“… Airplane engineers and elevator designers went through *decades* of learning how to make safe systems. See, for example, the history of the Airbus A320. Manufacturers of voting software don’t have those years of experience, and in fact they have been highly resistant to suggestions from experts in software reliability and consistently reluctant to submit to outside testing (such as what the FAA does for airplanes, and other bodies do for elevator designs).
Furthermore, when an airplane or elevator fails, the failure is obvious. When a voting system fails, the failure can be incredibly subtle–and in fact, the beneficiaries of the failure can be astoundingly resistant to suggestions that the results might not be accurate (see 2000, 2004, and 2016 U.S. presidential elections).”~ Geoff Kuenning
“… Voting systems must be designed as high-security systems. The evidence that bad actors will seek unrelentingly to compromise them, and that many past bad actors have been well funded and sophisticated, is beyond dispute. Many of you know the joke ending with “But who is Tovarisch Daley?” If that isn’t enough, we have an extended sequence of demonstrations by researchers dating back nearly twenty years in which every electronic voting system tested has been found to be readily vulnerable. Including, just to be clear, every single one of the voting systems that are currently cast in doubt. That is: the manufacturers knew. Worse: these results are public, which means that the officials responsible for the integrity of the voting process in the several states knew or should have known. There is evidence that in many key states those officials set aside their lawful responsibilities in favor of political partisanship. Too many saw sacrificing Democracy itself as an acceptable price for supporting their preferred party.
The question isn’t whether these machine implementations are grossly negligent. The question is when we will acknowledge that the critical role of software in society warrants substantial civil protections, up to and including civil and criminal liability, for knowingly shipping a critically flawed critical system and/or ignoring the most mundane levels of well-established routine practices. Penetration testing of critical public systems with public reporting should not only be routine, it should be mandated by statute. Yes, the expense of these systems will rise. Consider, however, that while these systems are vulnerable the market price of the American political and legal process is essentially “free”.
A hard-wired password “abcde” in a voting machine and nobody goes to jail? The folks at Black Hat were not the first ones to find that!” ~ Jonathan Shapiro, Ph.D.
A Free Press Needs You By NYT Editorial Board Aug 15 2018
In 1787, the year the Constitution was adopted, Thomas Jefferson famously wrote to a friend, “Were it left to me to decide whether we should have a government without newspapers, or newspapers without a government, I should not hesitate a moment to prefer the latter.”
Remote-access software and modems on election equipment ‘is the worst decision for security short of leaving ballot boxes on a Moscow street corner.’ The nation’s top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them. In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had “provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006,” which was installed on the election-management system ES&S sold them. ES&S is the top voting machine maker in the country, a position it held in the years 2000-2006 when it was installing pcAnywhere on its systems. Read The Myth of the Hacker-Proof Voting Machine 2018
Despite Trump’s assurances, states struggling to protect against election hacking
The president pledges to help states secure their election systems, but most won’t have updated equipment in place before 2020. POLITICO
Does Your State show you – your own voter registration status? Example PA does
TechCrunch – Jonathan Shieber – Aug 12,
The idea, according to event organizers from Wickr (a secure communications platform), “was mainly focused on breaking into the portions of the websites that are critical to the election process, [so] the kids worked against the replicas of the webpages where election results are reported by secretaries of state.” The replicas were built by the team at Wall of Sheep Village and they issued the following statement: “The main issues with the live sites we are creating the replicas of are related to poor coding practices. They have popped up across the industry and are not vendor specific.”
Emmett, whose dad works in cybersecurity and who has been attending Def Con for four years, has some thoughts on how easy it was for him to get into the system and change the vote tallies for election results. “It’s actually kind of scary,” the 11-year-old said. “People can easily hack in to websites like these and they can probably do way more harmful things to these types of websites.” The point, according to Wickr’s (badass) founder Nico Sell, is to bring attention to just how flawed security operations remain at the state level in areas that are vital to the nation’s democracy.
“What happens in Vegas stays in Vegas? Except hacking voting machines.
@defcon made it abundantly obvious how flawed these systems are at many levels! People like @MarilynRMarks1 taking the fight to court are the real hero’s to our Democracy. #hackedvotes”
What is #Georgia paying ES&S for if it’s not allowed to alter, fix or update the software? Have there been any security updates since 2010? @BrianKempGA
@merisaurus Extra tidbit: ES&S, company paid 2 service #Georgia voting machines, sold the software IP in 2010 & is barred by @TheJusticeDept from fixing. ES&S: “The prohibition on updating the software has not affected” state’s ability to conduct “secure” elections. link
Inside of a voting machine. The guys from The Voting Machine Hacking Village brought new machines this year @defcon, some of them never before subjected to public or independent security review, as they say.
Our Elections vs. China and Russia
‘Lone DNC Hacker’ Guccifer 2.0 Slipped Up and Revealed He Was a Russian Intelligence Officer
But they have found no collusion.
Bankers May Have Moved $13 Billion Through Baltic Laundromat
You also never knew about this women
Anna Chennault: ‘Steel butterfly’ who charmed US and China
Why the world has lost one of the most influential powerbrokers it had never heard of.
When Rio Tinto Met China’s Iron Hand
Bloomberg Businessweek July 13, 2018, 12:01 AM EDT In 2010, four employees of the mining giant were jailed and accused of stealing commercial secrets. Today, the company is more reliant on China than ever. For eight years, Stern Hu rose every morning at 6 a.m. in Qingpu Prison near Shanghai. He and the dozen men who shared his cell would blearily pull on their blue-and-white-striped uniforms and line up in front of their bunks for the day’s first duty: greeting the guards. “Good morning, officer!” they’d shout.
Blowing Up Spy Networks
Just when you think things can’t get any worse:
A university spelled ‘Board of trustees’ incorrectly in its diplomas for 6 years before it was spotted
The Colorado Mesa University diplomas were signed “Coard of Trustees.”