The Voting News Daily: Oak Ridge, spear phishing, and internet voting, Voter Files Altered in New Mexico

Oak Ridge, spear phishing, and internet voting – Freedom to Tinker

Oak Ridge National Labs (one of the US national energy labs, along with Sandia, Livermore, Los Alamos, etc) had a bunch of people fall for a spear phishing attack (see articles in Computerworld and many other descriptions). For those not familiar with the term, spear phishing is sending targeted emails at specific recipients, designed to have them do an action (e.g., click on a link) that will install some form of software (e.g., to allow stealing information from their computers). This is distinct from spam, where the goal is primarily to get you to purchase pharmaceuticals, or maybe install software, but in any case is widespread and not targeted at particular victims. Spear phishing is the same technique used in the Google Aurora (and related) cases last year, the RSA case earlier this year, Epsilon a few weeks ago, and doubtless many others that we haven’t heard about. Targets of spear phishing might be particular people within an organization (e.g., executives, or people on a particular project). Full Article

NM: Thousands of voter files altered; Bernalillo County clerk demands SOS restrict database access – Veritas NM.com

A few days after New Mexico Secretary of State Dianna Duran notified all 33 county clerks that their biennial voter purge would be canceled this year, Deputy Bernalillo County Clerk Robert Adams made a disturbing discovery — 44,601 county files stored on the state’s voter registration database had been accessed and altered. Accustomed to spending long hours in front of his computer, Adams says he was shocked to learn informational “flags,” which are attached to voter files after mail is returned by the U.S. Postal Service as undeliverable, had simply vanished on Valentine’s Day. After securely logging on to the database, known as PowerProfile, Adam’s heart began beating a little faster as he started considering worst-case scenarios. He needed to know what happened before the Bernalillo County Board of Voter Registrations was convened the third Monday of March, the date required by state statute. Adams worried a criminal might have breached a government intranet connection with the goal of stealing voters’ social security and driver license numbers and other sensitive personal identification information, including voters’ dates of birth and addresses. Later the same chilly February morning, however, Adams determined the flags had been deleted by an unauthorized technician at Nebraska-based Elections Systems and Software (ES&S) without his, or County Clerk Maggie Toulouse Oliver’s written or verbal permission. Full Article

Nigeria: International Election Observer Declares Nigeria Presidential Vote Credible | VOAnews.com

The leader of an observer mission at last weekend’s presidential election in Nigeria says the vote was largely free and fair. It was a significant improvement over the 2007 general elections, said Robin Carnahan of the U.S.-based National Democratic Institute [NDI], and the secretary of state of the U.S. state of Missouri. Most observers described those earlier polls as flawed.

“The presidential and National Assembly elections represent a step forward from seriously flawed elections of the past,” said the NDI in a statement. It said they hold the promise of setting a new standard for integrity in Nigeria’s electoral process.

Tennessee: GOP moves to repeal Tennessee paper ballot law | The Tennessean

A plan to require paper ballots in next year’s elections is on the verge of being repealed, the latest in a series of actions taken by Republicans in the state legislature to rewrite Tennessee election laws.

State representatives are trying to reverse most of a 2008 law that called for the replacement of electronic voting machines across the state with paper ballots read by computerized scanners. The move would kill off a plan that supporters say would create a verifiable record of votes but opponents say will be costly and open to tampering.

New Mexico: Thousands of voter files altered in New Mexico; clerk demands Secretary of State restrict access | Veritas NM.com

A few days after New Mexico Secretary of State Dianna Duran notified all 33 county clerks that their biennial voter purge would be canceled this year, Deputy Bernalillo County Clerk Robert Adams made a disturbing discovery — 44,601 county files stored on the state’s voter registration database had been accessed and altered.

Accustomed to spending long hours in front of his computer, Adams says he was shocked to learn informational “flags,” which are attached to voter files after mail is returned by the U.S. Postal Service as undeliverable, had simply vanished on Valentine’s Day.

Maryland: $3.41M Settlement with Premier Election Solutions Over Voting Machine Security Issues | Southern Maryland Headline News

Attorney General Douglas F. Gansler on Wednesday announced the settlement of a claim against Premier Elections Solutions, formerly known as Diebold. The settlement, negotiated by the Office of Attorney General, will be worth more than $3 million to the State.

