US Voting Server At Heart of Russian Hack Probe Mysteriously Wiped

A computer at the center of a lawsuit digging into Russian interference in the U.S. presidential election has been wiped. "The server in question is based in Georgia -- a state that narrowly backed Donald Trump, giving him 16 electoral votes -- and stored the results of the state's vote-management system," reports The Register. "The deletion of its filesystem data makes analysis of whether the system was compromised impossible to ascertain." From the report: There is good reason to believe that the computer may have been tampered with: it is 15 years old, and could be harboring all sorts of exploitable software and hardware vulnerabilities. No hard copies of the votes are kept, making the electronic copy the only official record. While investigating the Kennesaw State University's Center for Election Systems, which oversees Georgia's voting system, last year, security researcher Logan Lamb found its system was misconfigured, exposing the state's entire voter registration records, multiple PDFs with instructions and passwords for election workers, and the software systems used to tally votes cast. Despite Lamb letting the election center knows of his findings, the security holes were left unpatched for seven months. He later went public after the U.S. security services announced there had been a determined effort by the Russian government to sway the presidential elections, including looking at compromising electronic voting machines.

In an effort to force the state to scrap the system, a number of Georgia voters bandied together and sued. They asked for an independent security review of the server, expecting to find flaws that would lend weight to their argument for investment in a more modern and secure system. But emails released this week following a Freedom of Information Act request reveal that technicians at the election center deleted the server's data on July 7 -- just days after the lawsuit was filed. The memos reveal multiple references to the data wipe, including a message sent just last week from an assistant state attorney general to the plaintiffs in the case. That same email also notes that backups of the server data were also deleted more than a month after the initial wipe -- just as the lawsuit moved to a federal court. It is unclear who ordered the destruction of the data, and why, but they have raised yet more suspicions of collusion between the Trump campaign team, the Republican Party, and the Russian government.

insecure voting machines

[phantomfive]

Bet you'll find plenty of insecure voting machines around. There is absolutely no reason to have those things connected to the Internet.

Re:insecure voting machines

[fahrbot-bot]

Bet you'll find plenty of insecure voting machines around.

Tell them they're pretty or handsome and doing a really good job. That'll help their self-esteem.

Re: insecure voting machines

Even if it were a matter of regular maintenance it would - best case - be negligent. As soon as they got sued it became legally relevant and your maintenance schedule needs to be delayed.

But it's certainly suspiciously bad timing. They were sued because the system was too old and badly maintained and secured. So maintenance wasn't a high priority for many years and now suddenly they wipe it?
Certainly worth investigating.

Re:Like Hillary's server was?

[quantaman]

Hillary's server was wiped, and the circumstances under which is was wiped (and who decided to do what when) was thoroughly investigated and no one was charged (though the admin probably should have been), and the files were recovered.

Hopefully this server wiping is as thoroughly investigated.

Russians not necessary

[ejtttje]

Black box voting machines make it easy for election officials to throw the results however they pleased. Let's skip the Russian conspiracy theories when good ol' domestic corruption is more than enough to explain suspiciously wiped servers.

Re:Russians not necessary

[king+neckbeard]

Clinton lost to a fucking game show host. The problem isn't Russian hackers, it's the power structure in major western nations is isolated from reality, and thus they get their asses kicked by populists. Populist left easily beats populist right, but populist right beats establishment left. Establishment left sabotages populist left, and gets beaten by populist right. The Clintons and the Blairs are responsible for votes being close enough that foreign interference could even possibly affect results. The Dems could have nominated a ham sandwich and received 300 electoral votes against Trump.

Re:Russians not necessary

[rtb61]

The only problem with giving the Democrats the roto rooter treatment https://en.wikipedia.org/wiki/..., is Americans expect everything now, it must happen yesterday and cleaning out the Democrats much like cleaning out the Republicans will take at least 6 years. Two minor elections and one full election. Not that it wont be chaotic fun to do so but too many Americans expect it served up a platter for them, someone else to clean up their mess.

I don't get, look how much fun it has been screwing over the establishment and making them look as stupid and clumsy as clowns in a clown car. This is the best time to enjoy politics, sure the outcomes at the moment aren't all that flash but you can see them literally falling apart in a blind panic, collapsing in the pile of bullshit the have crafted out of US politics.

Being a reformist is always way meaner than being a revolutionary. Revolutions tend to lead to one thing only, another revolution. The Reformists use the power of the state to clean the state and once started becomes pretty much impossible to stop. We are not fighting the authorities but backing those with honour and integrity and allowing them to do the job they want to do and providing them with the support and information to do that job. The best way to fight crime of any sort is for the authorities and the public to work together and that takes patience, cooperation and clear thought, the willingness to do the hard yards to get the touch down.

Obligatory

[spaceman375]

Voting Machines: https://xkcd.com/463/

Re:aha

[PopeRatzo]

If it was ordered by a Republican, it would be the first thing mentioned.

Why would it have to be mentioned? The Georgia Secretary of State is responsible for elections there, top-to-bottom (he's a Republican). The Governor of Georgia is a Republican. The state legislature is controlled by Republicans. The Attorney General of Georgia is a Republican. Republicans control every single state-wide lever of power.

