Tinker blog, Appel and Jamieson have posted easy-to-follow diagrams showing how the transmission of voting information from polling places could be intercepted by a Stingray and surreptitiously altered before being sent on to its intended destination, a central tabulating computer. The voting machine that Appel and Jamieson picked to illustrate this hypothetical “man-in-the-middle” attack was the DS200, a popular optical-scan voting machine that reads marked paper ballots, made by a company called Election Systems & Software… As of 2015, forty-three states and the District of Columbia were using machines that are no longer in production. Some of these machines are so old that their operating systems can’t be patched when security flaws are found, and replacement parts must be scrounged up on eBay…Software vulnerabilities, unreliable tabulators, and unprotected memory cards have left voting systems open to exploitation ever since electronic machines were introduced.” https://www.newyorker.com/news/news-desk/america-continues-to-ignore-the-risks-of-election-hacking
@KanekoaTheGreat - KanekoaTheGreat
#39 Reuters: Old voting machines stir concerns among U.S. officials (May 31, 2018) “In 14 of the 40 most competitive races, Americans will cast ballots on voting machines that do not provide a paper trail to audit voters’ intentions if a close election is questioned… These include races in Pennsylvania, New Jersey, Texas, Florida, Kansas, and Kentucky. Nationwide, of 435 congressional seats up for grabs, 144 are in districts where some or all voters will not have access to machines using paper records, the analysis shows… Most of the dozen-plus state and local election officials interviewed by Reuters said they worry about bad actors hacking the older electronic voting machines to alter ballots, and then being unable to verify the results because there will be no paper trail. But the officials worry most about voters losing trust in elections because officials would not be able to visibly demonstrate that the tally was indeed accurate.” https://www.reuters.com/article/us-usa-election-votingmachines-idUSKCN1IW16Z
@KanekoaTheGreat - KanekoaTheGreat
#40 Axios: There's more than one way to hack an election (July 2, 2018) “Here are the systems at risk in the election process: voter registration systems, voter registration databases (which the voter registration process produces), voter records at polling places (known as poll books, which exist in both printed and electronic versions), voting machines (which capture the votes), vote tabulation (when the votes are tallied)… Many parts of election systems are at risk of being exposed to the internet — and thereby potentially being inappropriately accessed or meddled with — because of human error or bad security protocols. Here are some of the main points of risk: registration interfaces, voter registration databases, electronic poll books, printed poll books, voting machines, electronic vote tabulation, optical scan vote tabulation, and election management systems.” https://www.axios.com/2018/07/02/be-smart-there-is-more-than-one-way-to-hack-an-election-1529424861
@KanekoaTheGreat - KanekoaTheGreat
#41 Newsweek: Election Hacking: Voting-Machine Supplier Admits It Used Hackable Software Despite Past Denials (July 17, 2018) “One of the country's largest voting machine makers has admitted in a letter to a U.S. senator that some of its past election-management systems had remote-access software preinstalled, despite past denials that any of its systems were equipped with such software. Election Systems and Software (ES&S) told Democratic Senator Ron Wyden of Oregon in an April letter that has now been released, first reported by Vice News and later obtained by Newsweek, that the company provided election equipment with remote connection software to an unspecified number of states from 2000 to 2006. "Prior to the inception of the [Election Assistance Commission] testing and certification program and the subsequent requirement for hardening and at customer's request, ES&S provided pcAnywhere remote connection software on the [Election-Management System] workstation to a small number of customers between 2000 and 2006," wrote Tom Burt, ES&S president.” Wyden told Vice the decision to sell any voting system with remote-access software, leaving equipment possibly vulnerable to hacking, was "the worst decision for security short of leaving ballot boxes on a Moscow street corner." https://www.newsweek.com/election-hacking-voting-machines-software-1028948
@KanekoaTheGreat - KanekoaTheGreat
#42 Salon: Remote-access allowed: Voting machine company admits installing vulnerable software (July 20, 2018) “A letter sent to Congress reveals that, between 2000 and 2006, one of America's top voting machine companies installed remote-access software in their products that made it possible for them to be manipulated by third parties. In the letter, Election Systems and Software admitted that it had "provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006." As The Verge notes, "pcAnywhere’s security vulnerabilities have been well-documented in the past": In 2006, hackers stole the source code for pcAnywhere and then stayed quiet until 2012, when a hacker published part of the code online. Symantec, which distributed pcAnywhere, knew vaguely of the theft back in 2006 but only spoke up about it after the code leaked, along with the warning that users should disable or uninstall the software. At the same time, security researchers studied pcAnywhere’s code and found a vulnerability that could let a hacker take control of a whole system and bypass the need to enter a password.” https://www.salon.com/2018/07/20/remote-access-allowed-voting-machine-company-admits-installing-vulnerable-software/
@KanekoaTheGreat - KanekoaTheGreat
#43 BBC: Hacking the US mid-terms? It's child's play (Aug. 11, 2018) “Bianca Lewis, 11, has many hobbies. She likes Barbie, video games, fencing, singing… and hacking the infrastructure behind the world’s most powerful democracy…She’s taking part in a competition organized by R00tz Asylum, a non-profit organization that promotes “hacking for good” …Its aim is to send out a dire warning: the voting systems that will be used across America for the mid-term vote in November are, in many cases, so insecure a young child can learn to hack them with just a few minute’s coaching.” https://www.bbc.com/news/technology-45154903
@KanekoaTheGreat - KanekoaTheGreat
#44 PBS: An 11-year-old changed election results on a replica Florida state website in under 10 minutes (Aug. 12, 2018) “An 11-year-old boy on Friday was able to hack into a replica of the Florida state election website and change voting results found there in under 10 minutes during the world’s largest yearly hacking convention, DEFCON 26, organizers of the event said. “These are very accurate replicas of all of the sites,” Sell told the PBS NewsHour on Sunday. “These things should not be easy enough for an 8-year-old kid to hack within 30 minutes; it’s negligent for us as a society.” https://www.pbs.org/newshour/nation/an-11-year-old-changed-election-results-on-a-replica-florida-state-website-in-under-10-minutes
@KanekoaTheGreat - KanekoaTheGreat
#45 The Guardian: Why US elections remain 'dangerously vulnerable' to cyber-attacks (Aug. 13, 2018) “By mid-evening, Jon Ossoff, the leading Democrat, had 50.3% of the vote, enough to win outright without the need for a run-off against his closest Republican challenger. Then Marks noticed that the number of precincts reporting in Fulton County, encompassing the heart of Atlanta, was going down instead of up. Soon after, the computers crashed. Election officials later blamed a “rare error” with a memory card that didn’t properly upload its vote tallies. When the count resumed more than an hour later, Ossoff was suddenly down to 48.6% and ended up at 48.1%… Georgia’s 15-year-old all-electronic voting system was almost impossible to audit because it produced no independently verifiable paper trail to check against the computer-generated tallies. Cybersecurity experts have warned for years that malfeasance, technical breakdown, or administrative incompetence could easily wreak havoc with electronic systems and could go largely or wholly undetected. “Virtually every American voter has come to understand that the nation’s election infrastructure is susceptible to malicious manipulation from local and foreign threats,” the suit reads. “Yet, Georgia’s election officials continue to defend the state’s electronic voting system that is demonstrably unreliable and insecure, and have repeatedly refused to take administrative, regulatory or legislative action to address the election security failures.” https://www.theguardian.com/us-news/2018/aug/13/us-election-cybersecurity-hacking-voting
