China: Hackers paralyse web voting platform | RTHK

An internet platform for this weekend’s vote on political reform has been paralysed following a large scale attack by hackers. The University of Hong Kong’s Public Opinion Programme, which is helping Occupy Central organisers to conduct the unofficial referendum, said their servers were bombarded by more than ten-billion system inquiries within 20 hours.

Oregon: Outside software blamed for Oregon secretary of state computer breach | KATU

A piece of third-party software that hadn’t been updated might have been the vulnerable point invaded by hackers of the Oregon secretary of state’s website, a state report found. The February breach took election and business records offline for nearly three weeks, delaying disclosure of campaign-finance information and forcing staff to handle many functions by hand. Citing security concerns, officials wouldn’t name the suspect software but described it as an application development tool commonly used by governments and private-sector organizations. They say the software has now been patched, and they’re working to have future security updates installed automatically.

Australia: Anti-coal protestors rated top threat to Australian e-voting | The Register

Sarong-clad anti-coal hippies have been marked as a chief threat to online voting at the election scheduled to take place in 2015 in the Australian state of New South Wales (NSW). The protestors are identified as a threat in a report penned by CSC for the NSW government. The Reg has seen a copy of the report, which suggests developers feared protesting farmers and fire fighters could launch an attack against New South Wales’ iVote online ballot system in objection to various coal mining projects across the state. “Anti-coal lobby groups could lead to the targeting of the SGE (state government election) in 2015,” the document read. The document also outlines scenarios in which protestors could launch denial of service attacks, knocking out the ability for 250,000 remote and blind users to vote online.

National: Democratic Party considers Internet voting in 2016 election |

Democrats are seriously considering using the Internet for voters to cast their ballots in the 2016 presidential election saying such a process will help their party’s new president, according to news reports on Saturday. The party leaders during a recent Democratic National Committee meeting in Iowa claimed Internet voting would make it easier for their constituents to cast their ballots including military voters serving overseas. … But such a revision to the nation’s election system will be difficult once the debate takes a more prominent place within political dialogue. Several experts in law enforcement, computer science and social media are suspicious of the Internet being used to choose political leaders especially when it comes to national elections. “These Democrats are the same people who were behind the Obamacare website fiasco that is still being remedied at a cost of hundreds of millions of taxpayer dollars. They couldn’t even get an enrollment website functioning properly so how do we trust them to get Internet voting problem-free,” said political strategist Mike Baker. “Can you imagine hundreds of thousands of votes suddenly lost forever in cyperspace? And without proper screening who is to say someone voting online is really the person they claim to be?” Baker asks.

Europe: Estonian e-voting shouldn’t be used in European elections, say security experts | The Guardian

Estonia’s internet voting system should not be used for the European elections in May because its security vulnerabilities could lead to faked votes or totals, say independent researchers. The flaws were discovered by a team who were accredited to observe the October 2013 municipal elections. They said they observed election officials downloading key software over insecure internet connections, typing PINs and passwords in view of cameras, and preparing election software on insecure PCs. They have reported their findings to the Estonian government, but had had no response by Monday. As one of the highest-profile countries in its adoption of the internet, Estonia intends to use the e-voting system for its European elections in May, and already uses it for national parliamentary and municipal elections. Up to a quarter of votes are cast online in elections. The attacks could be carried out by nation states that wanted to compromise elections, or a well-funded candidate who hired criminal hackers with the capabilities to alter the vote, the researchers warned.

Australia: Internet vote on the card for next state poll | Sydney Morning Herald

New South Wales voters could cast a ballot at the next state election without leaving home under proposed changes that would alleviate the Saturday rush for polling booths. A joint parliamentary inquiry into electoral matters said the so-called iVote system, which allows electors to vote using the internet, should be introduced for all council and state elections. It called for the measure in a draft report obtained by Fairfax Media, saying it would help boost voter turnout. The report is due to be tabled in Parliament on Thursday. However, voting experts say the system is open to abuse by hackers and should be used with caution.

