Hacker Exposes Florida's Voting Database — Again

Dangerous_Minds writes "A hacker that goes by the name of Abhaxas exposed parts of the Florida voting database. That apparently didn't sit well with election officials. Reportedly, officials said that authorities were contacted and that their databases are now more secure than ever. In turn, Abhaxas decided to hack the database again and reveal a file directory. Said Abhaxas in the posting, 'Glad you cleaned things up, pretty secure now guys.'"

pen and paper

nothing beats it.get back to the way things were done , by hand , and say goodbye to cracked databases.
i lived in FL and it's the worst place for voting.We should all pressure FL to go back to good old hand counting and manual
voter list generation
We do it in Canuckia without trouble , dont tell me FL can't do it.

Re:pen and paper

[Gideon+Wells]

Pen and Paper is not anymore secure. Just a false sense of security and nostalgia. There have been reports in some states of boxs of voting slips just appearing after an election.

I'm still a fan of the dual system. Computerized voting with a paper printout for auditing purposes. The voter can double check this. Possibly have a random X% of precincts have a mandatory paper printout manual count to check against the computer for possible errors.

Re:pen and paper

Scantron voting! I've seen this before, over 10 years ago. Best of both worlds!

Re:pen and paper

[WaywardGeek]

No! Those of us who don't live in Florida love all the comedy. You would ruin it for the rest of us.

Re:pen and paper

Nah, would never work. We'd be seeing people filling in A all the way down thinking they would be getting the A quality candidate.

Re:pen and paper

[K'tohg]

This will never happen. The whole idea behind having such wacky computer based systems is to provide a sense of out of control to voters while giving control to to who has the big bucks. Remember government is not made for or from us. we just think it does. If a voting machine "borks" then there is plausible deniability. A chance for a recount, a way to skew the numbers to the benefit of those in charge. Simply put attempting to make a better system only pushes those who can manipulate that system out. So those who can manipulate a system will never allow something that makes it better. You know the old adage: "What's in it for me?" Ask a politician to make a fairer and more robust voting system and he/she will ask you "What's in it for me?"

Re:pen and paper

[LurkerXXX]

Certainly it's more secure. You need to move around big boxes full of paper, and you need to do that at a lot of locations to affect a state or national election. Lots of people involved. Lots of not so subtle activity. Lots and lots of chances to get caught.

With electronic voting, you need at most one person per state, and at the most obvious, carrying a tiny device in their pocket going into a voting booth. That's if they can't do it all remotely from the comfort of their office chair. Many many less people involved, and with a heck of a lot less obvious activity. Very little chance of getting caught compared to paper changing.

Re:pen and paper

[Moryath]

There have been reports in some states of boxs of voting slips just appearing after an election.

The Republicans have raised it to an art form in Wisconsin. What, you didn't think Scott Walker actually won the election fairly, did you? Far easier for the Kochs to simply buy him off and rig the election.

Re:pen and paper

Nah, would never work. We'd be seeing people filling in A all the way down thinking they would be getting the A quality candidate.

Republicans is as republicans does, sir.

Re:pen and paper

[AngryDeuce]

Don't worry, I'm sure the WI Republicans are working on a way to ensure that we never have to deal with these stupid elections again anyway. They're already hard at work trying to turn the WI Supreme Court from an elected position to an appointed one. Actually, I think it's more accurate to say a "bought" one, in light of recent evidence that Walker's illegal campaign contributors were given jobs in exchange for their donations, and that's ignoring Brian Deschane, the DUI wonder, and Hopper's 22 year old girlfriend, who magically beat out an entire field of qualified applicants for a position that she was paid $10,000 more a year for then her predecessor, for no justifiable reason whatsoever.

Forward, WI! Right back to Tamany Hall!

Re:pen and paper

[Archangel+Michael]

It is funny, but all the recent "election" problems I can recall were all (D) precincts. I don't know anything about WI or who is having voting issues there, but blaming the (R) as you do while ignoring or neglecting to mention the problems with (D) voting is ... stupid and childish.

Don't take this to mean that the (R) are innocent, I'm sure they are not. Perhaps it is much more common in (D) circles that it fails even mentioning when it happens there ;)

Re:pen and paper

[AngryDeuce]

Waukesha is a (D) precinct? Since when?

Why do you think they picked that county to be the place where they 'found' those votes? The head of the [quote]non-partisan[/quote] election board for that area is an ex-GOP aide and there's little oversight. This is the county that 'had' 96.7% turnout in 2004. Yeah, right. Australia has compulsory voting and can't crack 95%.

