Editorials: A vote cast against online voting | Edmonton Journal

Edmonton city council would be wise to exercise real caution before introducing Internet voting into the municipal election system. As tempting as it might be to blaze an electronic trail into the local democratic process, the notion of a vote that’s only a click away triggers some genuine concerns. City staff have recommended council approve online ballots in advance polls for next fall’s municipal election, following what was regarded as a successful mock vote last September that tested such a system with no discernible security breaches. That all-systems-go enthusiasm took a hit Monday when a local computer programmer informed council’s executive committee that he was able to cast two ballots in the mock election without being detected. Coun. Linda Sloan spoke for many citizens, and not just technophobes, when she expressed severe reservations about the integrity of a cyber-vote. “I’m not 100-per-cent confident in the security of the Internet and never have been, whether it’s my credit card information or my personal address or how I choose to vote,” Sloan said.

South Carolina: South Carolina Governor Haley admits state failed to protect its residents | TheState.com

As more South Carolinians learned that hackers hold their tax return data, Gov. Nikki Haley admitted Tuesday that the state did not do enough to protect their sensitive financial information and accepted the resignation of the agency director in the middle of the controversy. “Could South Carolina have done a better job? Absolutely, or we would not be standing here,” said Haley, who had insisted in the first days after revealing the cyber attack that nothing could have prevented the breach. Hackers possess Social Security and other data belonging to 5.7 million people – 3.8 million taxpayers and their 1.9 million dependents, Haley said. The number of businesses affected has risen slightly to nearly 700,000. All of the stolen tax data dating back to 1998 was unencrypted.

National: Experts warn hackers will breach online voting systems | ITProPortal.com

As one of the world’s biggest electoral showdowns nears its conclusion over in the US, fears are growing in IT security that hackers may soon be able to affect the outcome of such a contest by breaching online voter databases. With governing bodies continuing to utilise Internet platforms for voter registration, and hacking collectives growing in sophistication, some experts believe a serious breach of electoral data is inevitable. While Barack Obama and Mitt Romney jostle for power in America, states including Maryland, Washington, Arizona and California have either implemented online voter registration systems already, or have passed bills proposing the move.

Editorials: Raise your hand if online voting spooks you | Sherwood Park News

The City of Edmonton will embark on a online election pilot later this month and Strathcona County will no doubt be watching. Despite my generation’s apparent love affair with everything technology, online voting is one of those things that should forever remain a pie-in-the-sky lust. Sort of like flying cars. Sure, flying cars sound nice — unless you realize the safest place to live is in the basement of your home because a car flown by some inebriated driver can come crashing through your roof without warning. Likewise, an online poll can be mucked with without warning. Government rules for rewarding contracts being what they are, the best security the lowest bid can buy will most likely be protecting any online vote. While I believe any bid-winning firm has what it takes to stop most hackers from having fun with the results, not every hacker can be so easily derailed.

National: White House Hacked In Cyber Attack That Used Spear-Phishing To Crack Unclassified Network

Hackers breached an unclassified computer network used by the White House, but did not appear to have stolen any data, a White House official said Monday. The hackers breached the network by using a technique known as spear phishing, in which they target victims who have access to sensitive computer networks by sending personalized emails that appear to come from trusted sources. Once the victims click on the bogus attachment or link, the hackers can install malicious software on the PCs to spy on users and steal data. A White House official declined to comment on what data resided on the network, but emphasized it did not contain any classified information.

National: White House Hacked In Cyber Attack That Used Spear-Phishing To Crack Unclassified Network | Huffington Post

Hackers breached an unclassified computer network used by the White House, but did not appear to have stolen any data, a White House official said Monday. The hackers breached the network by using a technique known as spear phishing, in which they target victims who have access to sensitive computer networks by sending personalized emails that appear to come from trusted sources. Once the victims click on the bogus attachment or link, the hackers can install malicious software on the PCs to spy on users and steal data. A White House official declined to comment on what data resided on the network, but emphasized it did not contain any classified information. “These types of attacks are not infrequent and we have mitigation measures in place,” the White House official, who asked not to be identified, told The Huffington Post. “In this instance the attack was identified, the system was isolated, and there is no indication whatsoever that any exfiltration of data took place. Moreover, there was never any impact or attempted breach of any classified system.”

