Philippines: Comelec seeks NBI help vs hackers | The Philippine Star

The Commission on Elections yesterday asked the National Bureau of Investigation (NBI) to look into the hacking of the Comelec’s website last Sunday.Comelec spokesman James Jimenez said they have referred the case to the NBI’s cybercrime division as a group identifying itself as “LulzSec” has claimed uploading parts of the Comelec’s database to its Facebook account. “That matter has actually been referred to the NBI cybercrimes. So right now, the first step really is to validate whether or not the data they posted are authentic… At this point, I really don’t know if it’s the real deal and that’s the first thing that we want to find out,” Jimenez said. The NBI, however, said it has yet to receive the request from the Comelec. “None yet,” said Victor Lorenzo, executive officer of the NBI’s cybercrime division.

Philippines: Comelec website hacked | The Philippine Star

The official website of the Commission on Elections (Comelec) was hacked Sunday night, more than a month before the May 9 polls, raising fears that the voting machines may also be compromised. The poll body’s database was leaked online after hackers defaced its website, www.comelec.gov.ph. Comelec officials, however, allayed public fears about the security of the automated election system (AES) after the hacking. The database was published on two mirror sites by a hacker group affiliated with Anonymous Philippines. The hackers urged the Comelec to implement the security features of the vote counting machines. The group said the database has a file size of around 340 gigabytes, with some of the tables supposedly encrypted by the Comelec. “But we have the algorithm to decrypt those data,” the hackers said. “What happens when the electoral process is so mired with questions and controversies? Can the government still guarantee that the sovereignty of the people is upheld? We request the implementation of the security features on the PCOS (precinct count optical scan) machines,” said Anonymous.

Utah: GOP to Test First-Ever Statewide Online Voting in US | VoA News

This Tuesday, March 22, when Republicans in Utah caucus to nominate a candidate for U.S. President, many of them won’t actually be in Utah. In fact, some won’t even be in North America. That’s because for the first time ever in the United States, a state party will allow voting via the Internet. Members of the Utah Republican party who either can’t make it to a caucus site, or simply choose to participate via the Internet, will be able to cast their ballot by registering online at the party’s website. Once registered, online voters will have all day – from 7 a.m. to 11 p.m. MDT – to select which candidate they want to be this year’s Republican presidential nominee. “I think it’s going to be great,” Utah Republican Chairman James Evans recently told the Deseret News during a demonstration of how the online voting will work. “There’s not a reason for anyone not to participate.” (Utah’s Democratic state party is not allowing online voting this cycle.)

South Dakota: Pierre company making splash on election nights throughout country | Capital Journal

A Pierre software company is weaving an electronic path between millions of election-night ballots and the media who report them. The company, BPro, is owned by Brandon and Abbey Campea and employs 12 programmers who write election software called “TotalVote.” “When a person votes on Election Day, the ballot is counted by a tabulator and then transferred into our system,” explains Campea. “Our software reports the results and provides them to the media outlets.” He adds, “We’re the official people who know the results before anyone else.” BPro staff are the first-receivers of election results in South Dakota and six other states—Montana, North Dakota, Nebraska, Hawaii, New Mexico and most recently Oregon, as well as Sacramento County in California and 11 Minnesota counties. It’s a quick turn-around that’s months in the making. “We begin preparing way ahead. For instance, New Mexico’s primary is in June, but we began testing the system in January … six months early.”

Macedonia: A Blogger Exposes Personal Data Protection Flaw on Election Commission Website | Global Voices

Ensuring that the next elections are free and fair is crucial to the return of democracy and stability in Macedonia. A young female blogger contributed to this process by discovering a flaw related to the government’s voters’ registry web app. One of the reforms needed to end the current political crisis in Macedonia, as stipulated within an agreement that was overseen by the European Union and the United States, is the restoration of the State Election Commission (SEC) to good and honest working order. It also requires a “clean-up” of the voters’ registry, ensuring that only people with the right to vote can do so. The first official investigation that the Special Public Prosecutor has launched as part of this effort is looking into the creation of “phantom voters,” as well as votes in the name of dead or absent citizens.