Re:pen and paper

[Synerg1y]

Worst place is an understatement, FL was the unproven decider in an election because of which we are still at war.

Re:pen and paper

[Synerg1y]

Nah, we just need competent people to implement a system that doesn't involve a www facing database.

Re:pen and paper

[Archangel+Michael]

Wooosh.

Obviously you missed where I said ... "I don't know anything about WI or who is having voting issues"

Which kind of makes my point, that political ideologues like yourself can't seen the beam in your own eye.

Re:pen and paper

[AngryDeuce]

If you don't know, then why do you comment on it? The voter irregularities in WI are well documented, a simple Google search would return any answers you need.

Re:pen and paper

[jayme0227]

In the meantime, they'll just select their presidential candidate at random. Again.

Re:pen and paper

[Steauengeglase]

When I was a kid, my aunt bought a bunch of ballot boxes when our country made the switch (she was the antique type and figured she could sell them for something). We were completely shocked when they showed up on her doorstep, locked, sealed and filled with uncounted ballots from an election 5 years earlier.

Between dead people voting and that, I'm still not sure why I even bother voting.

Re:pen and paper

[WorBlux]

That's why you should hand-count the ballots and publicly announce the count for each polling place, and the meanwhile the boxes should never leave public view.

Re:pen and paper

If people in Florida knew how to read and write, then perhaps that would be a possibility. Right now their voting system is computerized with a RED button and a BLUE button, and they have to press that once to vote for whoever they want, red or blue.

secure? oh really?

[spokenoise]

all your votes are belong to us!

and ...

nobody gives a shit, AGAIN!

Re:and ...

[rtfa-troll]

100% right. The only possible thing which would even get noticed is if a third party candidates started winning ballots. Now if that happened, then the politicians that be would make sure the ballot committees ended up in real trouble. As long as that doesn't happen, the candidates are just happy that their own people are in charge of the vote counting.

Re:secure? oh really?

They probably thought the authorities were physically guarding the database.

They are telling the truth, the system is secure

[SmallFurryCreature]

The voting system in Florida is 100% secure, they absolutely positively guarantee that there is ZERO chance of ANY voter being able to affect the predetermined outcome sold to the highest bidder.

Oh yeah thought they were trying to ensure the voters choice was not tampered with? What a silly idea.

is Abhaxas a bad movie reference?

[Bleek+II]

I posted this last time I saw a story about this hacker but I point out again. Abhaxas must have taken the name from Abraxas Guardian Of The Universe. It easily ranks among some of the worst movies ever mane. But I'll let other be the judge of that. Here's part one: http://www.youtube.com/watch?v=xs6yYAMpxUs Or is there some other reference I'm missing?

Re:is Abhaxas a bad movie reference?

Wikipedia is your friend:
https://secure.wikimedia.org/wikipedia/en/wiki/Abraxas

Re:is Abhaxas a bad movie reference?

[Ozeroc]

Probably the Sanata album: http://en.wikipedia.org/wiki/Abraxas_(album)

Re:is Abhaxas a bad movie reference?

There is at least one children's book where that name (Abraxas) appears. I actually suspect it's not a very uncommon one. Probably derived from Abracadabra.

Re:is Abhaxas a bad movie reference?

[kvezach]

It could be a general Gnostic reference. Abraxas is also a Marvel Comics character.

Re:is Abhaxas a bad movie reference?

[Bleek+II]

Wow, I feel dumb. It's funny that I assume an obscure contemporary culture reference without any research.

Re:is Abhaxas a bad movie reference?

Other way around, actually. Abracadabra was probably a magical invocation of the god Abraxas.

Re:is Abhaxas a bad movie reference?

Me, too. Here I was thinking it was a script kiddie modification of "Abacus".

Re:is Abhaxas a bad movie reference?

Unlikely. Very few (just you so far) have ever heard of Abraxas Guardian Of The Universe, whereas there are many other reference to Abraxas that are far more popular.

http://en.wikipedia.org/wiki/Abraxas

Re:is Abhaxas a bad movie reference?

[wintercolby]

Yeah, now I'm trying to figure out if there's a reason other than the haxor reference for swapping out the H. Maybe I'm giving the guy too much credit. Maybe it's just someone who believes whole-heartedly in democratic principles. If he or she really were up to no good it would be by choosing a victor in a major election instead of posting a vulnerability.