National: The Problems with Online Voting | Wall Street Journal

Two years ago, hackers gained access to an online voting system created by the District of Columbia and altered every ballot on behalf of their own preferred candidates. On the “Thank You!” page that ran at the end of the voting protocol, they left their trademark—the University of Michigan fight song. The online voting system was real, intended for use that November, but the compromised election, fortunately, was just a mock-up for testing security. The infiltrators were a team of graduate students led by University of Michigan computer scientist J. Alex Halderman. Which candidates got the fake votes? Skynet from the “Terminator” movies and Bender, the alcohol-fueled robot from TV’s “Futurama.” But the hackers had a serious point: that Internet voting systems were a real threat to the integrity of the democratic process. “The question of whether Internet voting is secure is really not a political question,” Dr. Halderman says. “It’s a technical question.” As many as three million voters will be eligible to vote online this fall, according to Pamela Smith, executive director of the Verified Voting Foundation, a nonpartisan fair elections watchdog group. In all, 31 states will offer some form of online voting, usually for overseas voters.

Canada: British Columbia looks to e-voting to increase turnout | The Globe and Mail

In a bid to boost plummeting voter turnout rates, the B.C. government wants to introduce Internet balloting for future provincial and municipal elections. But research from Canadian municipalities and European nations has cast doubt on the power of e-voting to encourage more citizen engagement. “All of us are interested in increasing the voter turnout in elections,” Shirley Bond, Minister of Justice and Attorney General, said in a written statement asking B.C.’s Chief Electoral Officer to appoint an independent panel to examine the logistics of Internet voting. Current legislation prevents municipalities from adopting electronic voting procedures. … Governments generally consider e-voting for two reasons, said Jon Pammett, a political science professor at Carleton University. Governments want to increase accessibility and voter turnout, he said, but there is no clear evidence that it positively affects the latter.

Canada: Elections British Columbia studying online voting | CTV

B.C. voters may soon have the option of casting their ballots online in municipal and provincial elections. An Elections BC panel will start studying the voting method as early as September after being asked by the provincial government to research the potential risks and advantages associated with it. The request came almost a year after B.C.’s chief electoral officer Keith Archer recommended the government consider changing legislation to allow for trial-runs of new voting technologies. “Under current legislation that envisions a voting process that is entirely paper-based, Elections BC is unable to conduct trials of these new technologies,” said Archer in a November 2011 report. “Legislators may wish to consider providing greater flexibility to the Chief Electoral Officer to introduce, on a pilot basis, a variety of new voting technologies.” While there are some cities that use online voting, such as Halifax, no provinces in Canada yet do so for provincial elections.

National: Overseas voting in 24 states vulnerable to hackers | Fox News

Few could forget the weekslong hubbub over vote-counting in Florida in 2000 that led to a recount, a Supreme Court ruling and a national debate about the veracity of the system by which voters cast their ballots. But 12 years later, the voting system is still far from fail-proof, according to a state-by-state report released Wednesday. Almost half of states use voting systems for overseas and military voters that could be susceptible to hackers, says the report by Rutgers Law School and two good-governance groups: Common Cause Education Fund and the Verified Voting Foundation. Dozens of states lack proper contingency plans, audit procedures or voting machines that produce backup paper records in case something goes wrong. Colorado, Delaware, Kansas, Louisiana, Mississippi and South Carolina are least prepared to catch problems and protect voter enfranchisement, the study showed. Minnesota, New Hampshire, Ohio, Vermont and Wisconsin are in the best shape.

