Officials have yet to release the results of a 2011 set of penetration tests on Internet voting software conducted by the Department of Defense, prompting election watchdogs to ask what the Pentagon might be hiding. A few months after the 2011 tests, an official said the results would be publicly available, and a year later, another said the first release was slated by the end of 2012. A representative now says it will release results in 2015, as material is considered “pre-decisional.” Meanwhile, elections officials and lawmakers from across the country are joining watchdogs in demanding the results.
Interviews with organizations involved in the tests and reviews of federal officials’ presentations reveal that the tests targeted a 72-hour mock election, and attacks consisted of scanning, SQL injection, cookie management, attempts to gain admin rights and more. While the testers were ultimately unable to change or decrypt votes, some critics say they just weren’t trying hard enough.
Full Article: DoD won’t release e-voting penetration tests – Paper: De-identification possible – On the Hill this week – POLITICO Morning Cybersecurity – POLITICO.com. (subscription required)