@KanekoaTheGreat - KanekoaTheGreat
#46 The Guardian: Kids at hacking conference show how easily US elections could be sabotaged (Aug. 22, 2018) “The risk of a hacker casting the validity of an election into question through one of any number of other entry points is huge, and the actual difficulty of such an attack is child’s play. Literally. “The most vulnerable part of election infrastructure is the websites,” explained the security expert Jake Braun… Unlike a voting machine, Braun explains, websites represent a compelling target because they are, by their nature, connected to the internet 24/7. And, whether they are used for voter registration, online campaigning, or announcing the results at the end of the election, they can be used to sow havoc…Armed with facsimiles of the websites of 13 battleground states and a child-friendly guide to basic hacking techniques, the kids were set loose on critical infrastructure – and proceeded to tear it apart… “The No 1 thing we found last year wasn’t a hack at all; it was the fact that we opened up the back of the machine, and of course, no surprise, all the parts are made across the world, especially China. This isn’t conjecture; this isn’t my dystopian fantasy world; this is something we know they do …The fragmentation argument is absolute horseshit because once you’re in the chips, you can hack whole classes of machines, nationwide, from the fucking Kremlin.”… The bad actor just needs to steal enough votes in a few counties in America’s battleground states – just enough to swing a close election…“I’ve only one conclusion,” said Schürmann: “Use paper and do your audits.” https://www.theguardian.com/technology/2018/aug/22/us-elections-hacking-voting-machines-def-con
@KanekoaTheGreat - KanekoaTheGreat
#47 CBS: Why voting machines in the U.S. are easy targets for hackers (Sept. 19, 2018) “Tens of thousands of voting machines in the United States are vulnerable to hacking. They have been successfully dismantled and attacked by security researchers for years to demonstrate their flaws. In 2017, at the annual Defcon hackers conference, one tech professor from the University of Copenhagen was able to penetrate an Advanced Voting Solutions machine in about 90 minutes. The attackers were able to access the administrator mode, allowing them to potentially alter voting data. At this year's conference, a group of hackers was able to crack one in 15 minutes. One hacker told CNET: "Should you be trusting your vote with these? I don't think so." "They're running Windows. They have USB ports. They're actual computers and are very susceptible to attacks," says Cris Thomas, the global strategy lead for IBM's X-Force cybersecurity team.” Optical scan ballot machines are vulnerable to hacking — all electronic devices are — but most cybersecurity experts are more concerned with electronic machines. Voting results are stored on the machine's internal storage. If the voting data is not encrypted or improperly configured, with little effort, a bad actor could access the memory and alter the voting results… The results go from [the voting machine] into a piece of electronics that takes it to the central counting place. That data is not encrypted, and that's vulnerable for manipulation.” https://www.cbsnews.com/news/why-voting-machines-in-the-u-s-are-easy-targets-for-hackers/
@KanekoaTheGreat - KanekoaTheGreat
#48 New York Times: The Crisis of Election Security (Sept. 26, 2018) The Illinois intruders had quietly breached the network in June and spent weeks conducting reconnaissance. After alighting on the state’s voter registration database, they downloaded information on hundreds of thousands of voters… In early August, Jenkins learned of another breach, this one on an Arizona state website, and it appeared to come from one of the same I.P. addresses that had been used to attack Illinois. This time, the intruders installed malware as if setting the stage for further assault. Then reports from other states began to pour in, saying that the same I.P. addresses appeared to be probing their voter-registration networks… The entire system — a Rube Goldberg mix of poorly designed machinery, from websites and databases that registered and tracked voters, to electronic poll books that verified their eligibility, to the various black-box systems that recorded, tallied, and reported results — was vulnerable…They don’t address core vulnerabilities in voting machines or the systems used to program them. And they ignore the fact that many voting machines that elections officials insist are disconnected from the internet — and therefore beyond the reach of hackers — are in fact accessible by way of the modems they use to transmit vote totals on election night. Add to this the fact that states don’t conduct robust postelection audits — a manual comparison of paper ballots to digital tallies is the best method we have to detect when something has gone wrong in an election — and there’s a good chance we simply won’t know if someone has altered the digital votes in the next election… How did our election system get so vulnerable, and why haven’t officials tried harder to fix it? The answer, ultimately, comes down to politics and money: The voting machines are made by well-connected private companies that wield immense control over their proprietary software, often fighting vigorously in court to prevent anyone from examining it when things go awry. In Ohio in 2004, for example, where John Kerry lost the presidential race following numerous election irregularities, Kerry’s team was denied access to the voting-machine software. “We were told by the court that you were not able to get that algorithm to check it, because it was proprietary information,” Kerry recalled in a recent interview on WNYC’s “Brian Lehrer Show.” He was understandably rueful, arguing how wrong it was that elections are held under “the purview of privately owned machines, where the public doesn’t have the right to know whether the algorithm has been checked or whether they’re hackable or not. And we now know they are hackable.” …There are roughly 350,000 voting machines in use in the country today, all of which fall into one of two categories: optical-scan machines or direct-recording electronic machines. Each of them suffers from significant security problems. With optical-scan machines, voters fill out paper ballots and feed them into a scanner, which stores a digital image of the ballot and records the votes on a removable memory card. The paper ballot, in theory, provides an audit trail that can be used to verify digital tallies. But not all states perform audits, and many that do simply run the paper ballots through a scanner a second time. Fewer than half the states do manual audits, and they typically examine ballots from randomly chosen precincts in a county, instead of a percentage of ballots from all precincts. If the randomly chosen precincts aren’t ones where hacking occurred or where machines failed to accurately record votes, an audit won’t reveal anything — nor will it always catch problems with early-voting, overseas, or absentee ballots, all of which are often scanned in county election offices, not in precincts. Voters use touch screens or other input devices to make selections on digital-only ballots, and votes are stored electronically. Many D.R.E.s have printers that produce what’s known as a voter-verifiable paper audit trail — a scroll of paper, behind a window, that voters can review before casting their ballots. But the paper trail doesn’t provide the same integrity as full-size ballots and optical-scan machines, because a hacker could conceivably rig the machine to print a voter’s selections correctly on the paper while recording something else on the memory card. About 80 percent of voters today cast ballots either on D.R.E.s that produce a paper trail or on scanned paper ballots. But five states still use paperless D.R.E.s exclusively, and an additional 10 states use paperless D.R.E.s in some jurisdictions…More than a dozen companies currently sell voting equipment, but a majority of machines used today come from just four — Diebold Election Systems, Election