Oregon: Secretary of State website breach: Database users asked to change passwords to personal accounts | OregonLive

The Oregon Secretary of State’s office has deleted all passwords for users of its business and elections databases after a breach of its website Feb. 4. Users are also asked to change their passwords to personal accounts if they used the same passwords for the Secretary of State’s Central Business Registry or ORESTAR, the state’s campaign finance reporting system. It’s unclear if the hackers accessed the passwords, but the agency is recommending that the passwords to personal accounts be changed as a precautionary measures, agency spokesman Tony Green said. “The investigation so far indicates that sensitive personal information was not compromised,” said an agency email sent Thursday night to database users.

Canada: St. John’s to ask Newfoundland to allow Internet voting | The Telegram

The City of St. John’s will ask the province to allow online voting in municipal elections. At Tuesday’s regular meeting, city council approved a recommendation from its audit and accountability committee to ask the provincial government to amend the Municipal Elections Act to allow Internet voting. The recommendation grew out of a broader review of the municipal elections process. “The recommendation of the committee was that we would seek support, or guidance, or permission from the provincial government to allow us to look at Internet voting,” said Deputy Mayor Ron Ellsworth. City clerk Neil Martin explained that an amendment to provincial legislation would be necessary to allow a community to permit online voting, much like one was required to allow voting by mail. …  Two councillors — Art Puddister and Wally Collins — said the potential risks of online voting are too great to ask the provincial government for the legislative amendment.

Ukraine: Ukraine war already in full swing in cyberspace | GlobalPost

With cyberattacks already launched against Crimean separatists, the Kremlin and NATO, the ground war may not have started in Ukraine but computer warfare is already raging. In recent days — and with increasing intensity on Sunday — a virtual war has commenced in the countries at the centre of the worst East-West diplomatic crisis since the end of the Cold War. The “soldiers” of this war don’t wear uniforms and don’t necessarily swear allegiance to one particular country. Their chosen weapon is the “Denial of Service” attack designed to overwhelm web servers and make their websites unusable. The attacks accelerated as soon as voting booths opened on Sunday for the referendum in Crimea on whether the region will join Russia. The site created by separatist groups to monitor the vote was blocked for an hour on Sunday, with the pro-Russian government accusing hackers from an American university, Urbana-Champaign in Illinois, of being behind the attack.

Oregon: Secretary of state to ask lawmakers for cash to fix hacked website | Associated Press

Secretary of State Kate Brown has informed the Oregon Legislature that she’ll be asking for money to hire a security contractor to fix her website, which was taken offline after hackers broke in. Brown’s office hired a contractor to review security upgrades and another to help manage communication with website users, said Tony Green, a spokesman for the secretary of state’s office. Brown’s office has cut off access to the state’s business registry and campaign finance records since the hacking was discovered Feb. 4. Officials have said little about what information was compromised or when the website will work, but they insist personal information is safe. The hackers did not get access to the state’s central voter registration database, officials say. Green declined again Friday to say when the website might return or whether the public can be assured of having access to campaign finance information before the primary in May or local elections next month. The office has suspended fines for businesses that are late in paying annual fees.

Oregon: Secretary of State Kate Brown modifies elections rules as website breach keeps databases offline | OregonLive

Oregon Secretary of State Kate Brown on Friday made temporary changes to elections rules after a data breach last week continues to keep the state’s campaign finance database offline. Nobody will be fined for missing campaign finance reporting deadlines while the ORESTAR database is down, though final details will be announced when the system returns, a department press release said. A temporary rule will also allow Voters’ Pamphlet filings to be submitted by email until the outage ends. After the site is fixed, filings will need to be submitted through the regular online system, the release said.

