Recently, the Miami Herald ran a story about the boasts of a hacker named Abhaxas that he had twice compromised Florida’s election systems by gaining access to servers with sensitive data. State and local election officials – and their vendors – vehemently denied the hacker’s claims and insisted that their systems (and the personally-identifiable voter data on them) remained insecure.
Even more importantly, the hacker appears to have taken the public denials of harm as a challenge – and has invited others to do the same. Last week, he tweeted the location of the vendor’s server, saying it had a “hack me” sign on it and noting “hack one, have access to all”.
He then posted a directory listing of the Florida database with the (sarcastic) observation “Glad you cleaned up, pretty secure now guys”.
Whether or not the targets of the hack believe it is real – or believe the data released is as sensitive as the hacker claims – it is abundantly clear that outside threats to election systems are real, as is the need to guard against them.
The rise of so-called “hacktivism” – a movement popularized by WikiLeaks but prevalent on the Internet in many different forms – is in some ways an extension of the whistleblowing or muckraking tradition that has long been part of American public culture. While some hackers have purely selfish if not criminal motives for their activity – stealing personal information for financial gain or simply engaging in high-tech vandalism – hacktivists use their skills to advocate for better online security by identifying vulnerabilities and shaming site hosts into fixing them.
[Most recently, Abhaxas turned his attention to the official website for the State of Montana, releasing 16 databases with the plea “Coders, please stop exposing your databases it’s not even fun anymore.”]