Systems & Software (ES&S), Hart InterCivic and Sequoia Voting Systems. Diebold (later renamed Premier) and Sequoia are now out of business. Diebold’s machines and customer contracts were sold to ES&S and a Canadian company called Dominion, and Dominion also acquired Sequoia. This means that more than 80% of the machines in use today are under the purview of three companies — Dominion, ES&S, and Hart InterCivic. Many of the products they make have documented vulnerabilities and can be subverted in multiple ways. Hackers can access voting machines via the cellular modems used to transmit unofficial results at the end of an election, or subvert back-end election-management systems — used to program the voting machines and tally votes — and spread malicious code to voting machines through them. Attackers could design their code to bypass pre-election testing and kick in only at the end of an election or under specific conditions — say, when a certain candidate appears to be losing — and erase itself afterward to avoid detection. And they could make it produce election results with wide margins to avoid triggering automatic manual recounts in states that require them when results are close. Hackers could also target voting-machine vendors and use this trusted channel to distribute their code. Last year a security researcher stumbled across an unsecured ES&S server that left passwords exposed for its employee accounts. Although the passwords were encrypted, a nation-state with sufficient resources would most likely be able to crack them, the researcher noted. Since ES&S creates ballot-definition files before each election for some customers — the critical programming files that tell machines how to apportion votes based on a voter’s screen touch or marks on a paper ballot — a malicious actor able to get into ES&S’s network could conceivably corrupt these files so machines misinterpret a vote for Donald Trump, say, as one for his opponent, or vice versa. The Department of Homeland Security, the intelligence community, and election officials have all insisted that there is no evidence that Russian hackers altered votes in 2016. But the truth is that no one has really looked for evidence. Intelligence assessments are based on signals intelligence — spying on Russian communications and computers for chatter or activity indicating that they altered votes — not on a forensic examination of voting machines and election networks. “We should always be careful to point out that there hasn’t been any evidence that votes were changed in any election in this way, and that’s a true fact,” said Matt Blaze, a computer-science professor at the University of Pennsylvania and a voting-machine-security expert. “It’s just less comforting than it might sound at first glance because we haven’t looked very hard.” Even if experts were to look, it’s not clear what they would find, he added. “It’s possible to do a pretty good job of erasing all the forensic evidence.” …At 10 p.m., Al Gore was ahead in Volusia, with 83,000 votes to George W. Bush’s 62,000. Things were going well for Gore across the state, and exit polls projected a six-point lead for him. But then something changed. “I had stepped out, and one of the assistants came, and he’s just like, ‘I need you to come here and verify the numbers,’ ” Tannenbaum recalled. When she looked at the county’s website, Gore’s total had dropped 16,000 votes. Tannenbaum called the county election office, alarmed. “I don’t know what’s going on down there, but you can’t take away votes!” she said. The mysterious drop would later be traced to Precinct 216, a community center in DeLand, where Gore’s total was showing negative 16,022 votes. It wasn’t the only mathematical absurdity in the tally. A Socialist Workers Party candidate named James Harris had 9,888 votes. But the DeLand precinct had only 585 registered voters, and only 219 of them cast ballots at the center that day. Volusia officials blamed the mishap on a faulty memory card. The county used optical-scan machines made by Global Election Systems (a Canadian company later acquired by Diebold and renamed Diebold Election Systems), which the county had used since 1996. When the election ended, poll workers were supposed to transmit results to the county election office via modem; but the transmission failed, so a worker drove the memory card in, where officials inserted it directly into the election-management system to tally results. Logs for that computer, however, showed two memory cards for Precinct 216 inserted, an hour apart. The vote totals went haywire after the second card was loaded. Beyond the mystery of the two cards, there was another problem with this explanation. A faulty memory card should produce an onscreen error message or cause a computer to lock up, not alter votes in one race while leaving others untouched. And what kind of faulty card deleted votes only for Gore, while adding votes to other candidates?" https://web.archive.org/web/20181010024836/https://www.nytimes.com/2018/09/26/magazine/election-security-crisis-midterms.html
@KanekoaTheGreat - KanekoaTheGreat
#49 Politico: Attack on commonly used voting machine could tip an election (Sept. 27, 2018) “A malicious hacker could alter the outcome of a U.S. presidential election by taking advantage of numerous flaws in one model of vote-tabulating machine used in 26 states, cybersecurity experts warned in a report presented Thursday at the Capitol… The biggest flaw in the process we found is even when we identify flaws, they don't get fixed… The report says an attacker could remotely gain access to the Model 650 tabulating machine manufactured by Election Systems and Software, one of the country's largest sellers of voting equipment, by exploiting numerous vulnerabilities in the unit. Researchers also said this model has an unpatched vulnerability that the manufacturer was notified about a decade ago… The event organizers said the Model 650 vote-tabulation vulnerabilities are especially problematic because states use the machines to process ballots for entire counties. "Hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election," the report says.” https://www.politico.com/story/2018/09/27/hacking-voting-machines-814504
@KanekoaTheGreat - KanekoaTheGreat
#50 WSJ: Voting Machine Used in Half of U.S. Is Vulnerable to Attack (Sept. 27, 2018) “Election machines used in more than half of U.S. states carry a flaw disclosed more than a decade ago that makes them vulnerable to a cyberattack, according to a report to be delivered Thursday on Capitol Hill. The issue was found in the widely used Model 650 high-speed ballot-counting machine made by Election Systems & Software LLC, the nation’s leading manufacturer of election equipment. It is one of about seven security problems in several models of voting equipment described in the report, which is based on research conducted last month at the Def Con hacker conference. The flaw in the ES&S; machine stood out because it was detailed in a security report commissioned by Ohio’s secretary of state in 2007, said Harri Hursti, an election-security researcher who co-wrote both the Ohio and Def Con reports. “There has been more than plenty of time to fix it,” he said…Earlier this month, the National Academies of Sciences, Engineering, and Medicine recommended U.S. states move away from voting machines that don’t include paper ballots…Election security researchers and politicians aren’t convinced ES&S; is doing enough. The company hasn’t adopted common internet security standards that secure against phishing attacks and make it harder to intercept messages, according to staffers for Sen. Ron Wyden (D., Ore.).” https://www.wsj.com/articles/widely-used-election-systems-are-vulnerable-to-attack-report-finds-1538020802
@KanekoaTheGreat - KanekoaTheGreat
#51 CNN: Hackers Bring Stark Warning About Election Security (Sept. 27, 2018) “The vulnerabilities in America’s voting systems are “staggering,” a group representing hackers warned lawmakers on Capitol Hill on Thursday – just over a month before the midterm elections. The hacking group claims they were able to break into some voting machines in two minutes and that they had the ability to wirelessly reprogram an electronic card used by millions of Americans to activate a voting terminal to cast their ballot. “This vulnerability could be exploited to take over the voting machine on which they vote and cast as many votes as the voter wanted,” the group claims in the report…A voting tabulation machine the group says is used in more than two dozen states is vulnerable to being remotely hacked, they said, claiming, “hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election.” https://www.cnn.com/2018/09/27/politics/hackers-warning-midterm-elections/index.html