National: Google wants you to be able to vote online | Computerworld

Like the idea of using Google to vote online for the best airline, steamed dumpling or health app? What about using Google to vote for governor or president? That seems to be Google’s plan. The search giant received a U.S. patent for a voting user interface (VUI). The interface would appear along with search results and would allow the user to vote for one or more contestants competing in a campaign. The patent application was filed on Oct. 30, 2013, and the patent was awarded to Google on Tuesday. What does the company plan to do with the technology? Google did not respond to a request for comment.

New Zealand: Is internet voting secure enough to use? | Radio New Zealand

Serious weaknesses exposed in an online election in Australia are a warning for upcoming New Zealand local body elections, a computer security expert is warning. Eight councils throughout New Zealand are due to trial online voting in local body elections later this year: Selwyn, Wellington, Porirua, Masterton, Rotorua, Matamata Piako, Palmerston North and Whanganui. University of Melbourne computing expert Vanessa Teague did an analysis of the iVote internet voting system used in the New South Wales (NSW) state election last year, and she and the University of Michigan’s Alex Halderman have found a way to break into the system and interfere with votes. She told Nine To Noon there had been a lot of assurances about the safety of the system, and she wanted to test it and see if this was true.

Florida: Lee elections website hacking involves elections supervisor candidate | News-Press

State law enforcement officials served a search warrant Monday morning in the investigation of two men accused of hacking the Lee County supervisor of elections website. “There was an attempted hacking of the website, but this is an ongoing investigation,” said Vicki Collins, spokeswoman for the Lee County Supervisor of Elections. “The info they accessed was an old server with no (useful) information on it … Nobody is compromised.” Dan Sinclair is running for supervisor position against the incumbent Supervisor of Elections Sharon Harrington. He appeared in a video of the hacking posted to YouTube with David Levin, CEO of Vanguard Cybersecurity, walking through how Levin hacked into the Lee elections website a couple of weeks ago.

Florida: Hacking into Supervisors of Elections Office | Fox 4

Is the Supervisor of Elections computer system vulnerable to hackers? Dan Sinclair, who is running against Sharon Harrington, says it is. In a FOX 4 exclusive, Sinclair and his team show how they were able to infiltrate one of the Supervisor of Elections servers. Using a structured query languange.injection, Sinclair and David Levin were able to gain immediate access to a server. From there, they collected the passwords for everyone that works in the Supervisor of Elections office for Lee County.

National: Who Put This Huge Database of U.S. Voting Records Online? | PCMag

Time to get out your deerstalker hat. Somewhere out there is a publicly available database with approximately 191 million voting records, with details like names, birthdates, addresses, phone numbers, and political party affiliation. The problem? Nobody knows who owns the database, who set it up, how it got online, or why its information is public. According to CSO, which first reported on the story after being alerted to its existence by researcher Chris Vickery, it’s likely that the information in the database came from the political data firm NationBuilder, but it’s not necessarily the company’s fault that the information is live. A customer possibly purchased this information and made it public, but it’s unclear if they did so on purpose or by mistake. “NationBuilder is under no obligation to identify customers, and once the data has been obtained, they cannot control what happens to it,” writes CSO’s Steve Ragan. “In short, while they provided the data that’s in my newly leaked voter record, they’re not liable in any way for it being exposed.”

National: Database of 191 million U.S. voters exposed on Internet: researcher | Reuters

An independent computer security researcher uncovered a database of information on 191 million voters that is exposed on the open Internet due to an incorrectly configured database, he said on Monday. The database includes names, addresses, birth dates, party affiliations, phone numbers and emails of voters in all 50 U.S. states and Washington, researcher Chris Vickery said in a phone interview. Vickery, a tech support specialist from Austin, Texas, said he found the information while looking for information exposed on the Web in a bid to raise awareness of data leaks. Vickery said he could not tell whether others had accessed the voter database, which took about a day to download.

