Should We Ignore the South Carolina Election Hacking Story?

chicksdaddy provides five (or more) "good" reasons why we should ignore the South Carolina election hacking story that was reported yesterday. According to yesterday's reports, South Carolina's voter-registration system was hit with nearly 150,000 hack attempts on election day. Slashdot reader chicksdaddy writes from an opinion piece via The Security Ledger: What should we make of the latest reports from WSJ, The Hill, etc. that South Carolina's election systems were bombarded with 150,000 hacking attempts? Not much, argues Security Ledger in a news analysis that argues there are lots of good reasons to ignore this story, if not the very real problem of election hacking. The stories were based on this report from The South Carolina Election Commission. The key phrase in that report is "attempts to penetrate," Security Ledger notes. Information security professionals would refer to that by more mundane terms like "port scans" or probes. These are kind of the "dog bites man" stories of the cyber beat -- common (here's one from 2012 US News & World Report) but ill informed. "The kinds of undifferentiated scans that the report is talking about are the internet equivalent of people driving slowly past your house." While some of those 150,000 attempts may well be attempts to hack South Carolina's elections systems, many are undifferentiated, while some may be legitimate, if misdirected. Whatever the case, they're background noise on the internet and hardly unique to South Carolina's voter registration systems. They're certainly not evidence of sophisticated, nation-state efforts to crack the U.S. election system by Russia, China or anyone else, Security Ledger argues. "The problem with lumping all these 'hacking attempts' in the same breath as you talk about sophisticated and targeted attacks on the Clinton Campaign, the DCCC, and successful penetration of some state election boards is that it dramatically distorts the nature and scope of the threat to the U.S. election system which -- again -- is very real." The election story is one "that demands thoughtful and pointed reporting that can explore (and explode) efforts by foreign actors to subvert the U.S. vote and thus its democracy," the piece goes on to argue. "That's especially true in an environment in which regulators and elected officials seem strangely incurious about such incidents and disinclined to investigate them."

Someone is attempting to hack everything

[elrous0]

I pretty much just assume that any computer attached to the internet is being tested by hackers all the time. Why should election computers be any different?

Re:Someone is attempting to hack everything

Because they shouldn't be attached to the internet?

All in a day's business...

[Frosty+Piss]

The public-facing srvers I'm reponsible for are port-scanned thousends of times a day in addition to the SSH access attempts, but these are all so common that only a fool falls victim to this sort of thing, the basic protections are fairly elementary and catch most if not all such common garbage.

Re:All in a day's business...

[93+Escort+Wagon]

those scans are so prevalent because they are regularly successful.

Those scans are so prevalent because they're trivially easy to implement - regardless of the success percentage. That percentage can be very low and still be worthwhile.

"The very real problem of election hacking"

[cunina]

If it's such a "very real problem," then why has not one single media outlet actually explained how the election was "hacked?" We hear "Russians" twenty times a day, but no one actually points a single compromised voting system, nor any research that show Clinton would have won if hadn't been circulated. This, from a media that has become otherwise quite good at explaining things like quantum teleportation and CRISPR/CAS9 to the general population - but somehow lots of hand-waving about the "hacked election."

Re:"The very real problem of election hacking"

[gatfirls]

There has been nonstop coverage about how the election was "hacked", of course that may not fit into your or others narrative that if they didn't directly hack voting machines then there is no "hacking" (let's call this the glove does not fit so you must acquit theory). There was the DNC hack and leaks and the disinformation campaigns that have been well covered and sourced to be either Russian government lead or by Russian parties with which we are unsure of their ties. You hear about Russia 20 times a day because the Trump campaign and Cabinet and close ties are oozing in unanswered questions/connections with regard to Russia and every day a new connection either direct or indirectly made.

That is all non-partisan fact. Take of it what you will.

Re:Of course

[HornWumpus]

Plus voter ID, clear ballot boxes and indelible ink marks on voters thumbs to prevent double voting. The UN has a set of best practices.

Computerized voting is *Supposed* to be hacked

[aberglas]

By the partizan electoral officials that control them. Heck, the Diabold machine was even found to have and "Adjust Votes" option on the menu, no need for any actual hacking.

It amazes me that Americans put up with this grossly dubious system.

I am sure that the Australian election was not hacked. I was one of the scrutineers who watched while every paper ballot (at a particular booth) was tallied. And then forwarded those subtotals on to the candidate themselves. No fuss. No court cases. Just transparency.

Re:Of course

[thrich81]

Is that Voter ID really free of charge or is it free after you pay a fee to get a certified copy of your birth certificate which is required in order to get your free ID? Paying money for anything in order to vote has a bad history in this country, as do literacy tests (hey, you should be able to read, else how can you cast an informed vote!), etc. You can always make an argument why there should be some test or other extra-constitutional requirement to vote -- they've all been tried in the past.