Kenya: Electoral Commission to invite hackers to ‘invade’ its systems | nation.co.ke

Do you consider yourself an IT hacker? Then the Independent Electoral and Boundaries Commission will soon be looking for you. In November, the IEBC plans to invite hackers to try tamper with the system that it will use to transmit provisional results. According to IEBC CEO James Oswago, this will help the system attract the confidence of Kenyans ahead of the planned March 4, 2013 General Elections. “We are confident that our system is tamper-proof. However, sometime in November we will invite those who think they can hack into the system to do it. We want Kenyans to have confidence in the system,” Mr Oswago said. According to Mr Oswago, this is one of the lessons that the Commission has learnt from engagement with electoral bodies that use such systems.

Bulgaria: Opposition criticises online voting | FOCUS

The Bulgarian Socialist Party (BSP) thinks that the electronic voting hides too many risks, said Mladen Chervenyakov, Chairperson of the BSP National Council, speaking at a press conference on Monday, organised to present socialists’ ideas for amendments to the Elections Code, FOCUS News Agency reporter informs. In Chervenyakov’s words, the Bulgarians are good hackers, adding that there were too high concerns that the online voting could be manipulated.

National: Flame: Massive, advanced cyber threat uncovered | GovInfo Security

Highly sophisticated malware being used to spy on several countries, mostly in the Middle East, that has been around for more than two years has been discovered by Kaspersky Lab, the research arm of the Russian security products company announced May 28. Detected by researchers as Worm.Win32.Flame – or more simply, Flame – it’s designed to carry out cyber espionage and steal valuable information, including, but not limited to, computer display contents, information about targeted systems, stored files, contact data and audio conversations, Kaspersky Lab says.Kaspersky Lab’s chief security expert, Alex Gostev, characterizes Flame as a super-cyberweapon such as Stuxnet and Duqu, and in his blog contends it’s “one of the most complex threats ever discovered. It’s big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage.”

Canada: Online voting system mulled in Alberta | Sherwood Park News

Strathcona County council gave its thumbs up at a meeting on April 24 to a partnership with the City of Edmonton and the City of St. Albert to establish an internet voting pilot project for the 2013 municipal election. Jacqueline Roblin, manager of Strathcona County Legislative and Legal Services (LLS), stated in her presentation to council that the pilot would be applied to solely the special ballot process for those people who will be absent from the jurisdiction during the 2013 election. She noted that administration wants to add an amendment allowing for any voter to vote through this process. “We’re taking it in a very small portion of our election so that we can test out our systems and that will gradually start to build voter confidence in the process,” Roblin said.

National: Why Online Voting Isn’t So Safe – FBI investigating student who hacked college election | Mobiledia

A California student tried to win a college government election by hacking into classmates’ accounts, which may lead to federal charges and increased privacy for not only colleges, but national and state elections as well. Matt Weaver, a junior, ran for student government president at California State San Marcos, located near San Diego, when school officials said he hacked into a computer and stole 700 voters’ passwords and identifications to alter the polling results. School police detained and released Weaver, but have yet charge him for the accusations, which include unlawful access to a computer, election fraud and identity theft. The FBI, which usually isn’t interested in the college student government results, is investigating Weaver’s hacking skills. School officials said they caught Weaver working on a school computer, and in possession of a device, used to steal passwords. … Federal authorities are also examining Weaver’s activities to decide if such hacking may interfere with state or national elections.

South Korea: Ruling Party Risks Parliament Election Loss | Businessweek

South Korean President Lee Myung Bak’s ruling party faces losing control of parliament next week to an opposition that vows to increase welfare spending, revisit a U.S. trade deal and improve ties with North Korea. The New Frontier Party is struggling to overcome bribery and illegal surveillance scandals ahead of April 11’s National Assembly elections that may forecast the December presidential race. The opposition Democratic United Party has pledged to create 3.3 million jobs and may get a boost from younger voters who face an unemployment rate almost twice the national average. Asia’s fourth-largest economy has had slower growth and higher inflation under Lee than his predecessor, contributing to a 50 percent drop in his popularity. Relations have also worsened with North Korea, who plans to fire a long-range rocket between April 12 and 16 would scuttle a food aid agreement with the Obama administration. “An opposition victory will hasten Lee’s position as a lame duck,” said Lee Nae Young, a political science professor at Korea University in Seoul. “Regardless of who wins, we could see many welfare policies enacted before Lee’s term ends, as parties try to improve the odds for December.”