Re:They are telling the truth, the system is secur

[WrongSizeGlass]

The voting system in Florida is 100% secure, they absolutely positively guarantee that there is ZERO chance of ANY voter being able to affect the predetermined outcome sold to the highest bidder.

Now that's just cynical, SFC, even for you ;-)

Abhaxas is playing with fire. Politicians don't like to be embarrassed - especially over and over again for the same thing (except coke and hookers, of course). But this is Florida so he has a decent chance of getting acquitted.

The other side of the coin

Most if not all of you will have heard something along the following lines...
"I'm getting infected by a lot of viruses since you've installed an antivirus on my PC. I'm worried, how can I solve this problem?"

How do you think these kind of people react to the recent hacking activities? I myself consider them to be at least a necessary evil, but the average Joe's mind will scream... these hackers are making our system unsecure, make them go away!

The hackers are not making the system unsecure Joe - the system was unsecure to begin with. You're just being uncomfortable with the truth.

Re:The other side of the coin

[WaywardGeek]

Right on. The government should offer rewards for hacks like this, in any critical system: voting databases, military secrets, IRS database, etc. It would be the equivalent of the whistle-blower law we passed to reward people who expose fraud in government contracts. Just require the hackers to make public enough to prove they have accessed sensitive data, but not enough to compromise important systems. State how they did the hack in secret communication, and get money from the US government, as bitcoins through the Tor network. Allow the hackers to collect the reward over and over once a month until the system is secure.

Imagine how awesome such a program would be for exposing which important secrets have been compromised? With say a $100K reward to any worker anywhere who can prove they have access to critical US "secrets", we'd learn a ton about what systems are secure and which aren't. That's the kind of information that wins or loses wars.

Re:The other side of the coin

This

Re:The other side of the coin

[repapetilto]

My mom said the exact same thing.

Re:The other side of the coin

[RobbieThe1st]

Mod Parent Up!

Re:The other side of the coin

"as bitcoins through the Tor network"
I think I'd rather deal with law enforcement, at least then I'll be able to get my money back once I'm out of prison.

Re:The other side of the coin

[flar2]

Except, doing so would create incentives for insiders to leak security secrets to hackers in return for a cut of the reward, thus defeating the purpose.

free network security penetration consulting

they should be happy hes doing it for them before an election.

Re:They are telling the truth, the system is secur

{whispered aside}
Voting database? I told them we've already got one.

{written in a ridiculous French accent}
Now, I told you silly Florida officials to go away or I would taunt you a second time.
Rick Scott, your mother was a hamster and your father smelled of elderberries!

why online?

[perryizgr8]

why is any computer holding the voting db even online? why do you need internet access? what is the problem with using an offline db and syncing the voting machines or something?

Re:why online?

[j00r0m4nc3r]

why is any computer holding the voting db even online

How is Florida going to sell its election if it's not?

Re:why online?

[Xacid]

That's what I don't get. There's absolutely no reason for this.

In my town it's electronic - but it's all closed.

Is it impervious? Probably not. But is it exposed to this kind of crap on this kind of scale? Hell no.

Re:why online?

"Because they're fucking idiots" seems to be the only logical conclusion.

Re:secure? oh really?

[Robert+Zenz]

They probably were...but the bastard slipped through the intertubes!

Root

[TheSpoom]

Anyone notice he posted the file listing as root?

Also, cleartext passwords in the database, all using the same format. For shame.

Re:They are telling the truth, the system is secur

[Robert+Zenz]

That is, if he/she is even sitting in the U.S. .

check out the passwords

[roman_mir]

Check out the passwords in the paste bin. Who the hell comes up with these? Two letters, one for the first name, one for the last name and a 4 digit numeric code?

Re:check out the passwords

[MrOctogon]

Its most likely their initials, and the last 4 of their SSN. I've worked in offices where that is the default password they set up for you, and 90% of people never changed it.

Re:check out the passwords

[wintercolby]

I'll bet you dollars to donuts that the numeric code is the last four of each person's social security number. I wonder how hard it is to get that changed.

Obligatory

[benjamindees]

Key Largo Election Official explains vote counting process.

Re:They are telling the truth, the system is secur

It's not just tampering. When a district has undesirable votes, whole voting machines disappear rather than editing the data. "par for the course" claimed one mayor when ask why one machine was found hidden under boxes of stationary. Needless to say the votes weren't counted or any investigate made as to how it could happen.

The result of insecure voting is less problematic

The result of insecure voting is less problematic if you're using pen and paper. That's got NOTHING to do with nostalgia.

If your electronic voting is insecure, a script can add 10 million votes in a few seconds.

