Slashdot Mirror

← Back to Stories (view on slashdot.org)

Election Assistance Commission Hacked Using SQL Injection (reuters.com)

Posted by BeauHD on from the irony-at-its-finest dept.

whoever57 writes: The commission that is responsible for ensuring the integrity of voting machines was itself hacked. The hacker gained access to non-public reports on weaknesses in voting machines. The hack occurred after the election, so it is unlikely that this hack resulted in changing the result. However, if one hacker can break in, how does anyone know that there was not a prior hack? The hack used an SQL injection flaw to gain access to usernames and passwords which were then cracked. wiredmikey adds: Researchers have discovered that a Russian-speaking hacker broke into the U.S. Election Assistance Commission (EAC) systems, and has been trying to sell stolen access credentials -- including admin-level -- on the underground. On December 1, researchers with Recorded Future discovered internet chatter that appeared to relate to an EAC breach. A hacker, called "Rasputin" by Recorded Future, was discussing the sale of more than 100 EAC access credentials to a middle-eastern government broker. The hacker claimed to have accessed the systems via an SQLi vulnerability, which Recorded Future was able to locate and report. EAC said Thursday that was aware of the "potential intrusion" and was investigating the incident.

5 of 103 comments (clear)

  1. Maybe that was the plan all along by scatbomb · · Score: 4, Interesting

    Maybe that was the plan all along. They sat on this information so they could bury it if their candidate won and bring it to light if their candidate lost so as to throw the legitimacy of the vote into question.

    1. Re:Maybe that was the plan all along by 0100010001010011 · · Score: 3, Insightful

      Every day, more clinton email scandal and no chance for policy discussion.

      Because we the media didn't spend a large chunk of its time talking about Trump's pussy grabbing or his tweets. I honestly heard more about Trump's tweets than I did Clinton's e-mails.

      So lets not pretend if the e-mails weren't released they would have talked about 'policy' at all.

  2. Re:Well by Unordained · · Score: 4, Insightful

    Agreed.
    I get that developers are lazy and can be expected to shy away from security features that get in the way, but come on, Prepared Statements have been around for a very long time, and in a lot of ways, they make your life easier (prettier code, streamed-blob-handling, no escaping, datatype checks):
    They should be your /default/ coding practice, not what you reluctantly pick up after a breach or an audit!

  3. Re:Quoting Trump by hey! · · Score: 3, Informative

    Senate Majority leader objected, if I recall, to the information being made public so close to election day.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  4. Re:"Russian speaking" and "underground" by MightyMartian · · Score: 3, Insightful

    It's strange how many ACs there are out there telling us how Russia is our friend.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.