Voting Blogs: “Nobody Goes There Anymore, It’s Too Crowded”: Election Officials’ Responsibility for Handling Denial of Service Attacks | Election Academy

Over the weekend, Canada’s New Democrats (NDP) conducted a vote for a new leader. The vote was conducted online so that registered party members could vote both in person at the NDP convention site and remotely from home computers or smartphones. Sometime during the second round of voting, the system slowed considerably, and eventually it became known that the system had likely been the target of a “denial of service” (DoS) attack aimed at clogging the the system and thus preventing (or at least discouraging) voters from casting ballots. The NDP, its vendor and consultants have identified two IP addresses that appear to have been the source of the attack and are investigating now. The results of that investigation are still forthcoming, but in the meantime I wanted to focus on a discussion I saw online yesterday about whether and how NDP and its vendor should have prepared for the possibility of a DoS attack.

Canada: More than 10,000 IP addresses used in attack on NDP vote | CTV Winnipeg

The company that ran the online voting system used to help choose the winner of the weekend’s NDP leadership race is now blaming several hours of delays on a “malicious, massive” attack on its voting system. In a news release, Barcelona-based Scytl said “well over 10,000 malevolent IP addresses” were used in a Distributed Denial of Service attack, which generated hundreds of thousands of false voting requests to the system. “We deeply regret the inconvenience to NDP voters caused by this malicious, massive, orchestrated attempt to thwart democracy,” Susan Crutchlow, general manager of Scytl Canada said in a statement. The attack effectively “jammed up the pipe” into the voting system, delaying voter access, the statement said. “This network of malevolent computers, commonly known as a ‘botnet,’ was located on computers around the world but mainly in Canada.”

Canada: NDP determined to find source of cyber attack on electronic voting system | Winnipeg Free Press

The NDP has not yet called in the police to investigate an orchestrated attempt to sabotage the electronic voting system the party used to choose a new leader.
But it’s not ruling out the possibility once it unmasks the hacker responsible for repeated cyber-attacks that caused lengthy delays in Saturday’s leadership vote. The party had hoped to crown their new leader in time for supper-hour newscasts, before television viewers could switch to the Saturday night hockey games. The cyber attacks frustrated those plans; it was after 9 p.m. ET before Thomas Mulcair was declared the winner. Party president Rebecca Blaikie said Sunday that party officials, vote auditors and Scytl — the high-tech Spanish company hired to secure the electronic voting system — are still working to determine who was responsible. “What we know is that there was an organized attempt to clog the site,” Blaikie said.

China: Online poll in Hong Kong mocked by a million clicks | The Australian

A university website offering ordinary Hong Kongers a chance to vote for their next leader ahead of tomorrow’s election is under “systematic attack” from hackers, organisers said. Thousands of people who do not have the right to vote in the election are expressing their views through the unofficial poll organised by the University of Hong Kong. “The system has been very busy,” Robert Chung, director of the university’s respected Public Opinion Program, said yesterday. “We suspect it is under systematic attack as there are more than one million clicks on our system every second.” Mr Chung did not indicate who could be responsible for the disruption, but his team of pollsters has a history of aggravating mainland authorities with surveys indicating public opinion that is at odds with Beijing’s official line.

Canada: NDP says hackers caused online vote delays | CTV Edmonton

Delays in online voting at the NDP leadership convention have been blamed on hackers, with party officials saying they have found evidence of the attack. Jamey Heath, the NDP’s communications manager, said the party had managed to trace the Internet Protocol addresses of two perpetrators. “They’ve isolated it to individual IP addresses. Votes that have been cast are secure,” he said. The delays had threatened to become a full-scale public relations disaster for the party that even had some people questioning the integrity of the end result. There were lineups of more than an hour at the Metro Toronto Convention centre as the system slowed down. Eligible voters across the country were also getting online error messages.