@KanekoaTheGreat - KanekoaTheGreat
#52 Wired: Voting Machines Are Still Absurdly Vulnerable to Attacks (Sept. 28, 2018) “The report details vulnerabilities in seven models of voting machines and vote counters, found during the DefCon security conference's Voting Village event. All of the models are in active use around the US, and the vulnerabilities—from weak password protections to elaborate avenues for remote access— number in the dozens… "We didn't discover a lot of new vulnerabilities," says Matt Blaze, a computer science professor at the University of Pennsylvania and one of the organizers of the Voting Village, who has been analyzing voting machine security for more than 10 years. "What we discovered was vulnerabilities that we know about are easy to find, easy to re-engineer, and have not been fixed over the course of more than a decade of knowing about them. And to me, that is both the unsurprising and terribly disturbing lesson that came out of the Voting Village."… One device, the "ExpressPoll-5000," has the root password of "password." The administrator password is "pasta."… Many of the machines participants analyzed during the Voting Village run software written in the early 2000s or even the 1990s. Some vulnerabilities detailed in the report were disclosed years ago and still haven't been resolved. In particular, one ballot counter made by Election Systems & Software, the Model 650, has a flaw in its update architecture first documented in 2007 that persists. Voting Village participants also found a network vulnerability in the same device—which 26 states and the District of Columbia all currently use.” https://www.wired.com/story/voting-machine-vulnerabilities-defcon-voting-village/
@KanekoaTheGreat - KanekoaTheGreat
#53 Slate: Can Paper Ballots Save Our Democracy? (Oct. 10, 2018) “The machine was an AccuVote TSX used in 18 states, some with the same software version. Attackers don't need physical access--we showed how malicious code can spread from the election office when officials program the ballot design… The Center for American Progress recently released a study that highlighted that 42 states use electronic voting machines with software a decade old or more, that leaves them especially vulnerable to hacking and malware. What’s more, five states rely solely on machines that leave no paper trail, and another 10 will use them in at least some districts. These paperless voting machines are especially problematic because even if such a machine were known or suspected to have been hacked, there’s no physical backup ballot to check it against—and therefore no way to determine for certain whether the vote an individual cast matched with the vote that the machine recorded. Worse still, some of the states with the poorest voting system security are also electoral heavyweights, including Georgia, Texas, Pennsylvania, and Florida…A growing number of voting-rights advocates and cybersecurity experts—among them organizations like the National Academies of Sciences, Engineering, and Medicine and Verified Voting—feel that the way forward is in a return to the past: paper ballots.” https://slate.com/technology/2018/10/paper-ballots-voting-machines-midterm-election-security-russian-hacking.html
@KanekoaTheGreat - KanekoaTheGreat
#54 New York Times: America's Elections Could Be Hacked. Go Vote Anyway. (Oct. 19, 2018) "In April, the nation’s top voting machine manufacturer told Senator Ron Wyden of Oregon that it had installed remote-access software on election-management systems that it sold from 2000 to 2006. Senator Wyden called it “the worst decision for security short of leaving ballot boxes on a Moscow street corner.” At a hacking convention last summer, an 11-year-old boy who had been coached on finding the vulnerabilities in a mock-up of Florida’s state election website broke into the fake site and altered the vote totals recorded there. It took him less than 10 minutes…America’s voting systems, like all large and complex computerized systems, are highly vulnerable to cyberattack — whether by altering or deleting voter registration data, or even by changing vote counts. “The vast majority of technical infrastructure for our voting is absolutely, without doubt, woefully insecure,” said Matt Blaze, a University of Pennsylvania computer-science professor who studies voting machine security. Both of the primary methods by which Americans cast their ballots — optical-scan machines and touch-screen monitors — can be tampered with fairly easily… One, provide a paper trail for every vote. Hackers work most effectively in the dark, so they love voting machines that produce no paper verification. Currently, five states — Delaware, Georgia, Louisiana, New Jersey, and South Carolina — run their elections entirely on paperless touch-screen machines. But all five states are considering a switch back to paper ballots in time for 2020. In this year’s midterms, 19 states and Washington, D.C., will use only paper ballots. Two, audit the vote." https://web.archive.org/web/20181118161745/https://www.nytimes.com/2018/10/19/opinion/midterm-elections-hacking.html
@KanekoaTheGreat - KanekoaTheGreat
#55 Vox: The hacking threat to the midterms is huge. (Oct. 25, 2018) "On a scale of 1 to 10, with 10 being the Pentagon’s [security measures], elections have probably moved from a 2 to a 3… They laid out a number of scenarios that could exploit vulnerable election infrastructure: names deleted from voter registration databases; e-poll books that send voters to the wrong precinct; malware that corrupts ballot-definition files for machines or software that governs vote tabulation, before it’s installed in various counties and precincts; or corrupted public-facing websites to announce a false winner on election night… These private companies “represent an enticing target [f]or malicious cyber actors,” according to the Senate Intelligence Report. Yet the report admits that state and federal authorities continue to “have very little insight into the cybersecurity practices of many of these vendors…Today, the American elections industry today is dominated by three companies: Dominion, Hart InterCivic, and, the largest, Election Systems and Software (ES&S). If you voted in the past 10 years, the chances are good that you used these machines (92 percent of voters do), or the myriad supportive technology required to stage an election… Much of the criticism has been directed at digital voting machines, called DREs. But election offices have become increasingly digital in other, less obvious ways: Adopting e-poll books; hauling voter registration information into state-run or third-party databases; proffering all-in-one election management suites, which program the machines and tabulate the outcomes; and building internet-based services for voters, like the precinct tally program in Knox County… But other experts say this insistence overlooks the sophistication of nation-state attackers, who can find other creative methods for intrusion — infected USB drives, modem access, remote-access software — or, of course, infiltrating the company networks themselves, engineering direct upload malware through regular software updates…Public security audits of election technology are rare; the last major ones, commissioned by California and Ohio in 2007, were scathing. And the companies have often seemed committed to avoiding them, with one even threatening Princeton University researchers with lawsuits… In a public statement, Sen. Kamala Harris’s (D-CA) office called it “unacceptable that ES&S continues to dismiss the very real security concerns that Def Con raised.”…Two of the three largest vendors, ES&S and Hart, are owned by private equity companies whose agendas are unclear; Dominion’s headquarters isn’t even American, but Canadian… Many of the vulnerabilities election vendors have patched were previously unknown to them, instead pointed out by others. Earlier this year, security consultants flagged a “Client Web Portal” page for Dominion Voting that lacked SSL encryption. And last year, ES&S unwittingly exposed data for roughly 1.8 million Illinois voters on an Amazon server it controlled, a breach that included ES&S employee’s passwords — encrypted, but potentially crackable by an advanced adversary.” https://www.vox.com/2018/10/25/18001684/2018-midterms-hacked-russia-election-security-voting