If your paper voting is insecure, someone can stuff a few hundred votes in a day.

And if you're spending millions on electroinic voting because it's secure and it isn't, then how about saving money and going with the cheap option: paper.

Should have ran this...

[FunkyELF]

ls -ail ???

I think a better command would have been ....

tar -c . | bzip2 | base64

Re:Should have ran this...

[RobbieThe1st]

Not really. The above command proves he has root access, while not letting(much) secret data out. The bottom one would be what, say, LulsSec would do, and is sort of overkil and much more dangerous to you if you get caught, I think...

Re:secure? oh really?

All your vote are belong to us- fixed that, now you can get a +4

Re:They are telling the truth, the system is secur

[sycodon]

"Glad you cleaned things up, pretty secure now guys."

Honestly, if you knew someone that behaved like this in your personal relationship, wouldn't you just want to take a 2x4 and whack them upside the head?

There is a reason people like this are living in their mother's basements.

Re:They are telling the truth, the system is secur

[Hatta]

Cynical, but absolutely correct. The two usually go hand in hand. Perhaps we need an analog to Occam's razor. When all other things are equal, the most cynical explanation is most likely correct.

Really _scary_ implementation!

[LordFolken]

Great...
  Mistake #1: Application obviously runs as root
  Mistake #2: Permissions on directory should not be 644 but 600!
  Mistake #3: Server with VITAL Data obviously publicly accessible. It should be firewalled in, separate from the webfrontend...
  Mistake #4: You use CSV for storing the data???? This is a voting machine? You people SCARE me! This should be WORM device for audit purposes!

I really don't want to know what the rest of the "application" looks like.. Please fire your implementor. This is really asking for it. You are doing a disservice to the people you are supposed to serve!

Re:Really _scary_ implementation!

[Steauengeglase]

If I recall Diebold was using an unprotected Access database for storing its votes and the whole thing was available from the outside via a dialup modem. Having legislation that makes tampering illegal seems to be the preferred method of CYA.

Ha!

[cmdr_klarg]

pwnd

Re:They are telling the truth, the system is secur

[Archangel+Michael]

But this is Florida so he has a decent chance of getting acquitted.

No he won't. Lying to police investigating a murder warrants only 4 years, while embarrassing politicians is a major crime worthy of 25 years to life!

Easy

[publiclurker]

He was hoping that he could get away with his spewing without being called on it.

Re:They are telling the truth, the system is secur

Ah, the ol' Slashdot Razor. Secretly brought to us by The Jews who are running the world.

P.S. Hitler. That should stop this from devolving.

no no no

[Kamiza+Ikioi]

The only reason pen and paper are "secure" is that they aren't online. Take the f#$%ing database offline, Florida!

Nationalized Election Standards?

Aren't there nationalized standards for elections in the US? Why is this only Florida's problem? Why is it that the wheel keeps having to be reinvented from state to state?

Re:Nationalized Election Standards?

It would be more secure to have multiple vendors by region or state if the product was actually being vetted... But there is no vetting.

Search around for the Utah electronic voting scandal. A guy got canned from a public position for discovering their voting machines were out of spec and some had data in the results section before the election. IIRC they ended up blaming him for a re-certification fee they had to pay for each machine, fired him, and buried the story.

The public apparently didn't pick up on the fact that the machines had been certified in the first place and passed with all the problems, and the same examiners were getting paid to pass the exact same machines without effort at redress. The flaws this guy exposed were in addition the lack of rational security features on the boxes themselves which would have allowed ample opportunity for a malicious party to influence the integrity of the machine while supposedly casting their votes.

The elections here have lost all appearance of legitimacy.

what about the old "manual" machines

[colonel+spalding]

What was wrong--I'm not being facetious--I would like to know, with the old voting machines. The ones in which you pushed the big lever to the right, flipped down the little knobs to vote and then push the lever back. Were they hackable? It drives me crazy when the computer experts warn warn warn, but the right wing powers that be, funded by the corporations with the most to gain monetarily and politically, ignore the warnings and are once again wrong wrong wrong.

Exactly WHAT got hacked?

[zipn00b]

I'm rather unclear exactly WHAT has been hacked as it's not the actual voting data. I've verified that with people who worked with the system. It's definitely not normal to have any data easy to get to so it should cause an increased effort at security but nothing has been compromised that would affect any actual votes. One theory is that a test system of some sort got compromised. The fact that it's called a "Florida" database is mystifying as well since it's all county by county. If he's getting into some county's test system then that system needs to be secured.