Editorials: Online balloting: good intent, bad law | Justin Moore/ Richmond Times-Dispatch

This week the General Assembly has been considering an important election-reform bill that could greatly affect the security of the ballots of our troops and the integrity of elections in Virginia. HB 759 would allow military voters to send marked ballots back over the Internet via email. The bill is intended to address the very real challenges facing military voters, but allowing ballots to be returned over the Internet creates extraordinary risks both to the votes of our men and women in uniform and to the electoral infrastructure of our state. The Internet provides great opportunities, but also tremendous risks. The skill and stealth of hackers continues to outpace our ability to secure Internet-based services. Target, Adobe, Sony, Google, Apple, Facebook, Citigroup and others have all been victims, as have the Department of Defense and the State of South Carolina. Government security experts are raising increasingly urgent warnings regarding computer attacks. The rise of organized, well-funded, state-sponsored hackers has made the cyber world less secure now than ever before. Gen. Keith Alexander, head of the National Security Agency and the Department of Defense’s U.S. Cyber Command, stated that between 2009 between 2011 there was a 1,700 percent increase in computer attacks against American infrastructure initiated by criminal gangs, hackers and other nations. At the direction of Congress, scientists at the federal National Institute of Standards and Technology (NIST) have been conducting research into the use of online systems for military voters. NIST has stated that with the security tools currently available, secure online ballot return is not feasible and that more research is needed.

National: Chinese hackers attacked Federal Election Commission website | CNN

Chinese hackers tapped into the Federal Election Commission’s website during the federal government shutdown in October, a report released Tuesday by an investigative news organization says. The report from the Center for Public Integrity, one of the country’s oldest and largest nonpartisan, nonprofit investigative news organizations, indicates that hackers crashed the FEC’s computer systems, which compiles federal election campaign finance information like contributions to parties and candidates, and how those billions of dollars are spent in each election by candidates, political parties, and independent groups such as political action committees. The attack came as nearly all of the FEC’s employees, except for the presidential-appointed commissioners, were furloughed due to the government shutdown, with not even one staffer being deemed “necessary to the prevention of imminent threats” to federal property. And it came a few months after an independent auditor hired by the government warned that the FEC’s computer systems were at “high risk” to infiltration, a charge the commission disputed.

National: Federal Election Commission attacked by Chinese hackers during government shutdown |

The Federal Election Commission was hit by a massive cyberattack hours after the government shutdown began, according to a report from the Center for Public Integrity. The CPI report claimed the Chinese were behind “the worst act of sabotage” in the agency’s 38-year history. Three government officials involved in the investigation confirmed the attack to CPI, and the FEC acknowledged the incident in a statement. However, the CPI report did not explain why the officials believed China was involved, or provide any details of the network intrusion beyond the fact that attackers crashed several FEC computer systems. When asked for a statement, FEC referred Security Watch to the Department of Homeland Security and did not provide any information. The fact that an attack during the 16-day shutdown occurred should not be a big surprise, since many security experts had warned that attackers might take advantage of IT personnel being furloughed to launch an attack. With less people watching the networks, there was a lot of opportunity for attackers. In fact, the FEC had furloughed all 339 agency employees as none of its staff had been considered “necessary to the prevention of imminent threats” to federal property, according to CPI.

Canada: Online ballots fizzle | Prince George Citizen

Elections B.C. will kick the idea around for a bit longer and is open to hearing more, but it looks as if Internet voting isn’t going anywhere. Security isn’t foolproof, as it needs to be. Cost savings are debatable, and it would likely actually wind up costing more. And most critically, there is no conclusive proof it would help increase the turnout rate in elections. That was one of the background motivations for considering the idea in the first place. The participation rate has been declining for a generation now. It ticked upward a couple of points in last May’s election, compared to the 2009 vote. But it is still scarcely more than half, which is abysmal. The idea that Internet voting could fix that is founded on a faulty premise. Experts have been trying to figure out the slumping turnout rate for years. Various authorities have delved deeply into it by all means possible, including polling non-voters on the reasons they opted out.