@KanekoaTheGreat - KanekoaTheGreat
#56 Scientific American: The Vulnerabilities of Our Voting Machines (Nov. 1, 2018) “This just isn’t a good idea to have elections be conducted by, essentially, black box technology.”…The voting machines themselves have received much, much, much less scrutiny post-2016 from intelligence and defensive sides—as far as we know in the public sphere anyway. To my knowledge, no state has done any kind of rigorous forensics on their voting machines to see whether they had been compromised… One possibility is that attackers could infiltrate what are called election-management systems. These are small networks of computers operated by the state or the county government or sometimes an outside vendor where the ballot design is prepared…There’s a programming process by which the design of the ballot—the races and candidates, and the rules for counting the votes—gets produced, and then gets copied to every individual voting machine. Election officials usually copy it on memory cards or USB sticks for the election machines. That provides a route by which malicious code could spread from the centralized programming system to many voting machines in the field. Then the attack code runs on the individual voting machines, and it’s just another piece of software. It has access to all of the same data that the voting machine does, including all of the electronic records of people’s votes. So, how do you infiltrate the company or state agency that programs the ballot design? You can infiltrate their computers, which are connected to the internet. Then you can spread malicious code to voting machines over a very large area. It creates a tremendously concentrated target for attack.” https://www.scientificamerican.com/article/the-vulnerabilities-of-our-voting-machines/
@KanekoaTheGreat - KanekoaTheGreat
#57 Salon: Philly ignores cybersecurity and disability access in voting system selection (Feb. 16, 2019) "According to computer science professor Richard DeMillo of Georgia Tech, the barcodes also can be manipulated to instruct the scanners to flip votes. Adding insult to injury, these barcode systems cost about three times as much as using hand-marked paper ballots and scanners. In addition, despite initial denials, ES&S admitted last year that it has installed remote access software in central tabulators — the county computers that aggregate electronic precinct totals — in 300 jurisdictions. Although ES&S won’t identify the 300 jurisdictions, a forensic analysis conducted in 2011 of voting equipment in Venango County, PA, revealed that someone had “used a computer that was not a part of the county’s election network to remotely access the [ES&S] central election tabulator computer, illegally, ‘on multiple occasions.’” https://www.salon.com/2019/02/16/philly-ignores-cybersecurity-and-disability-access-in-voting-system-selection_partner/
@KanekoaTheGreat - KanekoaTheGreat
#58 Politico: State election officials opt for 2020 voting machines vulnerable to hacking (March 1, 2019) “Security experts warn, however, that hackers could still manipulate the barcodes without voters noticing. The National Academies of Sciences, Engineering, and Medicine has also warned against trusting the barcode-based devices without more research, saying they “raise security and verifiability concerns.”…The replacements, known as ballot-marking devices, are “a relatively new and untested technology,” said J. Alex Halderman, a voting security expert who teaches at the University of Michigan. “And it’s concerning that jurisdictions are rushing to purchase them before even basic questions have been answered.” Many states have adopted what experts call a much more secure option — paper ballots that voters mark with a pen or pencil and that are then scanned and tallied. But election officials in Georgia, Delaware, and Philadelphia have rejected that option in favor of the barcode devices, saying they are secure enough and better suited for many voters with disabilities. Philadelphia city commissioners on Feb. 20 selected a barcode system called the ExpressVote XL from the major vendor Election Systems & Software, despite warnings about the risks. So did Delaware, which in September chose the ExpressVote XL as part of a $13 million overhaul of election equipment. Earlier this week, Georgia lawmakers advanced a bill to approve the barcode devices in a 101-72 vote that split along party lines. Democrats tended to agree with experts who have said the machines are still too vulnerable… The dispute over the ballot-marking devices centers on the fact that they use barcodes, which can be read by scanners but not by humans. Though the paper records also display a voter’s choices in plain text, which the voter can double-check, the barcode is the part that gets tallied. The danger: Hackers who infiltrate a ballot-marking device could modify the barcode so its vote data differs from what’s in the printed text. If this happened, a voter would have no way of spotting it.” https://www.politico.com/story/2019/03/01/election-vulnerable-voting-machines-1198780
@KanekoaTheGreat - KanekoaTheGreat
#59 TechCrunch: Senators demand to know why election vendors still sell voting machines with ‘known vulnerabilities’ (March 27, 2019) “The letter, sent Wednesday, calls on election equipment makers ES&S, Dominion Voting, and Hart InterCivic to explain why they continue to sell decades-old machines, which the senators say contain security flaws that could undermine the results of elections if exploited. “The integrity of our elections is directly tied to the machines we vote on,” said the letter sent by Sens. Amy Klobuchar (D-MN), Mark Warner (D-VA), Jack Reed (D-RI), and Gary Peters (D-MI), the most senior Democrats on the Rules, Intelligence, Armed Services, and Homeland Security committees, respectively. “Despite shouldering such a massive responsibility, there has been a lack of meaningful innovation in the election vendor industry, and our democracy is paying the price,” the letter adds. Their primary concern is that the three companies have more than 90 percent of the U.S. election equipment market share, but their voting machines lack paper ballots or audibility, making it impossible to know if a vote was accurately counted in the event of a bug. Yet, these are the same devices tens of millions of voters will use in the upcoming 2020 presidential election." https://techcrunch.com/2019/03/27/senators-security-voting-machines/
@KanekoaTheGreat - KanekoaTheGreat
#60 Salon: New "hybrid" voting system can change paper ballot after it's been cast (March 28, 2019) “Unfortunately, there is no universal definition of “paper ballot,” which has enabled vendors and their surrogates to characterize machine-marked paper printouts from hackable ballot marking devices (BMDs) as “paper ballots.” Unlike hand-marked paper ballots, voters must print and inspect these machine-marked “paper ballots” to try to detect any fraudulent or erroneous votes that might have been marked by the BMD. The machine-marked ballot is then counted on a separate scanner. Most independent cybersecurity election experts caution against putting these insecure BMDs between voters and their ballots and instead recommend hand-marked paper ballots as a primary voting system (reserving BMDs only for those who are unable to hand-mark their ballots)… Unlike hand-marked paper ballots counted on scanners and regular non-hybrid BMDs, these new hybrid systems can add fake votes to the machine-marked “paper ballot” after it’s been cast, experts warn. Any manual audit based on such fraudulent “paper ballots” would falsely approve an illegitimate electronic outcome. According to experts, the hybrid voting systems with this alarming capability include the ExpressVote hybrid by Election Systems & Software, LLC (ES&S), the ExpressVote XL hybrid by ES&S, and the Image Cast Evolution hybrid by Dominion Voting. The potential for hybrid systems to add fraudulent votes without detection was identified by Professor of Statistics Philip B. Stark of UC Berkeley, an expert in postelection manual audits, in September of last year. At the time, he told TYT Investigates that the ExpressVote hybrid, which Johnson County, Kansas, had purchased a few months before the 2018 gubernatorial primary, could be maliciously programmed or hacked to create an entirely fraudulent machine-marked “paper ballot” because the machine includes an option that allows the voter to “AutoCast” the ballot without first printing and inspecting it. Moreover, as explained by Stark, the machine does not mark the ballot at all until the voter decides whether to exercise that option, which means that the machine receives advance notice of which ballots are “AutoCast” and thus safe to fraudulently mark. Another election expert, Computer Science Professor Andrew Appel of Princeton University, subsequently confirmed the existence of this stunning defect and dubbed it “Permission to Cheat.” Appel further reported that the ExpressVote XL and Dominion ImageCast Evolution include the same defect.” https://www.salon.com/2019/03/28/new-hybrid-voting-system-can-change-paper-ballot-after-its-been-cast_partner/