China: Hong Kong election poll shot down by DDoS cyber attack | The Register

Two local men have been arrested after an online referendum organised by Hong Kong university to poll citizens on their choice of chief executive was disabled in an apparent denial of service attack. Broadcaster Radio Television Hong Kong (RTHK) reported that the men, aged 17 and 28, were arrested at the weekend after the online poll was disrupted for a large part of Friday and some of Saturday. … The system has been very busy,” Robert Chung, director of the university’s program, apparently told reporters. “We suspect it is under systematic attack as there are more than one million clicks on our system every second.” Chung was reportedly reticent about the potential motive for the attack but it is well known that the Chinese authorities are not a massive fan of free speech and probably viewed the referendum as undermining the result of the real vote – the outcome of which Beijing basically controls.

China: Cyber Attack Targets Hong Kong Mock Vote | WSJ

A cyber attack has hit an ambitious project that sought to give ordinary Hong Kong citizens a voice in this weekend’s chief executive poll, with organizers scrambling to provide paper ballots to the tens of thousands wishing to participate in the mock vote. The Chinese territory’s top political job will be decided by a 1,200 person election committee Sunday, but that hasn’t stopped many of the city’s seven million residents keen to take part in the University of Hong Kong’s civil referendum project. Beijing has promised the city universal suffrage by 2017. Thousands of users logged online Friday morning or used the smart phone apps created by Dr. Robert Chung’s group at the University of Hong Kong to cast their vote, but pages didn’t load properly. Dr. Chung said an early-morning cyber intrusion appeared to disable their servers, and that the site had also been experiencing abnormally high hit rates that had overloaded their system, up to a million requests a second.

China: Hackers blamed for disrupted Hong Kong poll | rthk.hk

Organisers of a mock chief executive election say a suspected hacking attack has halted online voting. The Director of the University of Hong Kong’s Public Opinion Programme, Robert Chung, said the website became paralysed early this morning. Dr Chung said hackers had attacked it during tests a few days ago, and some of his colleagues’ passwords had been inexplicably changed. “We found incidents of abnormally high hit rates on March 21 … We registered about a million hits per second. We think there could not be another reason other than cyber attacks on us,” he said.

China: Organisers say Hong Kong mock poll ‘under cyber attack’ | BBC News

The organisers of a mock poll for Hong Kong’s chief executive say their online system “is under cyber attack” to prevent voting. Residents can vote online or by mobile phone in the publicly funded poll organised by Hong Kong University. The actual vote on Sunday is to limited 1,200 election committee members, but the desire for universal suffrage is strong. Henry Tang, CY Leung and Albert Ho are standing for chief executive.

National: Questions linger in US on high-tech voting | physorg.com

As many as 25 percent of Americans are expected to use paperless electronic voting machines in the upcoming November elections, according to the Verified Voting Foundation, but confidence has been eroded by incidents showing vulnerabilities. The foundation, which seeks more reliable election systems, contends that voting machines in 11 states are all-electronic, with no paper systems for recounts, and that many other jurisdictions have some of these systems in place. … Pamela Smith of the Verified Voting Foundation said these incidents highlight the fact “that you can have insider challenges as well as outsider hacks. It points out that you have to be able to check the system.”
Election security and technology has been an issue in the United States since the 2000 president election marred by “hanging chads” in Florida that muddled the result.

Iowa: Election officials take steps to protect primary from hackers | The Hill’s Ballot Box

South Carolina has taken steps to protect the security of the electronic systems it will use in its presidential primary following reports that an alleged “hacktivist” group might try to shut down the Iowa caucuses.

The alleged threat comes as attention focuses on the Republican presidential primary’s early nominating states, many of which use online or electronic systems to compile vote counts reported by local elections officials. “Any time you are dealing with an Internet site, you have something that could be compromised,” said Chris Whitmire, a public information officer with the South Carolina Election Commission.

South Carolina employs an online system that logs vote counts entered by elections officials and posts them to the Internet. It has asked for extra vigilance from the Web providers that host the database. “But even in the worst-case scenario, if the site is compromised, we will know it. The actual results on Jan. 21 won’t be touched,” Whitmire said.