Editorials: Internet voting is not the magic bullet | Les Leyne/Times Colonist

Elections B.C. will kick the idea around for a bit longer and is open to hearing more, but it looks as if Internet voting isn’t going anywhere. Security isn’t foolproof, as it needs to be. Cost savings are debatable, and it would likely actually wind up costing more. And most critically, there is no conclusive proof it would help increase the turnout rate in elections. That was one of the background motivations for considering the idea in the first place. The participation rate has been declining for a generation now. It ticked upward a couple of points in last May’s election, compared to the 2009 vote. But it is still scarcely more than half, which is abysmal. The idea that Internet voting could fix that is founded on a faulty premise. Experts have been trying to figure out the slumping turnout rate for years. Various authorities have delved deeply into it by all means possible, including polling non-voters on the reasons they opted out.

Maldives: PPM requested access to Elections Commission IT software: Elections Commissioner | Minivan News

Amid constant attacks on the Elections Commission’s (EC) internet server and concerns over voter database security, Commissioner Fuwad Thowfeek has revealed that the Progressive Party of Maldives (PPM) had previously requested access to the commission’s IT section. Despite admitting their ongoing concerns in this matter, the PPM have denied asking for this kind of access. The EC’s internet server is currently facing continuous attacks from hackers both within the Maldives and abroad, although EC Commissioner Fuwad Thowfeek has previously dismissed rumours that any such attempts had been successful. Earlier this month, PPM and Jumhooree Party (JP) lodged a complaint with the EC expressing fears that foreign nationals had access to the Maldives’ voter database for the upcoming presidential election. The EC has sought assistance from Indian IT professionals to set up software in order to oversee future council elections.

Australia: Election Commission Twitter Account Hacked | International Business Times

Early Tuesday morning the twitter account of the Australian election commission was hacked and users started to get messages from the hacked account. The hacker launched a phishing attack from the hacked account aimed at getting the login details of the users. Australian voters have been asked to ignore direct messages purportedly sent from the Australian Electoral Commission, after the commission’s Twitter account was hacked. Unsuspecting users got messages for the Election commission’s hacked twitter account with a clickable link with some messages reading “I found a funny pic of you!” by clicking this link the victims would be taken to a fake twitter page for “authentication” if the user fills in the login details the account details reach the hacker and the newly hacked account can be used to further spread the phishing scam and obtain more login details.

Florida: Manatee County learns from Miami-Dade’s phantom ballot scandal | Bradenton Herald

The cities of Anna Maria, Holmes Beach and Bradenton Beach will have city municipality election Nov. 5 where voters will choose city commissioners, city council members and a mayor. A new system of checks in the Manatee County Office of Elections will be used to guard against absentee ballot fraud. The new system, which involves some software and coding for the ballots, has evolved over the last few months after a scandal involving phantom absentee ballots in Miami-Dade, said Michael Bennett, supervisor of Manatee’s Office of Elections. Bennett traveled to Orlando last week to meet with other Florida election office supervisors who were addressed by Miami-Dade officials. “Miami-Dade officials went over what exactly had happened to them and how they caught it,” Bennett said. “They walked us through it so we would all be on the same page going forward.” In Miami-Dade, hackers submitted thousands of phony ballot requests online at the Miami-Dade Elections Department, according to a Miami Herald investigation. More than 2,500 such requests were flagged by the Miami-Dade Elections Department after they were found to have originated from only a handful of Internet Protocol addresses.

Florida: Miami-Dade should take steps to thwart absentee-ballot fraudsters, advisory group says | Miami Herald

Members of a group advising Miami-Dade on how to improve its elections want the county to try get ahead of the curve of fraudsters who have attempted to manipulate the system by submitting phantom absentee-ballot requests online. “Folks are always going to try to figure out weaknesses in the system in order to sway it to their advantage,” County Commissioner Dennis Moss, one of the group’s members, said at a meeting Wednesday. The elections department, he said, should work proactively to foresee where would-be computer hackers might try to attack next. They have already attempted one scheme: submitting thousands of phony ballot requests online for unsuspecting voters. More than 2,500 such requests were flagged by the department last summer because they originated from only a handful of Internet Protocol addresses.