@KanekoaTheGreat - KanekoaTheGreat
#61 Vice: Critical U.S. Election Systems Have Been Left Exposed Online Despite Official Denials (Aug. 8, 2019) “The top voting machine company in the country insists that its election systems are never connected to the internet. But researchers found 35 of the systems have been connected to the internet for months and possibly years, including in some swing states. These include systems in nine Wisconsin counties, four Michigan counties, and in seven Florida counties—all states that are perennial battlegrounds in presidential elections. Some of the systems have been online for a year and possibly longer… The systems the researchers found are made by Election Systems & Software, the top voting machine company in the country. They are used to receive encrypted vote totals transmitted via modem from ES&S voting machines on election night, in order to get rapid results that media use to call races, even though the results aren’t final. The system that receives these votes, called an SFTP server, is connected to the internet behind a Cisco firewall… Anyone who finds the firewall online also finds the election-management system connected to it. “It is not air-gapped. The EMS is connected to the internet but is behind a firewall,” Skoglund said. “The firewall configuration [that determines what can go in and out of the firewall]… is the only thing that segments the EMS from the internet.” And misconfigured firewalls are one of the most common ways hackers penetrate supposedly protected systems. Senator Ron Wyden (D-Oregon) said the findings are “yet another damning indictment of the profiteering election vendors, who care more about the bottom line than protecting our democracy.” It’s also an indictment, he said, “of the notion that important cybersecurity decisions should be left entirely to county election offices, many of whom do not employ a single cybersecurity specialist.” “Not only should ballot tallying systems not be connected to the internet, they shouldn’t be anywhere near the internet,” he added…Last year, the Cisco firewalls in Wisconsin failed to receive a patch for a critical vulnerability until six months after the vulnerability had been made public and the patch was released… A New York Times story I wrote last year, however, showed that the modem transmissions do pass through the internet, and even an ES&S document that the company supplied to Rhode Island in 2015 calls the modem transmission of votes an “internet” transmission. A document for modem transmissions from voting machines made by Dominion Voting Systems—another top voting machine company in the country—similarly discusses TCP-IP and SSL, both protocols used for internet traffic. “The configurations show TCP-IP configuration and ‘SSL Optional,’ making it clear that at least the vendors know their systems are connecting through the internet, even if their election official customers do not realize it or continue to insist to the public that the systems are not connected to the internet,” Skoglund said. ES&S has been selling systems with modems to transmit results for more than a decade. Wisconsin approved the use of its current ES&S DS200 optical scan voting machines, with modem transmission capability, in September 2015, but its previous generation of ES&S optical scan machines also used modems for transmitting results. https://www.vice.com/en/article/3kxzk9/exclusive-critical-us-election-systems-have-been-left-exposed-online-despite-official-denials
@KanekoaTheGreat - KanekoaTheGreat
#62 NBC News: How Hackers Can Target Voting Machines (Aug. 12, 2019) "They had assembled some of the most common voting machines in the country, both systems on the front-end that you and I use to register our vote and the back-end tabulators and so forth that you feed a paper ballet into or that oversees a system... It turns out there is an extremely hostile relationship there where ES&S and Dominion and other companies have basically said we don't want to participate and have been really quite aggressive in saying we don't want to be a part of this. So the organizers were reduced to finding these machines on eBay. Which was really quite terrifying because it turns out anybody can buy some of the most commonly used machines on eBay. It's important to know that Georgia is about to spend $100 million on a contract with Dominion to provide ImageCast hardware to the state in time for the 2020 election. Yet, here these kids were who had opened it up and said, look, you can pop the front off of it, here's a port you can get in that's easy, all stuff you can do certainly do within six minutes behind a curtain much less if you had extra time because as we discovered days before so many are connected to the web... The admin password was just sitting there because it turns out the same password applies to multiple machines across the room, and those machines were created in the 2000s, which means they were, in fact, created, so you can't change that admin password. They are just locked for all time in that way... The combination of seeing the incredible vulnerabilities that we saw on display in real-time at this event and the lack of institutional action around the security of the vote all of that made for an extremely alarming weekend." https://www.youtube.com/watch?v=QtWP0KDx2hA
@KanekoaTheGreat - KanekoaTheGreat
#63 MIT Technology Review: 16 million Americans will vote on hackable paperless machines (Aug. 13, 2019) “Despite the obvious risk and years of warnings, at least eight American states and 16 million American voters will use completely paperless machines in the 2020 US elections, a new report by New York University’s Brennan Center for Justice found. Paperless voting machines persist despite a strong consensus among US cybersecurity and national security experts that paper ballots and vote audits are necessary to ensure the security of the next election… “Selling a paperless voting machine is like selling a car without brakes—something is going to go terribly wrong,” Wyden says. “It is obvious that vendors won’t do the right thing on security by themselves. Congress needs to set mandatory federal election security standards that outlaw paperless voting machines and guarantee every American the right to vote with a hand-marked paper ballot. Experts agree that hand-marked paper ballots and post-election audits are the best defense against foreign hacking. Vendors should recognize that fact or get out of the way.”… Backups, however, are not a silver bullet for election security. Security experts say paper ballots are so important precisely because subsequent audits are necessary, and 17 of the 42 states requiring paper do not require audits.” https://www.technologyreview.com/2019/08/13/238715/16-million-americans-will-vote-on-hackable-paperless-voting-machines/
@KanekoaTheGreat - KanekoaTheGreat
