hacking

Tag Archive

Pennsylvania: State Supreme Court Hears Arguments Over Electronic Voting Machines | The Legal Intelligencer

The state Supreme Court on Wednesday heard arguments as to whether electronic voting machines that do not produce simultaneous paper records of each vote cast violate the Pennsylvania Election Code. The 24 petitioners in the matter, whose case was argued by Michael Daly of Drinker Biddle & Reath, are seeking a declaratory judgment that would direct Carol Aichele, the secretary of the commonwealth of Pennsylvania, to decertify the direct-recording electronic voting systems. Before the justices, Daly contended the direct-recording electronic (DRE) machines do not provide a permanent physical record of each vote cast, as the code mandates. Although the machines can print records on request, Daly explained to the court that neither the printed records nor the electronic records satisfied the code’s requirement. Daly highlighted the petitioners’ argument that the digital records couldn’t be considered physical records since they were software-dependent, and the data could be altered or used for a fraudulent purpose without detection. He added that the machines were “utterly incapable” of verifying that a vote was cast the way the voter intended it to be.

Full Article: Pa. Supreme Court Hears Arguments Over Electronic Voting Machines | The Legal Intelligencer.

Canada: Hacking of online vote thwarted | Calgary Herald

Police may be called in to probe the suspected hacking of the online voting system used to elect Jim Prentice as Alberta Tory party leader and premier-designate, a senior party official said Sunday. PC party executive director Kelley Charlebois said it appears there were multiple attempts to infiltrate the website during the 36 hours of voting that ended at 6 p.m. Saturday. “Attempts were made throughout the voting process to hack into the system,” Charlebois said in an interview. He said there appear to have been several cyberattacks on the website and possibly the telephone voting system. “I can’t say if it was organizations or individuals, I just know that different attempts were made through different IP addresses.” Charlebois stressed the attempts to infiltrate the system were thwarted by internal security systems. He said the party is still waiting for a full report from the company hired to conduct the online vote and will call in police to investigate once the attacks are confirmed. “We certainly feel it is our responsibility — if we suspect the law has been broken — that we contact the appropriate authorities,” he said. “We haven’t reached a point yet where we have confirmed all the information.”

Full Article: Hacking of online vote thwarted.

New Zealand: Are NZ’s election results hack-proof? | NZCity

New Zealand’s electoral commission is confident no one can hack into its servers and access election results, but there’s still a possibility cyber criminals could target its website. Amid an election campaign that has been dominated by emails of controversial blogger Cameron Slater leaked by a hacker known as Rawshark, it seems no system is impenetrable to rogues with the right skills and network. Hackers in the United States have also previously shown how they can circumvent the security measures on electronic voting machines to change votes. Despite the risk of manipulation, there’s been no reported instances of votes in the US being compromised. New Zealand’s Electoral Commission doesn’t want to disclose how it fights cyber attacks, but says it has a robust system in place for the September 20 election. “The Electoral Commission takes information security and privacy very seriously,” said chief electoral officer Robert Peden.

Full Article: Are NZ's election results hack-proof? - 06-Sep-2014 - NZ Politics news.

Australia: Government rejects Senate order to disclose Electoral Commission software code | Sydney Morning Herald

The government has rejected a Senate demand to disclose the Australian Electoral Commission’s secret computer code used to electronically count Senate preference votes. The motion, passed by the Senate last week, was prompted by the AEC’s refusal to comply with a freedom of information request made by digital activist Michael Cordover. He wanted to scrutinise the source code for the EasyCount application, but the AEC’s chief legal officer Paul Pirani instead declared him “vexatious”. The Senate motion, introduced by Greens senator Lee Rhiannon, called on Special Minister of State Michael Ronaldson to table the source code, as well as correspondence and documents relevant to the decision to have Mr Cordover declared a “vexatious” applicant and the assertion he “colluded” with another activist to “harrass” the AEC. … Mr Ronaldson said the government would not table any documents or correspondence relating to Mr Cordover’s FOI request, because the matter would soon appear before the Administrative Appeals Tribunal. He also refused to publish the source code for the Senate counting system.

Full Article: Government rejects Senate order to disclose Electoral Commission software code.

Editorials: Government’s voting source code secrecy is dumb and dangerous | ZDNet

Here’s an idea for streamlining our national elections. Once people have voted, how about we scoop up all the ballot papers, put them into a big sack, and hand it to a group of masked strangers? They take the sack away somewhere — somewhere secret, so no-one can interfere with them — and some time later they return and just tell us who won. I reckon it’d be cheaper and a lot less trouble for everyone than all this slow, manual counting in front of scrutineers, right? No? Don’t like it? Well, boys and girls, given that the Australian government is refusing to show us the source code for the Australian Electoral Commissions’s EasyCount software, that’s pretty much exactly how your votes for the Senate are being counted right now. Your Senate votes, the ones where you’ve carefully specified your preferences for dozens of candidates, go into the black box of EasyCount, magic happens, and out pops the result.