Taiwan: Chinese Hackers Caught Spying on Taiwan Prior To Upcoming Elections | HackRead

A group of Chinese hackers have targeted a Taiwanese news organizations and the opposition Democratic Progressive Party in order to get the information on upcoming presidential and legislative election like the policies and speeches from the leaders participating in the elections. This report is the second part of the one revealed by FireEye last week which exposed China spying on the Japanese government using Dropbox. China was also blamed for spying on pro-democracy protesters in Hong Kong with an Android spyware disguised as an ‪‎OccupyCentral‬ app to keep an eye on the protesters. FireEye in August 2015 caught Chinese hackers spying on Tibetan activists and as well as dozens of organizations in Bangladesh, Nepal, and Pakistan. The hackers attacked their targets through phishing emails; one of the emails had this subject line: “DPP’s Contact Information Update,” which indicated this to be a state-sponsored attack from a group known as “APT16” according to the security research team “FireEye”.

Editorials: Scytl e-voting exposes the dangers of automating a democracy | Scott M. Fulton/Fierce Enterprise Communications

Technology is already neutral. While vendors and manufacturers and lobbyists characterize technology as a natural force unto itself with the power to improve our lives and work simply through direct contact with it, more often than not, it provides people within organizations, societies, states and countries with the tools they require to further entrench themselves in bureaucracy, and to bury themselves further in the obscurity and anonymity they desire. The first trials of Scytl’s protocol took place in Norway in 2013. The Carter Center, which has monitored and verified the accuracy of global elections ever since Pres. Carter left the White House, reported on the progress of the Scytl approach (.pdf). The process of voting in Norway, according to that report, was not at all dissimilar to the way B-52 bombers were told to attack Moscow in the movie Dr. Strangelove:

In order to vote, a voter had to register their mobile phone with a centralized government register (one could do so online while the voting was underway). The voter should have also received a special card… delivered through the postal service, with personalized numeric return codes. These cards provided the voter a list of four-digit numbers corresponding to each party running for election. The four-digit numbers were randomly assigned for every voter so that, for example, any two voters who wanted to cast their vote for Labour would unlikely have the same return codes associated to the Labour party.

National: Federal Election Commission Faces Serious Security Failings, with Few Plans to Remedy | Infosecurity

Just weeks after the US Department of Energy was shown to have disregarded proper cybersecurity measures, the Federal Election Commission (FEC) is facing what an independent auditor calls “significant deficiencies” when it comes to its cybersecurity posture. The FEC in fact remained at “high risk for future network intrusions”. However, the electoral watchdog said that it has little interest in implementing even minimum IT security controls. The audit firm, Leon Snead & Co., said in the audit that the FEC’s IT security program does not meet government-wide best practice minimum requirements in many areas. That includes carrying out due diligence information as part of an organization-wide risk management program, using the risk management tools and techniques to implement and maintain modern safeguards and countermeasures, and ensuring the necessary resilience to support ongoing federal responsibilities, critical infrastructure applications and continuity of government in the event of an attack.

Honduras: Anonymous Hacks Honduras’s Elections Website | Panam Post

As of the evening of December 2, the international network of hacktivists, Anonymous, has successfully hacked the website of Honduras’s Supreme Electoral Tribunal (TSE). This came just a few hours after the tribunal announced its willingness to recount the votes and review the official electoral records of the recent presidential elections, held on November 24. In the website, Anonymous Honduras declares “we commit the sin of giving you the benefit of the doubt, even when we are certain that your institutions are useless, and don’t serve anyone but the one that has the money and the power in this country. We can no longer tolerate this and the help of your bribed media, who want the people to stay quiet and consume the process no matter what.”

Lithuania: Hackers on prowl for larger prey, possibly Lithuania’s EU Presidency? | Baltic Times

How does one get revenge on a trendy Web site that ferreted out and made public a bit of foul play, namely, rigged voting from Lithuania, which gave the charming Russian crooner at the Eurovision 2013 song contest a few extra votes? This is what happened to Delfi.lt, the trendiest Lithuanian Web site, after it broke the vote-rigging scandal. The site had already dealt with a hacker e-ambush a few years ago, when, having announced the news about two Russian bombers at the Latvian border, e-intruders in revenge hacked the portal and put atop the news desk a piece on… a bunny, the main hero of the popular Soviet-era cartoon ‘Na, Palauk’ (Just watch Out!), that has been busted for drug use. This is not an April Fool’s Day prank. In fact, the whole thing is a lot more serious than that: it is a problem of malignant hackers, possibly from the East, and certainly grudge-filled. Ahead of the scandalous story on the rigged Eurovision votes, Delfi editors had received an e-mail in Russian promising “radical actions” if the story reached daylight.