#64 Salon: Hackers can easily break into voting machines used across the U.S. (Aug. 14, 2019) “Voting machines used in states across the United States were easily penetrated by hackers at the Def Con conference in Las Vegas on Friday…A video published by CNN shows a hacker break into a Diebold machine, which is used in 18 different states, in a matter of minutes, using no special tools, to gain administrator-level access… Hackers also quickly discovered that many of the voting machines had internet connections, which could allow hackers to break into machines remotely, the Washington Post reported. Motherboard recently reported that election security experts found that election systems used in 10 different states have connected to the internet over the last year, despite assurances from voting machine vendors that they are never connected to the internet and, therefore, cannot be hacked. The websites where states' post-election results are even more susceptible. The event had 40 child hackers between the ages of 6 and 17 attempt to break into a mock version of the sites. Most were able to alter vote tallies and even change the candidates' names to things like “Bob Da Builder,” CNN reported…. Sen. Ron Wyden, D-Ore., called for paper ballots that can’t be hacked. “Election officials across the country as we speak are buying election systems that will be out of date the moment they open the box,” Wyden said in a speech at the conference. “It’s the election security equivalent of putting our military out there to go up against superpowers with a peashooter.” A report by the Brennan Center for Justice at the NYU School of Law, released days after the conference, warned that 12 percent of ballots could be cast on paperless machines in 2020. The report shows that a third of all local election systems used voting machines that were more than a decade old. “We should replace antiquated equipment, and paperless equipment in particular, as soon as possible,” the report said… Rep. Ted Lieu, D-Calif., told Politico that the federal government “has a responsibility to make sure we have strong election security all over America. "It’s stupid to have the view that states have the right to have poor election security,” Lieu said. “No state has a right to have voting machines that can be easily hacked.” https://www.salon.com/2019/08/14/hackers-can-easily-break-into-voting-machines-used-across-the-u-s-play-doom-nirvana/
@KanekoaTheGreat - KanekoaTheGreat
#65 FOX News: Election machine keys are on the Internet, hackers say (Aug. 22, 2019) “I may have the keys to open voting machines used in states across the country, and that is not a good thing. I am not an election official. I am not a voting machine expert, operator, or otherwise affiliated with any federal, state, or local government agency. I am simply an investigative journalist who, upon learning that the types of keys used for these machines are apparently widely available for purchase on the Internet, was prudent enough to ask to take a few keys home as souvenirs from my recent trip to the DEF CON 27 Hacking Conference in Las Vegas. Now, I have access to machines that have been used or are currently in use in 35 different states. Swing-states, coastal icons, and the heartland, experts say…I learned about plenty of other digital backdoors and other disturbing vulnerabilities concerning U.S. election equipment at DEF CON. Like the “hidden feature” that Hursti says was only recently discovered in a machine that’s been in use and under the microscope for more than a decade. “A hidden feature that enables you to reopen the polls silently, and insert more ballots and print the new evidence of the election,” Hursti says. And despite believing that the manufacturers had learned from previously exposed vulnerabilities on that machine over the years, “these [newly discovered] features had been missed” the entire time, Hursti says. I watched Hursti explain this new discovery to Rep. Eric Swalwell, D-Calif., one of the numerous lawmakers who attended this year’s DEF CON, and whose face seemed to drop upon learning of the new revelation. That’s likely because this particular machine has been in use in his home state of California for years…One voting machine was discovered to have a password of “1111.” Better than the voter ID machine with NO password.” https://www.foxnews.com/tech/i-have-the-keys-to-your-voting-machine-probably
@KanekoaTheGreat - KanekoaTheGreat
#66 The Hill: Voting machines pose a greater threat to our elections than foreign agents (Oct. 2, 2019) "In 2017, the largest U.S. voting machine vendor, ES&S, exposed encrypted employee passwords online. Using those passwords, hackers could have planted malware on the company’s servers, and that malware could then be delivered to voting systems across the country with official updates. “This is the type of stuff that leads to a complete compromise,” said cyber-risk analyst Chris Vickery. Both ES&S and its main competitor, Dominion Voting Systems, have released voting machines that security experts say can add votes to paper ballots after they are cast by voters… Security experts are alarmed at internet connectivity in voting systems because it can allow hackers to inject malware that disrupts or changes the outcome of an election. Kevin Skoglund, the lead researcher of one study, confirmed that vendors "know their systems are connecting through the internet.” In August, North Carolina became the latest casualty. Voters and representatives from good-government groups pleaded with the state board of elections to adopt the type of voting system almost unanimously supported by election security experts, one that uses hand-marked paper ballots. They asked the board to reject ballot-marking devices that use barcodes and argued that hand-marked paper ballots are more secure, less expensive, and less likely to create long lines at the polls… Similar decisions have been made in Delaware, Georgia, Kansas, New York, Pennsylvania, and Wisconsin. Communities in those states have experienced frustration, and outrage and even launched investigations following certification or adoption of election systems opposed by experts, good-government groups, competing vendors, and the general public.” https://thehill.com/opinion/technology/464065-voting-machines-pose-a-greater-threat-to-our-elections-than-foreign-agents/
@KanekoaTheGreat - KanekoaTheGreat
#67 NPR: Cyber Experts Warn Of Vulnerabilities Facing 2020 Election Machines (Sept. 4, 2019) "The machine he's investigating is a ballot-marking device used to help people with physical impairments or language barriers vote, and it's running a version of Windows that is more than 15 years old. "These systems crash at your Wal-Mart scanning your groceries. And we're using those systems here to protect our democracy, which is a little bit unsettling," he said. "I wouldn't even use this to control a camera at my house. Or my toaster." One glaring vulnerability — which cybersecurity experts have been talking about for 20 years, and yelling about for the past decade — are paperless voting machines. Experts agree that these machines are insecure because they record votes electronically and could either be manipulated or malfunction without detection. They can't truly be audited, and they leave room for some doubt in the result. In 2016, approximately 20 percent of voters used electronic voting equipment that didn't provide a paper trail. In 2020, that number will be around 12 percent, according to a recent report from the Brennan Center for Justice." https://www.npr.org/2019/09/04/755066523/cyber-experts-warn-of-vulnerabilities-facing-2020-election-machines
@KanekoaTheGreat - KanekoaTheGreat
#68 Wired: Some Voting Machines Still Have Decade-Old Vulnerabilities (Sept. 26, 2019) “Today's report highlights detailed vulnerability findings related to six models of voting machines, most of which are currently in use. That includes the ES&S AutoMARK, used in 28 states in 2018, and Premier/Diebold AccuVote-OS, used in 26 states that same year… "As disturbing as this outcome is, we note that it is at this point an unsurprising result," the organizers write. "It is well known that current voting systems, like any hardware and software running on conventional general-purpose platforms, can be compromised in practice. However, it is notable—and especially disappointing—that many of the specific vulnerabilities reported over a decade earlier ... are still present in these systems today." The types of vulnerabilities participants found included poor physical security protections that could allow undetected tampering, easily guessable hardcoded system credentials, the potential for operating system manipulations, and remote attacks that could compromise memory or integrity checks or cause a denial of service. The report points out that many of these vulnerabilities were discovered years ago—sometimes more than a decade—in academic research or state and local audits. Additionally, voting machine security is only one item on a much larger punch list for better defending US elections. More districts need to implement network and cloud defenses to protect infrastructure like voter rolls and email, and more states need to conduct risk-limiting audits to verify election results.” https://www.wired.com/story/voting-village-results-hacking-decade-old-bugs/
