Slashdot Mirror
Should We Ignore the South Carolina Election Hacking Story? (securityledger.com)
chicksdaddy provides five (or more) "good" reasons why we should ignore the South Carolina election hacking story that was reported yesterday. According to yesterday's reports, South Carolina's voter-registration system was hit with nearly 150,000 hack attempts on election day. Slashdot reader chicksdaddy writes from an opinion piece via The Security Ledger: What should we make of the latest reports from WSJ, The Hill, etc. that South Carolina's election systems were bombarded with 150,000 hacking attempts? Not much, argues Security Ledger in a news analysis that argues there are lots of good reasons to ignore this story, if not the very real problem of election hacking. The stories were based on this report from The South Carolina Election Commission. The key phrase in that report is "attempts to penetrate," Security Ledger notes. Information security professionals would refer to that by more mundane terms like "port scans" or probes. These are kind of the "dog bites man" stories of the cyber beat -- common (here's one from 2012 US News & World Report) but ill informed. "The kinds of undifferentiated scans that the report is talking about are the internet equivalent of people driving slowly past your house." While some of those 150,000 attempts may well be attempts to hack South Carolina's elections systems, many are undifferentiated, while some may be legitimate, if misdirected. Whatever the case, they're background noise on the internet and hardly unique to South Carolina's voter registration systems. They're certainly not evidence of sophisticated, nation-state efforts to crack the U.S. election system by Russia, China or anyone else, Security Ledger argues. "The problem with lumping all these 'hacking attempts' in the same breath as you talk about sophisticated and targeted attacks on the Clinton Campaign, the DCCC, and successful penetration of some state election boards is that it dramatically distorts the nature and scope of the threat to the U.S. election system which -- again -- is very real." The election story is one "that demands thoughtful and pointed reporting that can explore (and explode) efforts by foreign actors to subvert the U.S. vote and thus its democracy," the piece goes on to argue. "That's especially true in an environment in which regulators and elected officials seem strangely incurious about such incidents and disinclined to investigate them."
I pretty much just assume that any computer attached to the internet is being tested by hackers all the time. Why should election computers be any different?
SJW: Someone who has run out of real oppression, and has to fake it.
The public-facing srvers I'm reponsible for are port-scanned thousends of times a day in addition to the SSH access attempts, but these are all so common that only a fool falls victim to this sort of thing, the basic protections are fairly elementary and catch most if not all such common garbage.
If you want news from today, you have to come back tomorrow.
Hell, we don't even have to investigate. An election has never been hacked, and cases of attacks are so few and far between that it doesn't make sense to even try to figure out how often this happens.
Donald? Is that you?
If it's such a "very real problem," then why has not one single media outlet actually explained how the election was "hacked?" We hear "Russians" twenty times a day, but no one actually points a single compromised voting system, nor any research that show Clinton would have won if hadn't been circulated. This, from a media that has become otherwise quite good at explaining things like quantum teleportation and CRISPR/CAS9 to the general population - but somehow lots of hand-waving about the "hacked election."
More like man inhales story...
I ran a basic web server for awhile at home a few years ago just for amusement on a Linux box running apache. It served up ONE static page that said something like "this is the only page on this server" and that was it. I got "attacked" thousands of times a week by the script kiddies running the IIS exploit attempt scripts, port scans and all sorts of things that I found a little bit amusing.
Surely, during an election, ANY computer on the net associated with anything to do with voting would be a primary target of all the hackers out there trying to make a name for themselves....Oh Look at me! I broke in and disrupted the election!
The fact is, this is not unusual..
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Plus voter ID, clear ballot boxes and indelible ink marks on voters thumbs to prevent double voting. The UN has a set of best practices.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
By the partizan electoral officials that control them. Heck, the Diabold machine was even found to have and "Adjust Votes" option on the menu, no need for any actual hacking.
It amazes me that Americans put up with this grossly dubious system.
I am sure that the Australian election was not hacked. I was one of the scrutineers who watched while every paper ballot (at a particular booth) was tallied. And then forwarded those subtotals on to the candidate themselves. No fuss. No court cases. Just transparency.
Is that Voter ID really free of charge or is it free after you pay a fee to get a certified copy of your birth certificate which is required in order to get your free ID? Paying money for anything in order to vote has a bad history in this country, as do literacy tests (hey, you should be able to read, else how can you cast an informed vote!), etc. You can always make an argument why there should be some test or other extra-constitutional requirement to vote -- they've all been tried in the past.
The UN makes third world countries use real ID to vote. That doesn't ring true to my knowledge. Do you have a citation for that? Years ago when I was keeping up with this sort of thing, what they did was use ink on the finger or thumb showing that person voted. If you think about it, third world countries have problems getting clean drinking water, food security, sanitation, and clothing - let alone health care, so I guess the US does share a little in common with them. I expect that in a place like India, where 60% of the population doesn't have access to a toilet, an ID would come pretty far down on their list of important needs.
Why can't we do the same in the first world? Fine. Let's also require ID to purchase a gun and ammunition. But really, there is no need for either of those solutions. After all, I'm told gun violence is fake news, and I don't see any cases of mass voter fraud, just the one off Republican voting in two states.
As far as how prevalent fraud is... you put cart before horse claiming it's nothing. Impossible to say when the cheaters won't allow an investigation. I think purple elephants are a problem in my front yard, so I drew a huge KEEP OFF sign. Sure works. Haven't seen a purple elephant in years now. Of course that's nonsense, but I hope that you can at least see my view of your argument. It's nonsensical to me. If there were massive voter fraud, I think the authorites would be locking people up. As it stands, the FBI crime report shows fewer than 200 convictions of voter fraud in 2014.
We investigate the hell out of everything else but oh no don't look behind the vote fraud curtains! Nothing to see there! Trust me! No one is saying there is no vote fraud, we're saying it's not six million votes big. Slight difference there. And President Trump is the one that in my opinion, over uses the words "Believe me" and "Trust me". I do neither because I have a memory, a intellect, a moral compass, and a bit of compassion for my fellow human beings.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.