Kentucky: Special election first test of military voting law |

A special legislative election in central Kentucky could be the first test of the state’ new military voting law passed earlier this year to help ensure soldiers deployed to foreign countries get to cast ballots back home. Gov. Steve Beshear set the election for June 25 to replace former state Rep. Carl Rollins, who resigned earlier this week to become executive director of the Kentucky Higher Education Assistance Authority. The election date, some two months off as required now, will allow more time for county clerks to send absentee ballots to military personnel and others serving overseas.

Florida: Miami’s Voter Fraud Is Only the Beginning of Election Hacking | The Atlantic Wire

Authorities have confirmed tor the first time ever, that hackers attempted and almost succeeded at rigging a Miami primary vote, uncovering underlying security issues with the online voting systems of the future. In the Miami-Dade primary election last August, requests for over 2,500 phantom absentee ballots flooded the Miami Dade voter registration site, a phenomenon which a grand jury has now confirmed came from hackersreports MSNBC’s Gil Aegerter. Because it had some hallmarks of trickery, the election department’s software was able to halt the scheme before it actually affected the election. But, the scarier part is how easy the hack was to perform, as theMiami Herald‘s Patricia Mazzei explains. With a tiny bit more skill, this person could have bypassed the trigger that caught the hack. “And that, of course, is the most frightening thing: that any moderately or even marginally skilled programmer could have done this,” Steven Rambam, who reviewed the IP addresses associated with this hack told Mazzei. So, yeah, this is just the beginning.

Florida: Florida foils web-based voter fraud plot, but next attempt could be more elusive | Fox News

A Florida case could signal the wave of the future in voter fraud. South Florida election officials have reportedly foiled a plot to fraudulently apply online for thousands of absentee ballots in three 2012 primaries, but the masterminds remain at large amid concern that they could be successful the next time around by making minor adjustments. Officials in the state’s Miami-Dade region said they blocked the effort to get 2,552 absentee ballots in three August primaries because the requests rolled in just minutes apart on July 7, 2012, according to The Miami Herald, which conducted its own investigation. A six-month grand jury probe found the requests were made under the cover of international Internet provider addresses and were limited to three races — a congressional race in which the hackers tried to request absentee ballots for Democratic voters and two state legislative races in which they tried to get ballots for Republican voters.

Florida: The case of the phantom ballots: an electoral whodunit | Miami Herald

The first phantom absentee ballot request hit the Miami-Dade elections website at 9:11 p.m. Saturday, July 7. The next one came at 9:14. Then 9:17. 9:22. 9:24. 9:25. Within 2½ weeks, 2,552 online requests arrived from voters who had not applied for absentee ballots. They streamed in much too quickly for real people to be filling them out. They originated from only a handful of Internet Protocol addresses. And they were not random. It had all the appearances of a political dirty trick, a high-tech effort by an unknown hacker to sway three key Aug. 14 primary elections, a Miami Herald investigation has found. The plot failed. The elections department’s software flagged the requests as suspicious. The ballots weren’t sent out. But who was behind it? And next time, would a more skilled hacker be able to rig an election?

National: Could Online Oscar Voting Lead to Online Public Elections? | Government Technology

If online voting is good enough for the Oscars, why isn’t it good enough for public elections? A panel of experts assembled on Feb. 14 to consider whether the Academy of Motion Picture Arts and Sciences’ decision to capture votes online for this year’s Oscars means that technology has matured to the point where public elections can be held online. According to an article in The Hollywood Reporter, voting to determine who would receive a nomination for an Academy Award began Dec. 17 and ended Jan. 3. While a majority of Academy members registered to take advantage of the online voting option, the process was not without its snags. Many confessed to password trouble, while others worried about hackers jeopardizing voter intent. … David Jefferson, a computer scientist at Lawrence Livermore National Laboratory and chairman of the board for the nonprofit Verified Voting, outlined several major differences between private elections, like those conducted for the Academy Awards, and public elections. Public elections, Jefferson said, inherently have much higher standards for security, privacy and transparency. “Just because this works for private elections or is useful for private elections, we don’t want people thinking … it is appropriate for public elections.”

