We need to develop nationwide policies and security protocols that would govern how voting machines are secured.

We need to develop nationwide policies and security protocols that would govern how #voting machines are secured.

https://www.edu-cyberpg.com/Technology/vote.html

The fact that information is stored unencrypted on hard drives simply makes no sense in the current threat environment. That they can be left on devices, unencrypted, that are then sold on the open market is malpractice.

Since these machines are for sale online, individuals, precincts, or adversaries could buy them, modify them, and put them back online for sale. Envision a scenario in which foreign actors purchased these voting machines. By reverse engineering the machine like I did to exploit its weaknesses, they could compromise a small number of ballot boxes in a particular precinct. That’s the greatest fear of election security researchers: not wholesale flipping of millions of votes, which would be easy to detect, but a small, public breach of security that would sow massive distrust throughout the entire election ecosystem.

I BOUGHT USED VOTING MACHINES ON EBAY FOR $100 APIECE. WHAT I FOUND WAS ALARMING

AUTHOR: BRIAN VARNERBRIAN

IN 2016, I bought two voting machines online for less than $100 apiece. I didn’t even have to search the dark web. I found them on eBay. Surely, I thought, these machines would have strict guidelines for lifecycle control like other sensitive equipment, like medical devices. I was wrong. I was able to purchase a pair of direct-recording electronic voting machines and have them delivered to my home in just a few days. I did this again just a few months ago. Alarmingly, they are still available to buy online.
reverse-engineered the machines to understand how they could be manipulated. After removing the internal hard drive, I was able to access the file structure and operating system. Since the machines were not wiped after they were used in the 2012 presidential election, I got a great deal of insight into how the machines store the votes that were cast on them. Within hours, I was able to change the candidates’ names to be that of anyone I wanted. When the machine printed out the official record for the votes that were cast, it showed that the candidate’s name I invented had received the most votes on that particular machine.
This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines—those that were used in the 2016 election—are running Windows CE and have USB ports, along with other components, that make them even easier to exploit than the older ones. Our voting machines, billed as “next generation,” and still in use today, are worse than they were before—dispersed, disorganized, and susceptible to manipulation.

A recent in-depth report on voting machine vulnerabilities concluded that a perpetrator would need physical access to the voting machine to exploit it. I concur with that assessment. When I reverse-engineered voting machines in 2016, I noticed that they were using a smart card as a means of authenticating a user and allowing them to vote. There are many documented liabilities in certain types of smart cards that are used, from Satellite receiver cards to bank chip cards. By using a $15 palm-sized device, my team was able to exploit a smart chip card, allowing us to vote multiple times.

Karl Auerbach
Date: March 18, 2019
Well more than a decade ago, but after the disastrous Gore vs Bush election the Open Voting Consortium bought a used Diebold DRE (touchscreen) voting machine that had become unclaimed freight. An interesting aspect is that the laws regarding unclaimed freight can potentially extinguish or diminish things like license limitations – or non-disclosures – that might have applied to those taking the items in a normal chain of transfers.

The machine was as heavy as a Diebold vault, but that’s where the security ended.  It had a cheap lock that could, and was, picked in just a few seconds.  It ran MS Windows CE off of a compact flash.  It even still had the votes from the last election in which it was used (in Ohio.)

Subsequently I was part of a team on a project to build a reference implementation of voting systems for the state of California (and anyone else) – from precinct and canvassing (counting) center hardware to vote capture machines to vote counting machines to all of the surrounding procedures.  We had buy in for all of the various parts – UCLA and UC Berkeley law on procedures, UC Merced on hardware, UC Santa Cruz on software, etc.

We did not find “open source” to be necessary.  Rather we felt that the public would be best served by systems that could be inspected by anyone (including inspection of code), full testing by any interested party (of all components), and open publication of test results.  We did not feel that it was necessary to take the step to require free distribution (or re-distribution) of parts: we wanted to encourage private vendors to produce this stuff and we had to leave them some incentive to do so.

The key element was that all of the devices would be totally open for inspection and testing – and that at the precinct all inter-machine APIs would be in the form of paper that could be reliably read by both humans (with normal eyesight) and machines.

Some precinct machines would gather voter intent – with different machines for different kinds of human frailties ranging from bad eyesight to inability to accurately use a finger on a touch screen.  All would produce that paper ballot.  Separate machines would record those ballots.

Most people have tended to forget that often the easiest place to steal an election is in the transfer of ballots/tallies from precincts to the counting/canvassing center or at the counting center itself, especially as we move towards instant runoff style ballots.  So we designed all of that stuff, and procedures, as well.

One surprising obstacle was from county clerks:  they are tasked with the very difficult jobs of delivering a believable election on a small budget.  They have to deal with all of the practical things like warehousing voting machines and training precinct workers.  They have a real concern about the costs of storing paper ballots; they are not equipped to become local versions of Iron Mountain.

In addition various states have old laws that have to be rewritten.  For example, California has very strict limits on how long voting materials – such as cast ballots – can be retained after an election.

Unfortunately the project died before it was launched due to a sex (I think) scandal involving the California Secretary of State that broke on the day he was to sign the papers to launch the project.)

I think that it is a project that deserves to be resurrected.

THEY ALREADY KNOW WHO YOU ARE WHEN YOU #VOTE

Exactis, as the source of a leak of the personal records of nearly everyone in the United States.

Exactis, as the source of a leak of the personal records of nearly everyone in the United States.

The result is a cautionary tale about the liability that a massive dataset can create for a tiny company like Exactis. It also hints at just how easy it’s become for small firms to wield massive, leak-prone databases of personal information—without necessarily having the resources or know-how to secure them.

https://www.wired.com/story/exactis-data-leak-fallout/

WIRED had revealed that Exactis exposed a database of 340 million records on the open internet, as first spotted by an independent security researcher named Vinny Troia.

Using the scanning tool Shodan, Troia identified a misconfigured Amazon ElasticSearch server that contained the database, and then downloaded it. There he found 230 million personal records and another 110 million related to businesses—more than two terabytes of information in total. Those files didn’t include credit card information, passwords, or Social Security numbers. But each one enumerated hundreds of details on individuals, ranging from the value of people’s mortgages to the age of their children, as well as other personal information like email addresses, home addresses, and phone numbers.

Exactis licensed that information to marketing and sales customers, so that they could integrate it with their existing databases to build more comprehensive profiles. But privacy advocates have warned that those same details, left open to the public, could just as easily allow spammers or scammers to profile targets.

the most painful breaches, like the Office of Personnel Management or Anthem health insurance incidents that involved stolen Social Security numbers and other hard-to-change personal data, are naturally the most valuable targets for attackers. Don’t forget the massive credit reporting agency Equifax to that list.