@KanekoaTheGreat - KanekoaTheGreat
#69 John Oliver Breaks Down Faulty Voting Machine Security on Last Week Tonight (Nov. 3, 2019) John Oliver offered various examples of how easy it is to physically hack a voting machine (it can take only a few minutes), how easy it is to find unattended voting machines, and how flimsy the claims are that most machines are never connected to the Internet. “So, some machines that officials insist don’t connect to the Internet, actually do connect to the Internet,” Oliver said. “And even some machines that don’t connect directly to the Internet are programmed with cards that have themselves been programmed on computers that connect to the Internet." https://www.youtube.com/watch?v=svEuG_ekNT0
@KanekoaTheGreat - KanekoaTheGreat
Rep. Jerry Nadler (D-NY) in 2004: "If someone were deliberately hacking these machines, you could steal millions of votes, and no one would know it... We've documented a machine in this county that recorded 11,000 extra votes for Bush. In that county, there was counting Kerry votes for Bush... These machines are hackable. A dishonest employee of the vendor, or a dishonest employee of a local board of elections, or simply someone who knows electronics, and has a computer at home, could hack into these machines and put in secret instructions to disregard every 20th Democratic vote. Or add 10% to the Kerry or Bush vote or whatever, and you might not even know it... There was one county where on some local race or some referendum, they lost 4500 votes, the machine hiccuped, and 4500 people didn't have the votes counted... We have all these professors and these computer experts telling us that the encryption algorithms aren't sufficient. That the protections aren't sufficient. They are proprietary data, so they're kept secret, so we don't really know." Full thread below. 🧵👇
@KanekoaTheGreat - KanekoaTheGreat
MUST WATCH🚨 20 minutes of prominent Democrats, computer scientists, and election security experts warning that America's election system is online, easily hackable, and often running on Windows 7 or older operating systems. https://t.co/upFIU1g8SN
@SpudMEMES - 🥔Memes 𝕏
Did you know Tyler was hacked right before the election of 2020? Tyler + Election Data + Clerks = Big Steal But what do I know…. I’m just a
@FreyjaTarte - Freyja™
Here is 2 minutes of Democrats revealing their distrust for voting machines. https://t.co/EwzkfsyJnC
@listen_2learn - The Researcher
If there is a cyber attack next year, our government is responsible, just like they were for stealing the 2020 election. They will blame it on “the Russians”, or whomever, per usual. https://t.co/lkhG2QFB4G
@listen_2learn - The Researcher
@DGrayTexas45 - David Gray
@LeadingReport @lynda62560 Election Commissioner Bennie Smith shows how easy it is to manipulate the software in the voting machines to determine who wins and what percent of the vote they will get. https://t.co/X2NquMEmlJ
@DrEtiquette - DR. ETIQUETTE 🤦♂️
Remember when they told us that voting machines weren’t connected to the internet? 🤦♂️ https://t.co/UgW93VwdkD
@KanekoaTheGreat - KanekoaTheGreat
.@shennabellows says America is experiencing an epidemic of election disinformation, citing a claim that ES&S voting machines are connected to the internet in Kentucky. There's only one problem. On January 10, 2020, NBC News reported that ES&S was utilizing 14,000 modems to establish internet connections for voting machines, including in the State of Kentucky. In February 2018, the New York Times detailed ES&S's installation of remote access software on their election management systems. Further damning evidence surfaced in March 2018 when ES&S admitted, in a letter to Senator Ron Wyden, that remote access software had indeed been installed on their election management systems. Furthermore, all computerized voting equipment can be hacked because all such equipment must receive programming before each election from memory cards or USB drives prepared on election management systems, which are often old computers connected to the internet running out-of-date versions of Windows. Computers are hackable. Suppose a county election management computer is infected with malware. In that case, the malware can spread from that system to the USB drives, transferring it to all the voting machines, optical scanners, and tabulators that collect, count, and determine election results for that county. All of these problems are exacerbated by manufacturers, having also installed remote-access software and cellular modems connecting voting machines directly to the internet. This is the problem with the authoritarian left's goal of censoring dissidents, critics, and their political opposition. Shenna Bellows would censor American citizens from telling the truth about real election vulnerabilities while she perpetuates an epidemic of election disinformation. Not to mention, she disenfranchised half of Maine's citizens by unilaterally deciding they can't vote for their leading presidential candidate.
@TrumpDailyPosts - Donald J. Trump Posts From His Truth Social
ELECTION INTERFERENCE! https://t.co/MVZJHcr1lH
@theblaze - TheBlaze
🚨We were made aware of an alleged vulnerability in Dominion voting systems that was mentioned in a federal court case. We asked a cyber security expert with knowledge of the allegation to attempt to recreate what was described and screen record the entire process. They did. https://t.co/2y17nqHDaJ
@BehizyTweets - George
BREAKING: Someone just hacked a voting machine within seconds live on PBD's podcast. He only used a preprogrammed USB stick that gave him total access to do whatever he wanted, including flipping or creating votes out of thin air "If this would have been an election, I could have gone to the database and for example change the votes." PBD: "How much of it could you have changed?" "Anything, add new candidate who was not even on a ballot, it doesn't matter, because if you have total control over the system, you can do anything you want." Via: @patrickbetdavid This was such a wild moment. It's like when Professor J. Alex Halderman used a pen to hack a Dominion machine in front of a federal judge a few months ago. I pray for the day when we will finally ditch these machines and start hand-counting all our votes like a serious country.
@iluminatibot - illuminatibot
Proof elections are rigged https://t.co/y7oyxJGdK0
@ValentinaForUSA - Valentina Gomez
I uncovered voter fraud. The steal has begun. I hope it’s too big to rig. https://t.co/EDSvCiZ2ou
@ImMeme0 - I Meme Therefore I Am 🇺🇸
What kind of voting machine nonsense is this? https://t.co/8YYmT3YInN
@NahBabyNah - NahBabyNah #Trump
@mtgreenee Tennessee did a great write-up on how bad electronic voting systems are ⬇️ https://t.co/VCR9AjweTU
@RyanMattaMedia - RyanMatta 🇺🇸 🦅
Dear Michigan, this is how dominion voting machines just rigged the Michigan Election. https://t.co/y4NBDhhBA3
@BGatesIsaPyscho - Concerned Citizen
🇺🇸 “Why would Homeland Security be conducting a Large Scale Cyber Simulation attack on election day?” https://t.co/S3GCjksR2J
@DefiyantlyFree - Insurrection Barbie
Because Donald Trump questioned the voting machines during his final rally today I’m going to preemptively post this video of Democrats questioning machines for the fake news. https://t.co/SuvfC0TAXw
@iluminatibot - illuminatibot
RFK Jr. wants to know why we have “ATM machines on every block that never get hacked,” yet somehow, we can’t secure our elections. https://t.co/Qoqp2V1a75
@DravenNoctis - Noctis Draven
It's very alarming that Russia, Iran and China have infiltrated the US so deeply! Oh wait... https://t.co/2yHbxPhYv2
@ColonelReynolds - COL Conrad Reynolds
Wow!! @DNIGabbard says “we have evidence of how these machines have been vulnerable and able to be manipulated” (paraphrasing) and they’re still investigating. Says the President is right to want to go to paper ballots to make elections secure again!! #MESA https://t.co/g9CJ9e3Nzz
@LarryOConnor - L A R R Y
"Nobody ever said 'the Russians hacked the election!'" Except, of course, they ALL said "the Russians hacked the election" 👇 https://t.co/w50F9lQN9i
@KanekoaTheGreat - KanekoaTheGreat
BREAKING: Explosive video surfaces of FOX News stars Tucker Carlson, Laura Ingraham, and Sean Hannity slamming Trump's "insane" voting machine fraud allegations as "absurd," "ridiculous," and "complete BS"!