Heralded as the state voting system’s “most transformational reform to date,” the ability for Kentuckians to register to vote online also made them vulnerable to attack. A ProPublica investigation found that as recently as this week, a computer server powering Kentucky’s voter registration website was inadvertently exposing sensitive back-end files to hackers. Kentucky introduced online voter registration in 2016. At the time, Secretary of State Alison Lundergan Grimes said the move would pave the way for increased participation in elections. … “FTP is a 40-year-old protocol that is insecure and not being retired quickly enough,” said Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology in Washington, D.C., and an advocate for better voting security. “Every communication sent via FTP is not secure, meaning anyone in the hotel, airport or coffee shop on the same public Wi-Fi network that you are on can see everything sent and received. “And malicious attackers can change the contents of a transmission without either side detecting the change.”
The mere presence of superfluous services on a public computer system, such as FTP, raises the risk of a hacker gaining access to sensitive configuration details about the server, Hall said.
“Unnecessary services like FTP,” he said, can be used to cripple a server by bombarding it with traffic — known as a distributed denial of service attack — or allow hackers to break into other computers on the same network.
Secure FTP services, or SFTP, which were introduced more recently, should be used instead, Hall said.
Full Article: Kentucky’s online voter registration left system vulnerable to attack | National News | messenger-inquirer.com.