Florida: The case of the phantom ballots: an electoral whodunit | Miami Herald

The first phantom absentee ballot request hit the Miami-Dade elections website at 9:11 p.m. Saturday, July 7. The next one came at 9:14. Then 9:17. 9:22. 9:24. 9:25. Within 2½ weeks, 2,552 online requests arrived from voters who had not applied for absentee ballots. They streamed in much too quickly for real people to be filling them out. They originated from only a handful of Internet Protocol addresses. And they were not random. It had all the appearances of a political dirty trick, a high-tech effort by an unknown hacker to sway three key Aug. 14 primary elections, a Miami Herald investigation has found. The plot failed. The elections department’s software flagged the requests as suspicious. The ballots weren’t sent out. But who was behind it? And next time, would a more skilled hacker be able to rig an election?

Ecuador: Once a hacker Kevin Mitnick Now Helps Secure Ecuador Presidential Elections | ParityNews.com

Kevin Mitnick, who was one of the most wanted computer hacker in the US at one time, is now heading a security consultancy firm – Mitnick Security Consulting, and is entrusted with the task of securing Sunday’s presidential elections in Ecuador. Sunday may very well see Rafael Correa win the presidential elections in Ecuador provided nothing goes wrong and Mitnick does the job perfectly which has been assigned to him. Mitnick tweeted, “18 years ago I was busted for hacking. I do the same thing today but with full authorization. How cool is that?” Mitnick has been assigned to protect the Net Lock computer system that has been assigned the task of tabulating Ecuador’s elections.

National: Internet Voting Not the Solution to Long Lines, Machine Breakdowns on Election Day | eNews Park Forest

The long lines, machine breakdowns and disputes over voter identification that marred the 2012 election will not be solved by moves to permit voting on the Internet, through email or by fax, Common Cause warned today. Susannah Goodman, director of Common Cause’s National Voting Integrity Campaign, told a congressional forum that online voting remains too unreliable and too vulnerable to hacker attacks to be implemented. “We are talking about our right to vote – a right we cannot sacrifice for what may be a great new idea, but one that is untested and not ready for prime time,” Goodman asserted. She added that “while many ideas will be fielded to alleviate the problems we saw last Election Day, some measures are just not ready for adoption.”

Editorials: Casting doubt on Internet voting for Edmonton | Chris Cates/Edmonton Journal

On Jan. 23, city council will decide whether Edmonton should begin using Internet voting next October in our municipal election. While city clerk Alayne Sinclair and others think Internet voting is secure, in reality it is not. Hackers have gained access to secure systems at the Pentagon, CIA and Canadian government organizations. If these groups with large budgets for network security can be penetrated, what makes a private firm think it can provide secure online voting? As a computer programmer and former network administrator, I embrace technology as much as I embrace democracy. While there are many technologies that benefit our lives, electronic voting is not one of them.

Canada: Kitchener rejects internet voting | therecord

There will be no internet voting during the 2014 municipal elections here after city councillors received a report Monday that is critical of nearly every aspect of digital ballots. Randy Gosse, Kitchener’s director of legislated services, told city councillors the time will come when voters will use nothing but smart phones and computers to vote, but that time is definitely not now. “I think there are issues that need to be addressed before you get there,” Gosse said.

National: If the Internet is magic, why can’t we vote on it? | Computerworld

Regular as clockwork — just after an election which generated far too many stories of people waiting far too long to vote (and far too many local election officials saying that everything went fine and that there were no problems) — come the calls for voting via the Internet. The press wonders if we are a third-world country, politicians posture and most securityexperts say “don’t go there.” Some examples: A headline in The Washington Post was “Estonia gets to vote online. Why can’t America?” New Jersey tells people they can vote via email. A famed Russian computer security expert is quoted by the BBC saying that “the lack of well-established online voting systems is a real threat to the democratic nations of the Western world” (because kids will not vote if they can’t do it online).

Anyone who has not been comatose these past few years already knows why we don’t vote over the Internet. Most vendors of electronic systems are generically incapable of producing secure ones. Just Google “voting machine security” for many examples, and if that is not enough try “SCADA security.”

Canada: Online voting pros & cons | Daily Herald Tribune

Grande Prairie is on the right track in terms of online voting, but serious changes need to be made before the system can be effective, says the president of a leading-edge intelligent vote company. Dean Smith, president and founder of Intelivote Systems Inc., a Halifax-based worldwide leader in electronic vote systems, says the proposed process for online voting needs to be changed if city officials expect voters to use it.

Canada: Citizen jury will recommend online voting for municipal elections | Global Edmonton

A citizens jury has decided it will recommend the city adopt internet voting as an option for the next municipal election. The jury- who voted 17-1 in favour- says internet voting will make the process easy, simple and fast. The idea behind a citizens jury is that given enough time and information, ordinary people can make decisions about complex policy issues. While internet voting is already offered in over 60 municipalities in Ontario and Nova Scotia, there are some concerns over security, fraud, privacy, accuracy and accessibility- to name a few.

Israel: Online voting breakdown dogs Israeli Likud primaries for national elections | Xinhua

Officials at branches of Israel’ s chief Likud party reported severe technical problems at polling stations countrywide Sunday morning, halting the outset of a daylong round of voting to set a party slate for national elections on Jan. 22 for the 19th Knesset (parliament). While party Chairman, Prime Minister Benjamin Netanyahu, who cast his ballot at party headquarters in Tel Aviv when polling stations opened at 9:00 a.m., exhorted members to head to the polls to make their voices heard, crashed internet servers kept more than 123,000 other members from voting at sites throughout the country.

South Carolina: South Carolina Governor Haley admits state failed to protect its residents | TheState.com

As more South Carolinians learned that hackers hold their tax return data, Gov. Nikki Haley admitted Tuesday that the state did not do enough to protect their sensitive financial information and accepted the resignation of the agency director in the middle of the controversy. “Could South Carolina have done a better job? Absolutely, or we would not be standing here,” said Haley, who had insisted in the first days after revealing the cyber attack that nothing could have prevented the breach. Hackers possess Social Security and other data belonging to 5.7 million people – 3.8 million taxpayers and their 1.9 million dependents, Haley said. The number of businesses affected has risen slightly to nearly 700,000. All of the stolen tax data dating back to 1998 was unencrypted.

Canada: Liberal Leadership Online Voting Could Lead To Major Pwnage | Huffington Post

Just imagine: It’s April 2013 and the Liberal Party has gathered in Ottawa to hear that their new leader is… Chuck Norris. While that outcome may seem far-fetched, if the Liberals follow through with their plan to combine a new category of party membership with online voting, they may end up with an outcome just as ridiculous. The new “supporter” category was created at the Liberal Convention in January and is aimed at widening the base of participants for the leadership vote, making it more like a U.S.-style primary. Anyone interested in the party can sign up online and 30,000 people have already done so. If everything goes as planned, these supporters will vote for a new leader in exactly the same way as a full party member: in person or by mail, phone or internet. It’s the internet bit that’s interesting because, judging from the history of web, online votes have a tendency to go hilariously wrong.

Canada: Councillors want e-voting analyzed, question cost, length | Metro Canada

A rookie HRM councillor is calling for an end to online voting, but a couple of his vetrean colleagues would prefer to focus on how to make the system better. Coun. Waye Mason of District 7 told the CBC this week that since public turnout wasn’t any higher with a web system, the municipality should focus on traditional ballot boxes. “I’m not ready to say ‘let’s scrap’ the e-voting,” Distirct 8 Coun. Jennifer Watts told Metro on Thursday in response to Mason’s comments.

New Jersey: State to allow voting by e-mail and fax | POLITICO.com

Using a system already accessible to military members deployed overseas, hurricane-damaged New Jersey will allow displaced residents to cast their votes using e-mail or fax on Election Day. “To help alleviate pressure on polling places, we encourage voters to either use electronic voting or the extended hours at county offices to cast their vote,” said Lt. Gov. Kim Guadagno said in a statement. “Despite the widespread damage Hurricane Sandy has caused, New Jersey is committed to working through the enormous obstacles before us to hold an open and transparent election befitting our state and the resiliency of its citizens.”