Kentucky: Plan to let deployed soldiers email ballots stalls |

Kentucky soldiers deployed overseas won’t be able to send election ballots back to the state via email, fax machine or any other form of electronic transmissions, at least for now, under legislation that has been revamped by Senate Republicans. The Senate Committee on Veterans, Military Affairs and Public Protection removed that provision from a bill on Thursday before sending it to the full Senate for consideration. Senate President Robert Stivers, the Manchester Republican who sponsored the measure, proposed the amendment striking electronic transmission of ballots in an effort to protect the integrity of elections and the anonymity of voters. He said he did so after concerns were raised about the potential for hackers gaining access to the ballots.

Cyprus: Authorities prepared for any new cyber threat to elections | Cyprus Mail

The government’s IT systems withstood a cyber attack which attempted to block the release of election results on Sunday.
Authorities were on alert throughout election day after a group of hackers threatened to disrupt the elections by targeting state websites. A video posted on Saturday on the Internet by a group claiming to be the Cyprus branch of ‘Anonymous’ called on sympathisers to launch the attack at exactly 6pm on Sunday – the designated deadline for the start of the ballot count.  Interior Ministry officials claim that these sorts of attacks happen sporadically, while police re-assured the public that it would be extra vigilant during the run-up to the second round of elections this coming Sunday. “There was a DDOS (distributed denial of service) attack, also known as a cyber attack on Sunday, in an attempt to prevent the interior ministry from showing the results but also unauthorised attempts to reach other sites that were related to the elections,”  chief official for the Department of Information Technology Services (DITS), Andreas Kyprianou said.

Arizona: Lawmaker seeks pilot program to test online voting in Arizona | Cronkite News

The future of voting is online, and moving Arizona’s elections to the Internet would save money, deter voter fraud and increase efficiency, a state lawmaker says. “We will vote online some day,” said Sen. Bob Worsley, R-Mesa. “So why not start to figure it out and get ahead of the curve and have Arizona lead the way on this?” Worsley introduced SB 1387 to create an online voting pilot program before the 2014 primary election. It would require at least one county and one city, town or other local jurisdiction to be involved and allow for votes to be cast via the Internet. … Bruce Schneier, the author of five books on cryptography, computer and network security and overall security, said he likes the idea of online voting but doesn’t think it can be done securely. “We have not, in the history of mankind, created a computer system without a security vulnerability,” he said. Worsley, founder of retail catalog giant SkyMall, insists the system he proposes can be reliable. “My business did over a million transactions a year,” he said. “I know that this can be done securely.” Worsley compared Internet voting to the millions of online banking or stock transactions that happen every day, but Schneier said there’s a fundamental difference. “The important difference is that voting, by definition, is anonymous,” he said. “If there’s electronic banking fraud, we look at what happens, we can roll it back and make everybody whole. We can’t do that with a voting system.”

Editorials: Online voting is too risky | Regina Leader-Post

Edmonton city council would be wise to exercise real caution before introducing Internet voting into the municipal election system. As tempting as it might be to blaze an electronic trail into the local democratic process, the notion of a vote that’s only a click away triggers some genuine concerns. Edmonton and several other Alberta municipalities are looking at becoming the first centres in Western Canada to allow Internet votes. City staff have recommended council approve online ballots in advance polls for next fall’s municipal election, following what was regarded as a successful mock vote last September that tested such a system with no discernible security breaches. That all-systems-go enthusiasm took a hit last week when a local computer programmer informed council’s executive committee that he was able to cast two ballots in the mock election without being detected.