Re: Hacking the election

denbesten · ‎08-28-2019

It is now being reported that A few voting machines were visibly changing people's votes, and it was caught on video and posted on social media.

Who knows if the video is factual, but regardless I'm sure it will spark much discussion in the media and political arenas. Hopefully, at a minimum, the result will be a mandatory paper trail (which does not exist on the machines in question).

AppDefects · ‎08-28-2019

Dude, we can do anything with AI and software to rig the election. How do we audit the code is one question that we need to ask ourselves.

Shannon · ‎08-28-2019

Bottom line: Your vote counts --- although what you cast might not add up to what you want...

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz

CraginS · ‎08-28-2019

@denbesten wrote:
It is now being reported that A few voting machines were visibly changing people's votes, and it was caught on video and posted on social media.
...

Hacking individual voting machines is a stupid kid trick, demonstrably even more stupid if evidence of the hack is left visible to the voters, as in this situation. It is a waste of time and resources to corrupt the s/w in hundreds or thousands of voting machines. To control an election outcome, you need to hack the vote counting and aggregation steps of the process. For a summary if the issues in selecting the processes involved in elections and voting, see my blog post, DHS Security Tip 19-001, Best Practices for Securing Election Systems. For an excellent discussion by a team of professionals in the many areas needed, see the NAP Press book, Securing the Vote: Protecting American Democracy (2018). This Consensus Study Report is available as free PDF, dead tree version for $45 USD, or eBook (ePub or Kindle) for $36.89 USD.

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts

rslade · ‎08-28-2019

> denbesten (Community Champion) posted a new topic in Tech Talk on 08-28-2019

> Who
> knows if the video is factual

I'm sorry, but this statement is *very* concerning.

It is very much to the point if the video is factual. If it *is* factual, then we have
to ensure that voting machines from that manufacturer do not make it into the
election process.

But if the video *isn't* factual, we have an effort to create mistrust in the election
process, and must ensure that the video is *not* spread, else we are only
supporting the attacker.

> Hopefully, at a minimum, it the
> result will be a mandatory paper trail (which does not exist on the machines in
> question).

Unfortunately, it can have graver and much more damaging results than that ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
`I'm always surprised when I meet an atheist.'
`Mm.'
`I mean, I know you exist, but that's not the same as believing.'
`Yes God, I get it.'
- https://twitter.com/MicroSFF/status/545881676396888064
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468

JoePete · ‎08-28-2019

@CraginS wrote:
Hacking individual voting machines is a stupid kid trick [snip] To control an election outcome, you need to hack the vote counting and aggregation steps of the process.

Exactly. The publicity stunts pulled relating to this are a huge disservice on multiple levels. Here's the real threat I see, however. The people exaggerating the risk - knowingly or not - are only going to add fuel to the idiots clamoring for some national voting system. Right now our best defense is the extremely disjointed and distributed nature of voting throughout the country. Once some uniform system is in place, then that is where it becomes easy to attack counting and aggregation.

Listen folks, the biggest threat to our system of government isn't the Russians, the North Koreans, the socialists, the fascists, or even 1990s boy bands planning reunion tours. It is an electorate that is incapable of thinking for itself. No one is stealing elections. We're giving them away.

denbesten · ‎08-28-2019

Subsequent news articles indicate that the issue was technical and they make it sound as if the issue arose during transport. Makes me wonder how they handled the 12 votes on the machine that occurred before the issue was reported.

However, this only heightens the risk of being fodder for election tampering claims and instilling distrust in the election process. After all, the video does "explain" tampering in a compelling way that will resonate with even the most novice of voters. Such distrust is the biggest risk to election security.

@CraginS, you might consider adding disinformation-campaigns, voter-disenfranchisement and gerrymandering to your list of election tampering mechanisms.

rslade · ‎08-30-2019

We have, of course, discussed voting systems elsewhere (and elsewhere, and elsewhere), but it is interesting to note that there is a link to another recent topic: homomorphic encryption. Ron Rivest has suggested an interesting system which allows for verification of personal voting (voters can't vote twice), direct counting of ballots without decryption, public audit trail, as well as verification (by the voter) that the vote was correctly counted as cast.

It can be used with paper ballots, but can also be implemented for electronic and online systems.

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468

rslade · ‎08-31-2019

And, at the moment, the US electoral system is pretty much unprotected.

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468

CraginS · ‎08-31-2019

@denbesten wrote:
...
@CraginS, you might consider adding disinformation-campaigns, voter-disenfranchisement and gerrymandering to your list of election tampering mechanisms.

Actually, William, no, not for this community. We have now reached a point in the discussion where we should distinguish between election system hacking and election hacking. Our collective areas of expertise in this forum are focused on the means of interfering with elections through interfering with election systems, primarily involving IT systems. The concept of election hacking is a higher- level construct, that most definitely includes the methods if disinformation campaigns, over-disenfranchisement, and gerrymandering that you have listed.

Societally, yes, we really should address and evaluate all the means of election hacking, including the social and political processes you have listed. However, in our InfoSec community, we should focus on the election systems and processes within our area of expertise. That said, I also believe we should engage with the legal, political, sociological, and psychological experts as a wide-ranging team to address the full challenge of election security and validity. As it happens, I believe that one of the most insidious, and potentially effective tools in this bundle, is disinformation campaigns, which often include lies of fact, implication, and innuendo by the candidates themselves

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts