Editorials: Canada isn’t ready for online voting | National Post

Elections Canada intends to seek approval to implement a system of online voting, according to a report released Wednesday.

Let me say first that, on the one hand, it’s positive that an organization that is as culturally-conservative and traditional as Elections Canada is even pondering exploring alternate methods of service delivery. Some years back I interviewed their chief information officer a few weeks into the job. He’d come from the private sector and was amazed at the degree of institutional resistance to even minor technological advancement. They had their way of doing things. It was all laid out step-by-step in a big binder.

On the other hand, while voter registration seems like an obvious step, I’d have a very hard time trusting Elections Canada to devise a secure and reliable system for online voting when every time I try to use their online contributions database, I want to cry over how unnecessarily complicated and cumbersome even simplest tasks is.

But online voting is one of those things that sounds great in theory — vote easily and quickly wherever you are, you don’t need to travel or wait in line — but, upon further reflection, loses some of its lustre.

Canada: Elections Canada lobbies for test of online voting | CBC News

The head of the agency in charge of federal elections says it’s time to modernize Canada’s elections, including testing online voting and ending a ban on publishing early election results. In a report on the May 2 election (pdf), released Wednesday, Chief Electoral Officer Marc Mayrand writes about his plan to test online voting and encourages parliamentarians to update the Elections Act. Improvements to the electoral process, Mayrand writes, will depend on changes to the law.

“Elections Canada has reached a point where the limited flexibility of the current legislation no longer allows us to meet the evolving needs of electors and candidates,” Mayrand reports. “We look forward to working with parliamentarians as we prepare for the 42nd general election.”

See also – Readers’ Responses: Would you trust your vote to a computer?

India: Maharashtra governor calls for online voting | Mumbai DNA

The state governor, K Sankaranarayanan, has advocated major electoral reforms in the form of introduction of online voting system in elections. He was speaking at the launch of the official website of the state election commission at Yashwantrao Chavan Academy of Development Administration (Yashada), in Pune on Tuesday.

“If we can have online banking, why can’t we have online voting?’’ he asked, making a strong plea for the educated to be involved in the process of elections and the political system at large. “There is a general feeling that the political process is too corrupt to be involved in. It is wrong to blame politicians for all ills in society,’’ he said.

National: Governments, IOC and UN hit by massive cyber attack | BBC News

IT security firm McAfee claims to have uncovered one of the largest ever series of cyber attacks. It lists 72 different organisations that were targeted over five years, including the International Olympic Committee, the UN and security firms.

McAfee will not say who it thinks is responsible, but there is speculation that China may be behind the attacks. Beijing has always denied any state involvement in cyber-attacks, calling such accusations “groundless”.

Speaking to BBC News, McAfee’s chief European technology officer, Raj Samani, said the attacks were still going on. “This is a whole different level to the Night Dragon attacks that occurred earlier this year. Those were attacks on a specific sector. This one is very, very broad.”

National: Security company infects client’s network with ‘Trojan mouse’ | InfoWorld

Security consulting company NetraGard has demonstrated that something as seemingly innocuous as a USB mouse, along with tidbits of information freely available on the Internet, can provide a hacker quick and easy access to a seemingly secure IT environment.

In a blog post on the company’s website, NetraGard founder Adriel Desautels explained that his company was hired to test the security of a client’s network while adhering to some very stringent restrictions: The NetraGard team could target only one IP address, offering no services, bound to a firewall. Further, the team couldn’t even use social engineering tactics, such as duping an employee to reveal information over the phone or via email. They couldn’t even physically access the client’s campus.

NetraGard’s solution: Transform a Logitech USB mouse into an HID (hacker interface device) by installing on it a mini-controller and a micro Flash drive loaded with custom malware. The blog post goes into explicit detail of the painstaking process of operating on the mouse.

Voting Blogs: Americans Elect Internet Vote for President? Consider how it worked in DC 2010 | Irregular Times

Apart from the various considerations of political ideology, influence and process regarding Americans Elect, there’s the simple matter of technology. Americans Elect plans to use all-internet-voting to nominate a presidential candidate and to broker the selection of the actual president in an Electoral College showdown. Will a binding internet vote be pulled off with accuracy and without getting hacked? Or is online voting subject to tampering?

Internet votes can be pulled off. The city of Honolulu managed an internet election for neighborhood councils in 2009. Estonia is often mentioned by internet-voting advocates, although more than 98% of votes cast in Estonia’s 2005 e-vote were old-fashioned paper ballots, and Estonia is a small country that had 9,681 electronic votes to verify that year.

National: 24,000 Pentagon files stolen in major cyber breach, official says | The Washington Post

The Defense Department lost 24,000 files to “foreign intruders” in the spring in what appears to be one of the most damaging cyberattacks to date on the U.S. military, a top Pentagon official acknowledged Thursday.

Deputy Defense Secretary William J. Lynn III, who disclosed the March breach during a speech to roll out the Pentagon’s new cyber strategy, said the files were taken from a defense contractor. He did not say who was believed to be behind the attack or describe the nature of the files that were stolen.

But Lynn said that, over the past few years, all manner of data has been stolen, some of it mundane, some of it concerning “our most sensitive systems, including aircraft avionics, surveillance technologies, satellite communications systems, and network security protocols.”

Florida: Abhaxas Hacks Florida’s Voting System Again | Zeropaid

In an apparent effort to show that election votes can be tampered with, Abhaxas previously dumped parts of the Florida voting database to PasteBin. Officials since then downplayed the hack, but suggested that the systems are more secure than ever before. Even though authorities, on top of this, were contacted, it seems that Abhaxas decided to hack the database again. Call it whatever you like, but it seems that Florida is in for a repeat of what happened last week.

Apparently, since the initial hack, Florida officials downplayed the incident saying that there is no reason to fear because of a paper trail and that only a select few are able to have access to the votes to begin with.

Estonia: Lessons from Estonia: Preparing for a major cyberattack | Nextgov

Visit “Governing Security in a Networked World” to see in-depth video interviews with top thinkers on cybersecurity.

In the spring of 2007, Estonia became the first nation to face a coordinated, nationwide cyberattack when a series of electronic bombardments struck down media, telecommunications, government and banking websites. Digital traffic from servers as far away as Peru, Vietnam and the United States flooded Estonian websites, drowning them in superfluous data. The attack knocked telephone exchanges offline for more than an hour, jeopardizing emergency services. It knocked out media and government portals, leaving citizens in an information vacuum. Beginning April 29, three waves of attacks during a two week period severely disrupted the ordinary tasks that fuel modern economies — shopping, pumping gas, withdrawing cash from automatic teller machines. A significant act of cyberterrorism posed an economic and political threat in a way no modern economy had previously experienced.

Iowa: Scott County Auditor’s office aims to streamline voting | Quad City Times

Scott County will purchase 90 netbook computers to use during elections, bringing the total for use by the auditor’s office to 140. The purchase of the 90 Dell Latitude netbooks is $42,300. The purchase will be voted on Thursday by the Scott County Board of Supervisors.

The auditor’s office has been trying to introduce the small laptop-style computers into election use to help streamline how voter information is recorded. The computers are loaded with a software developed in Cerro Gordo County that links with the state’s I-Voter system.

National: Anonymous Picks Up Where LulzSec Left Off, Targeting Government Servers | International Business Times

After computer hacker group LulzSec announced its retirement after “50 days of lulz,” an Internet rampage, the flame of cyber war seems to be losing fuel. LulzSec apparently jumped back on ship with its old buddy, Anonymous, to continue sailing the “Operation Anti-Sec” against governments.

Operation Anti-Security, an agenda tackled by LulzSec and Anonymous together earlier this month, originally intended to expose corrupt, abusive governments by protesting and combating any and all institutions’ or governments’ attempts to censor or moderate the Internet.

After revealing contents from the Arizona police force, the Anti-Sec team unveiled sensitive content from the servers of a number of governments, including content from the servers of Anguilla, passwords from Brazillian government servers, and the userbase of Zimbabwe. Another batch comes from Australia, but the contents remain vague.

National: Phish and Chips: Why Cyber Attacks Are So Difficult to Trace Back to Hackers | Scientific American

Cyber attacks may not be a new phenomenon but the recent successes scored against high-profile targets including CitiGroup, Google, RSA and government contractors such as Lockheed Martin underscore the targets’ current failure to block security threats enabled by the Internet. Malicious hackers use the very same technology that enables online banking, entertainment and myriad other communication services to attack these very applications, steal user data, and then cover their own tracks.

One common practice that attackers employ to evade detection is to break into poorly secured computers and use those hijacked systems as proxies through which they can launch and route attacks worldwide. Although such attacks are an international problem, there is no international response, which frustrates local law enforcement seeking cooperation from countries where these  proxy servers typically reside.

Spain: Three hackers suspected of belonging to international cyber attack group Anonymous arrested | The Washington Post

Spanish police have arrested three suspected computer hackers who allegedly belonged to a loose-knit international activist group that attacked corporate and government websites around the world, authorities said Friday.

National Police identified the three as leaders of the Spanish section of a group that calls itself “Anonymous.” All three are Spaniards aged 30 to 32, said Manuel Vazquez, chief of the police’s high-tech crime unit.

A computer server in one of their homes was used to take part in cyber attacks on targets including two major Spanish banks, the Italian energy company Enel and the governments of Egypt, Algeria, Libya, Iran, Chile, Colombia and New Zealand, Vazquez said.

National: Microsoft reports hundreds of election-related cyber probes | Associated Press

Tech giant Microsoft says it has detected more than 740 infiltration attempts by nation-state actors in the past year targeting U.S.-based political parties, campaigns and other democracy-focused organizations including think tanks and other nonprofits. However a company spokeswoman would not name or further characterize the targets. All of them subscribe to Microsoft’s year-old AccountGuard service, which provides free cyberthreat detection to candidates, campaigns and other mostly election-related groups. Microsoft did not say how many infiltration attempts were successful but noted in a blog post Wednesday that such targeting similarly occurred in the early stages of the 2016 and 2018 elections. “Cyberattacks continue to be a significant tool and weapon wielded in cyberspace,” Microsoft said. “In some instances, those attacks appear to be related to ongoing efforts to attack the democratic process. A year ago, Microsoft said it had detected attempts to infiltrate the networks of U.S. senatorial candidates and think tanks. “As we head into the 2020 elections, given both the broad reliance on cyberattacks by nation-states and the use of cyberattacks to specifically target democratic processes, we anticipate that we will see attacks targeting U.S. election systems, political campaigns or NGOs that work closely with campaigns,” Microsoft said.