For the second time in a week, a hacker has broken into systems connected with voting in Florida, stolen data, and released it to the public. The most recent breach occurred after Florida election officials had touted the security of their systems. “Glad you cleaned things up, pretty secure now guys,” said the hacker responsible for the attack–who goes by the name “Abhaxas”–in a post to Pastebin uploaded on Thursday. That post also contained data obtained during the second hack.
We spoke with Chris Sather, Product Management for Network Defense at McAfee about McAfee’s next generation firewalls that analyze relationships and not protocols.
Via Twitter, Abhaxas said that hacking into the servers–using well-known and what would be easy-to-close holes–took him about 10 minutes. Furthermore, he said he had access to all 310 databases on the server, though only publicly released information from two of them.
Florida officials said that the data stolen during the first breach was from an election office system in Liberty County. After that breach, Tim Durham, the chief department supervisor of elections for Collier County, downplayed the potential impact on election results, saying that every vote generates a paper trail.
“Paper ballots are reviewed and compared with totals that are given per the voting machine and that’s done at an open public meeting,” he said, according to Storify. Likewise, another election official said that all vote tabulation was handled by a separate system, not breached during the attacks, that wasn’t connected to any other systems.
Altering or tampering with election records is a third-degree felony in Florida. But the breach poses a pertinent question: Are electronic voting records so secure that an interested third party–perhaps even a foreign government–couldn’t tamper with the results? The 2004 presidential election, of course, ultimately hinged on less than 400,000 votes cast in Florida.
Abhaxas made that point in the document that included information from the breached servers. “Who still believes voting isn’t rigged? If the United States Government can’t even keep their ballot systems secure, why trust them at all? Fail!” Furthermore, it sounds as if attackers wouldn’t have to breach too many systems to create an impact. According to a Twitter post from Abhaxas, “after some research, I’ve found out 1 company manages all but 6 [counties’] voting sites–hosted on the same server.”