Full Article: Government's voting source code secrecy is dumb and dangerous | ZDNet.

Australia: Electoral Commission bucks Senate on voting source code | Computerworld

The Australian Electoral Commission has refused a Senate order to reveal the underlying source code of the EasyCount software used to tabulate votes in upper house elections. A motion moved by Greens Senator Lee Rhiannon on 10 July directed Special Minister of State Michael Ronaldson to table the source code as well as correspondence between Ronaldson’s office and the AEC relating to a freedom of information request for the source code. In October, following the fraught outcome of the Senate election in WA, Hobart lawyer Michael Cordover filed a freedom of information application with the AEC requesting the release of the source code and documentation of any data formats used by the software. The AEC rejected the FOI application, citing section 45 of the FOI Act, which exempts “documents that disclose trade secrets”.

Full Article: Electoral Commission bucks Senate on voting source code - Computerworld.

Russia: How Russia could easily hack its neighbors’ elections | Washington Post

In 2007, the Estonian government came under a massive denial-of-service attack that crippled the country’s banking, government and law enforcement infrastructure. Nobody took responsibility for the flood of bogus Internet traffic, but some suspected Russia was the culprit. Given what we know about Russia’s aggressive border policies, it’s a plausible theory. The Kremlin, after all, had a motive: Estonia had recently taken down a Soviet-era statue, and ethnic Russians were up in arms about it. If Moscow wanted to take the opportunity to meddle in Estonia’s affairs, according to research by an international team of security experts, it could do so cleanly and silently without anyone being the wiser. The attack could come via Estonia’s online voting system. Estonia’s is one of the only such ballot systems in the world, which makes it a fascinating test case for other countries or governments weighing the costs and benefits of e-voting. Unfortunately, the researchers discovered, this system is vulnerable to hacking in ways that could change the outcome of entire elections.

Full Article: How Russia could easily hack its neighbors’ elections.

Iowa: Democratic National Committee Discusses Rules, Iowa Thinks Internet Options | US News & World Report

Iowa Democrats are mulling a slate of ways to boost participation in their next presidential caucuses, including permitting Internet voting, a controversial method that would mark the first time in history the web is utilized to cast an official ballot preference for president. Hawkeye State Democrats are in the midst of surveying how to most effectively expand access to those who would like to participate in the unique caucus process, but cannot due to residency or military service overseas or age or physical restrictions that keep them in hospitals and nursing homes. It could also enfranchise participation among blue-collar workers who have shifts during the evening hours when caucuses are held. …  A co-chair of the committee noted that the DNC would likely need to amend the existing rule to permit caucus states to exercise the Internet option. Currently the existing rule only applies to party-run state primaries. “I didn’t even know the damn thing was there,” remarked DNC committeeman Harold Ickes about the Internet option. The remark prompted laughter in the ballroom, but the implications of online voting would be serious.

Full Article: Democratic National Committee Discusses Rules, Iowa Thinks Internet Options - US News.

Oregon: Secretary of state to ask lawmakers for cash to fix hacked website | Associated Press

Secretary of State Kate Brown has informed the Oregon Legislature that she’ll be asking for money to hire a security contractor to fix her website, which was taken offline after hackers broke in. Brown’s office hired a contractor to review security upgrades and another to help manage communication with website users, said Tony Green, a spokesman for the secretary of state’s office. Brown’s office has cut off access to the state’s business registry and campaign finance records since the hacking was discovered Feb. 4. Officials have said little about what information was compromised or when the website will work, but they insist personal information is safe. The hackers did not get access to the state’s central voter registration database, officials say. Green declined again Friday to say when the website might return or whether the public can be assured of having access to campaign finance information before the primary in May or local elections next month. The office has suspended fines for businesses that are late in paying annual fees.

Full Article: Secretary of state to ask lawmakers for cash to fix hacked website | Politics | KATU.com - Portland News, Sports, Traffic Weather and Breaking News - Portland, Oregon.

Oregon: Secretary of State contacts FBI over website hacking | KATU

More than two weeks after the Oregon secretary of state’s office said it detected and stopped an intrusion into the agency’s website, the breach could now be the subject of a federal investigation. Spokesman for the secretary of state’s office, Tony Green, told the On Your Side Investigators that the agency reached out to the FBI after its campaign finance portion of the website was compromised in early February. They also contacted the Oregon State Police, which investigates cybercrimes. “This appears to be an orchestrated intrusion from a foreign entity and not the result of any employee activities,” according to the agency’s website.

Full Article: Oregon secretary of state contacts FBI over website hacking | Local & Regional | KATU.com - Portland News, Sports, Traffic Weather and Breaking News - Portland, Oregon.