The server was wiped after voting rights activists filed a lawsuit against the Republican Secretary of State. The reason for the lawsuit? To force the Republican Secretary of State to have the server independently analyzed.

So, please explain why and how "Dems are burning the evidence" in this case? And how did they manage to get a server, and all of its backups simultaneously wiped when they were under Republican control.

Re:Like Hillary's server was?

[jrumney]

Yes, lets equate emails with voting records and use this news to flog a dead horse. Distract and dodge. Works every time, and the best bit is, you don't even need to do it yourself, an army of tribal supporters are willing to do your work for you on internet discussion spaces everywhere.

Calm down... there was a backup

[SlaveToTheGrind]

The non-clickbaity side of the story (a statement from Center for Elections Systems at Kennesaw State University, who had possession of the server) is here:

"In March 2017, a Center for Election Systems’ server involved in an alleged data breach was turned over to the FBI. While the server was in the possession of the Bureau, a forensic image or copy of all the data on the server was made and held by the agency. Following the notification from the FBI that no data was compromised and the investigation was closed, the server was returned to the University’s Information Technology Services group and securely stored. In accordance with standard operating procedures, an after-action report was prepared. This report outlined hardware improvements for the Center, including repurposing the impacted server and surplusing servers that had exceeded end of life. As part of the report, the original server that had been investigated by the FBI was designated to be repurposed, and the drives on the server were erased and the server made available for alternative uses."

"As noted by the subpoena filed today by the Attorney General’s Office, the data and information that was on the server in question has been and is still in the possession of the FBI and will remain available to the parties in the event it is determined to be relevant in the pending litigation."

So (a) the feds already investigated and found no evidence the server was compromised, and (b) they still have their forensic image of the server. This seems a lot more like litigants and journalists huffing and puffing than it does a real issue.

Re: Calm down... there was a backup

You don't find it odd that the server was wiped after a lawsuit was filed? You don't find it odd they degaused the backups three times when the lawsuit moved to federal court? Are you for real here? I mean the first wipe could have been morons being morons. But the destruction of the backups? And hey isn't preservation of records in the face of litigation a thing? Even armchair lawyers know that's a thing. Somebody really doesn't want those records examined.

NO voting machines are connected to the Internet

[davide+marney]

I am a volunteer poll worker in Virginia. NO vote-tallying equipment is connected to the Internet, anywhere in the U.S. We are not idiots. We have about 230+ years' worth of experience with people trying to throw an election, and we understand -- and mitigate -- the risks.

This server in Georgia did NOT hold vote counts. It held voter registration records, instructions, and voting equipment passwords.

Each precinct tallying the votes keeps an independent record of their machines. There are paper backups of voting totals in the form of printed counts and hand-copied summary sheets.

In my state, we have switched over to machine-counted paper ballots in all precincts. Those scanners do not even have wireless hardware in them, they can only be accessed via ethernet cable. Once a machine is tested and certified for voting, a cover is placed over the ethernet socket and it is sealed with a plastic band.

I do advocate the use of paper ballots, but not because then humans could do a hand-count of them. Humans are lousy at repetitive tasks. A hand-count of millions of votes would have a margin of error 10x the size of the margin of error of machine-counted votes. In Virginia, when there is a recount, we bring in a completely different set of scanners than were used to originally count the votes, and run the same paper ballots through them. That is a excellent independent count.

Re:Like Hillary's server was?

[kenh]

a lady who poorly managed her IT

What? You bought her "aw shucks, gee whiz" performance?

With malice of forethought she NEVER, EVER logged in or in any way touched a government email account in her entire term as Secretary of State because, being so backwards technically, she found it easier to hire her own IT consultant, have a server built and managed on her own dime, and have to tell everyone she worked with her email was not hrc@state,gov but instead Hillary@hrc45.com?

Hillary somehow "for simplicity sake" abandoned her official email that she used as a US Senator opting for one run by a guy that does IT work on the side when she stepped into Obama's Cabinet?

As an Ivy League educated lawyer, who was on the wrong side of dozens and dozens of "he said, she said" lawsuits and investigations, you honestly believe she has no idea how emails can derail a political career?

Re:NO voting machines are connected to the Interne

[hey!]

Manipulating voter registration records can also affect the outcome of an election, particularly in a situation where you are performing mass voter roll purges -- which I believe Georgia did. Tweaking the purge in the partisan way is one of the things that could be hidden by this.

Many voters who are denied a ballot may not choose to cast a provisional ballot, or come out to vote next time. Although this may seem like they get what they deserve if they're not sufficiently dedicated, voting can be more of a sacrifice for some people, particularly those with limited time to vote and where the polling stations are located inconveniently. If you're risking late for work you might choose just to leave. There have been documented attempts to manipulate turnout by inconveniently locating polling places.

As far as paper ballots, the obvious choice is optically scanned paper ballots. That said, I have never seen any evidence that human recounters don't perform acceptably. They are not perfect, but neither are machines -- for that matter how could you possibly know if a machine is perfect? In any case human limitations can be dealt with using statistics, to any desirable level of confidence.