In 2008, the Attorney General, on behalf of the State Board of Elections, brought a claim against Diebold to recoup costs that the State incurred to remedy security issues that had arisen with the Diebold machines.

Florida: With presidential election looming, Florida election law rewrite moves forward | jacksonville.com

With a fast-approaching presidential election expected to bring more than 8.5 million Floridians to the polls, the Legislature is battling over sweeping changes to nearly every aspect of state election law.

Supporters tout the changes as fighting fraud. Opponents say they are disenfranchising. And the people charged with counting ballots wonder why lawmakers are trying to reinvent the wheel in the first place.

Colorado: Are Denver’s elections costing too much? | KWGN

Four candidates are running for Clerk & Recorder in Denver, and one of them, Jacob Werther, is claiming the all-mail ballot election is costing the City too much. “I’m thinking about four dollars a ballot,” said Werther.  “When you factor in the paper and the labor involved in handling 290-thousand ballots it’s about 1.2 million dollars.”

He says if the city would go to a full Ballot on-demand system, where ballots are printed out when voters show up at the polls, this election could have come in for about $600,000 and that includes 60 polling places with eight judges at each location.

Arizona: Tucson’s mail-in election may violate state | KOLD.com law

Tucson city leaders voted two weeks ago to hold all mail elections. It was a way to save money for a cash starved city and increase voter turnout. But Republicans at the state legislature have different ideas.

After the city vote, the lawmakers inserted language in SB 1331 which in essence says Tucson can’t do that. Any other city in the state can hold mail in elections, just not Tucson.

Wisconsin: Count on some chaos in state Supreme Court recount | JSOnline

This is what a recount looks like: An indoor sports arena is filled with poll workers from every municipality in Milwaukee County, each in their own area. At each station, poll workers examine and count ballots one by one. And as they count, campaign volunteers, attorneys and journalists watch their every move – with the campaign representatives sometimes challenging the poll workers’ decisions – while sheriff’s deputies stand guard.

It could be the biggest show in Wisconsin. And, with a few variations, it opens next week in every county in the state.

Tennessee: Sumner County leaders oppose possible paper ballot mandate in Tennessee | The Tennessean | tennessean.com

Members of the Sumner County Commission recently voted to send a proposal to state legislators to either repeal or fund a bill currently being considered that mandates the use of paper ballots in local elections.

“We just purchased new machines that are electronic, and if they mandate paper ballots we’ll have to go to a new system,” County Executive Anthony Holt said. “It could be in the range of $300,000 to buy the new required scanning machines and have them stored. That’s going to be a huge fiscal impact.”

Verified Voting Blog: Oak Ridge, spear phishing, and i-voting

Oak Ridge National Labs (one of the US national energy labs, along with Sandia, Livermore, Los Alamos, etc) had a bunch of people fall for a spear phishing attack (see articles in Computerworld and many other descriptions). For those not familiar with the term, spear phishing is sending targeted emails at specific recipients, designed to have them do an action (e.g., click on a link) that will install some form of software (e.g., to allow stealing information from their computers). This is distinct from spam, where the goal is primarily to get you to purchase pharmaceuticals, or maybe install software, but in any case is widespread and not targeted at particular victims. Spear phishing is the same technique used in the Google Aurora (and related) cases last year, the RSA case earlier this year, Epsilon a few weeks ago, and doubtless many others that we haven’t heard about. Targets of spear phishing might be particular people within an organization (e.g., executives, or people on a particular project).

In this posting, I’m going to connect this attack to Internet voting (i-voting), by which I mean casting a ballot from the comfort of your home using your personal computer (i.e., not a dedicated machine in a precinct or government office). My contention is that in addition to all the other risks of i-voting, one of the problems is that people will click links targeted at them by political parties, and will try to cast their vote on fake web sites. The scenario is that operatives of the Orange party send messages to voters who belong to the Purple party claiming to be from the Purple party’s candidate for president and giving a link to a look-alike web site for i-voting, encouraging voters to cast their votes early. The goal of the Orange party is to either prevent Purple voters from voting at all, or to convince them that their vote has been cast and then use their credentials (i.e., username and password) to have software cast their vote for Orange candidates, without the voter ever knowing.