Virginia: Legislation would allow deployed troops to email vote | The Virginian-Pilot

Virginia’s General Assembly – especially the Republican-controlled House of Delegates – has been slow to embrace the idea of electronic voting. But it appears a small window may be opening up for one class of citizens to vote by email: military service members who are deployed overseas. Under current law, they must follow the same procedure as anyone else who is absent on Election Day: Obtain an absentee ballot, fill it out and send it in by snail mail. That can be difficult, if not impossible, for service members in active combat zones.

Full Article: Legislation would allow deployed troops to email vote | HamptonRoads.com | PilotOnline.com.

National: Congress, FEC meet about security breakdowns | Center for Public Integrity

Federal Election Commission staff today traveled to Capitol Hill and briefed congressional officials investigating the beleaguered agency on how it intends to address recent computer security and staffing problems, officials from both government bodies confirmed. The FEC’s contingent was led by Alec Palmer, who doubles as the agency’s staff and information technology director. It wasn’t immediately clear how many congressional officials participated in the meetings, although a spokesman for Rep. Robert Brady, D-Pa., confirmed to the Center for Public Integrity that his office participated. Brady, along with Rep. John Mica, R-Fla., last week called for separate inquiries into the FEC’s recent woes, which include an October infiltrationinto its computer systems by Chinese hackers. Brady is the ranking member on the Committee on House Administration, which has FEC oversight powers.

Full Article: Congress, FEC meet about security breakdowns | Center for Public Integrity.

National: Hacking attempt draws congressional investigation of FEC | Center for Public Integrity

Two congressional leaders — one Republican and one Democrat — are calling for investigations into Federal Election Commission computer security and operational breakdowns that the Center for Public Integrity detailed in a recent report. The report revealed that Chinese hackers crashed the FEC’s computer information technology systems in October just as the federal government shut down, and that the agency is suffering from chronic staffing shortages. A subsequent audit the FEC commissioned revealed a variety of other security issues. “The revelations that FEC IT systems were compromised raises serious concerns,” said Rep. John Mica, R-Fla., chairman of the House Government Operations Subcommittee which oversees federal IT matters. “I am working with my staff and the staff of the full House Oversight and Government Reform Committee to investigate the extent of the breaches, and I intend to conduct a full and thorough review of the vulnerabilities of FEC systems which should raise concerns for all federal elected officials.”

Full Article: Hacking attempt draws congressional investigation of FEC | Center for Public Integrity.

National: Federal Election Commission Faces Serious Security Failings, with Few Plans to Remedy | Infosecurity

Just weeks after the US Department of Energy was shown to have disregarded proper cybersecurity measures, the Federal Election Commission (FEC) is facing what an independent auditor calls “significant deficiencies” when it comes to its cybersecurity posture. The FEC in fact remained at “high risk for future network intrusions”. However, the electoral watchdog said that it has little interest in implementing even minimum IT security controls. The audit firm, Leon Snead & Co., said in the audit that the FEC’s IT security program does not meet government-wide best practice minimum requirements in many areas. That includes carrying out due diligence information as part of an organization-wide risk management program, using the risk management tools and techniques to implement and maintain modern safeguards and countermeasures, and ensuring the necessary resilience to support ongoing federal responsibilities, critical infrastructure applications and continuity of government in the event of an attack.

Full Article: Infosecurity - Federal Election Commission Faces Serious Security Failings, with Few Plans to Remedy.

National: Federal Election Commission still in ‘significant’ danger of hacking | Center for Public Integrity

The Federal Election Commission’s computer and IT security continues to suffer from “significant deficiencies,” and the agency remains at “high risk,” according to a new audit of the agency’s operations. “FEC’s information and information systems have serious internal control vulnerabilities and have been penetrated at the highest levels of the agency, while FEC continues to remain at high risk for future network intrusions,” independent auditor Leon Snead & Company of Rockville, Md., writes. The audit, released today, comes less than two weeks after a Center for Public Integrity investigation that revealed Chinese hackers infiltrated the FEC’s IT systems during the initial days of October’s government shutdown — an incursion that the agency’s new leadership has vowed to swiftly address. The Chinese hacking attack is believed by FEC leaders and Department of Homeland Security officials to be the most serious act of sabotage in the agency’s 38-year history.

Full Article: Audit: FEC still in 'significant' danger of hacking | Center for Public Integrity.

National: Massive Chinese Hacking Attack on FEC Computers Exposes Deep Agency Dysfunction | AllGov

Few Americans would argue that the “D” in Washington, DC, might well stand for “dysfunction”—but it’s especially true when it comes to one government agency in particular: the Federal Election Commission (FEC). The FEC has been something of a mess for quite some time, due to partisan infighting among its commissioners and lack of help from Congress or the White House. There are six commissioners and no more than three can be from the same party. But things took a turn for the truly ugly during the government shutdown in October, when Chinese hackers took advantage of federal employees being furloughed, leaving no one around at the FEC to mind its computer network. Indeed, every one of its 339 employees had been sent home. The cyber-attack—possibly the worst act of sabotage in its four-decade history—reportedly crippled the commission’s systems that inform the public about the billions of dollars raised and spent each election cycle by candidates, parties and political action committees.

Full Article: Controversies - Massive Chinese Hacking Attack on FEC Computers Exposes Deep Agency Dysfunction - AllGov - News.

Editorials: How Washington starves its election watchdog | Center for Public Integrity

Just after the federal government shut down Oct. 1, and one of the government’s more dysfunctional agencies stopped functioning altogether, Chinese hackers picked their moment to attack. They waylaid the Federal Election Commission’s networks. They crashed computer systems that publicly disclose how billions of dollars are raised and spent each election cycle by candidates, parties and political action committees. As minutes turned to hours, the FEC found itself largely defenseless against what may be the worst act of sabotage in its 38-year history. The government had furloughed all 339 agency employees, save for the presidentially appointed commissioners, and not even one staffer had been deemed “necessary to the prevention of imminent threats” to federal property, the minimum measure for keeping someone on the job.

Full Article: How Washington starves its election watchdog | Center for Public Integrity.

Editorials: Digital voting is a game changer but we have to get it right | The Conversation

The UK may be taking its first, tentative steps towards introducing online voting with the establishment of a Commission on Digital Democracy. As so many of our routine tasks are going digital, the shift towards virtual polls seems like a natural progression. However, there are many technical issues that need to be ironed out and the stakes are very high. John Bercow, Speaker in the UK House of Commons, established the commission with a view to looking at how technology can be used to aid the democratic working of parliament, including online voting. This team would do well to take a look at what has, and has not, worked elsewhere around the world. Electronic voting can take a number of forms, including tallying votes by computer, using electronic equipment in polling stations and voting over the internet from the voter’s own computer or mobile device. Voting by phone is already used in entertainment shows, though multiple voting is possible and result-fixing has been known to happen. Internet voting is also carried out for professional societies, student unions and other forms of election. It works well when cost and desire to increase turnout are important factors and where the likelihood of an attack on the election is considered to be low. If we were to start using e-voting systems for electing political representatives, we’d need to be absolutely sure of their trustworthiness. Computer systems, including e-voting systems, can go wrong accidentally through software bugs, they can be hacked, and they can be subverted by corrupt insiders. Systems used in elections have been the subject of criticism for all these reasons, resulting in some cases from their withdrawal.

Full Article: Digital voting is a game changer but we have to get it right.

Australia: The tech behind Western Australia’s senate recount | iTnews.com.au

For more than 95 percent of Australians, the daunting task of voting below the line in a federal senate election is too much to ask, especially for a Saturday morning. So it will come as no surprise that during the upcoming WA senate recount, as with every senate tally since 2001, the Australian Electoral Commission (AEC) will call upon some electronic assistance to calculate the complex system of preferences and trickle-down the redistributions that decide the seating pattern in the nation’s upper house. While Greens communications spokesman Scott Ludlam waits to hear whether he has won back his seat, electoral officials will be feeding ballot data into a limited network of computers running its EasyCount tally system. “The system takes the entered information for each of the votes cast in a Senate election, performs the distribution of preferences, and indicates which candidates have been elected,” an AEC spokesman explained to iTnews.

Full Article: The tech behind WA's senate recount - Security - Technology - News - iTnews.com.au.

Australia: Electoral chief cautious about online voting | Sydney Morning Herald

The replacement of paper-and-pencil voting with an electronic system could see Australians lose confidence in the poll results, the electoral chief has warned. Australian Electoral Commissioner Ed Killesteyn defended the system’s reliability following attacks from election hopeful Clive Palmer, who portrayed himself as a victim of ”rigged” results and the AEC as a military-infiltrated ”national disgrace”. Despite the conspiracy claims, Mr Palmer extended his lead over his Liberal National Party rival to 111 votes on Friday, with the final counting of outstanding votes in the Sunshine Coast seat of Fairfax expected on Saturday. The Palmer United Party founder and wealthy Queensland businessman reacted angrily to the discovery of 750 votes tallied against the wrong pre-poll location mid-way through the count. In an earlier mistake, officials noticed 1000 votes for Victorian independent Cathy McGowan had not been recorded correctly, pushing the seat of Indi further out of reach of former Coalition frontbencher Sophie Mirabella, who subsequently conceded defeat this week. Mr Killesteyn said computer-based voting would eliminate these kinds of ”human errors” but the benefits would have to be weighed against hacking and manipulation fears.

Full Article: Electoral chief cautious about online voting.