Slashdot Mirror
11-Year-Old Changes Election Results On Florida's Website: Defcon 2018 (pbs.org)
UnknowingFool writes: At this year's DEFCON, a group of 50 children aged 8 to 16 participated in a hack of 13 imitation election websites. One 11-year-old boy changed the voting results in 10 minutes. A 11 year-old-girl was also able to change the voting results in 30 minutes. Overall, more than 30 of the 50 children were able to hack the websites in some form. The so-called "DEFCON Voting Machine Hacking Village" allowed kids the chance to manipulate vote tallies, party names, candidate names and vote count totals. The 11-year-old girl was able to triple the number of votes found on the website in under 15 minutes.
The National Association of Secretaries of State said in a statement that it is "ready to work with civic-minded members of the DEFCON community wanting to become part of a proactive team effort to secure our elections." But the organization expressed skepticism over the hackers' abilities to access the actual state websites. "It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols," it read. "While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results."
The National Association of Secretaries of State said in a statement that it is "ready to work with civic-minded members of the DEFCON community wanting to become part of a proactive team effort to secure our elections." But the organization expressed skepticism over the hackers' abilities to access the actual state websites. "It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols," it read. "While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results."
should actually be:
The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
Something like Bill Gates winning a House of Representatives seat for which he didn't stand with 100% of the vote. Until something that visible occurs, this will remain a phony war.
Up with this we cannot put!
”The 11-year-old girl was able to triple the number of votes found on the website in under 15 minutes.”
At last we know who to blame regarding the elephants in Africa!
#DeleteChrome
in California and New York.
Certainly impressive hacking skills, but how can anyone know that the "replica" of the Florida election site is identical to the real site. They need to be able to hack into the real site.
By influencing voter turnout! I can't believe how stupid that quote was.
"One 11-year-old boy changed the voting results in 10 minutes. A 11 year-old-girl was also able to change the voting results in 30 minutes".
But is he Russian?
That's all that matters.
I am sure that there are many other solipsists out there.
OR.... hack an election with the paper audit trail type voting machines, then challenge the result. The recount of the paper trail vs the machine will show the fraudulent nature of the machine count.
If you look at the current state of voting machine, you'll been dismayed. Pennsylvania still has paperless voting machines, it still cannot verify the election result and its not the only state to get unexpected voting results.
https://www.buzzfeednews.com/article/kevincollier/the-voting-machines-in-pennsylvanias-18th-dont-leave-a
The only fix for that is to show how the paper trail reveals the fraud, then block the use of these Fisher Price voting machines in court so trustable paper voting can be used.
How about you do your f*cking job and secure our elections, or you get fired and/or imprisoned?
"One 11-year-old boy changed the voting results in 10 minutes. A 11 year-old-girl was also able to change the voting results in 30 minutes".
But is he Russian?
That's all that matters.
Actually I think you'll find it would also matter whom the change favours. If your Russian schoolboy changed the results to favour the Republican party and our current president it would be nothing to get alarmed about. If, however, his changes favoured the Democrats it would leave the US with no possible response except to go to war with Russia for violating the sanctity of the US democratic process.
Regards
Mitch McConnell
http://www.paul-robinson.us/index.php/2008/10/25/the_robinson_method_a_really_simple_way_?blog=5
Somehow nobody ever wants to talk about this simple solution to the problem.
To be fair, Clinton had the support of the homeless, gangbangers, welfare trash, and illegal immigrants. Not exactly the type who go to rallies, but they do make up a large chunk of the voting population.
Because it's not a simple solution, and it has a number of problems. I'll start with an obvious one - what's to keep someone from bringing a bunch of lead slugs in to skew the vote? Paul says, "check to see if there's nothing in their hands", but what about pockets, sleeves, pants legs, belts, etc? Are we going to do an exhaustive search of each voter at the polling place? And let's say that someone does get a slug in, and let's say that the poll worker suspects a fraudulent vote because the slug made an unusual sound when dropped in the box. Since we don't know which box he dropped it in, all of the boxes now have to be opened and the slug retrieved, and at that point there's no solid way to confirm the validity of the vote without putting unlimited trust in the poll workers.
There are other problems as well, but the main reason no one has followed up on it is that it won't work.
"They need to be able to hack into the real site"
https://www.reuters.com/article/us-usa-election-security/u-s-senator-says-russians-have-penetrated-florida-election-systems-tampa-bay-times-idUSKBN1KU003
I've calculated my velocity with such exquisite precision that I have no idea where I am.
https://xkcd.com/2030/
. "It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols,"
The old security by obscurity defense.
Minors are taking suffrage into their own hands, I see.
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
Apparently manipulation what is being reported on election night isn't a big deal? What if for example seeing "Candidate A declared a projected winner by all stations" causes people planning to vote for the opponent to simply stay home thinking the election has already been decided?
âoeOne 11-year-old boy changed the voting results in 10 minutes. A 11 year-old-girl was also able to change the voting results in 30 minutes.â
Boys > Girls. Still.
At this year's illegal immigrant influx, a group of illegal immigrants aged unknown participated in maybe? 13 elections. One illegal immigrant changed the voting results. A 11 year-old-girl was also able to change the voting results. Overall, illegals voted, and you can't prove otherwise.
This is exactly as true as the original shit /. story.
No, not exactly the same. The original story had a fucking point. Your bullshit ramblings do not.
Hacking the displayed info is a legit issue. Its a sign that the rest of the infrastructure is likely to be similarly poorly defended. One-off systems — like tabulation and voter registration — are inherently more fragile than mass-market systems that have had hundreds millions of hours worth of real world deployment to work the bugs out.
If they can't secure the most basic stuff, the stuff that everybody knows how to secure because its all common building blocks that have been vetted in hundreds of thousands of other systems, then we should not have any confidence that the more esoteric stuff is secured.
And that's just assuming human error. When you start seeing malicious efforts by the people running the systems, it gets much worse. For example, Russians secretly bought the company handling Maryland's elections systems software.
Imagine what insiders like that could do. They don't even have to hack the vote themselves, just "accidentally" leave in security vulnerabilities that the GRU hackers come along and exploit separately.
A four year old then crapped her pants and a twelve year old opened up an access port and pissed in one machine. NASS responsed by Turing their fingers in their ears and humming real loud.
People who arent citizens of US or the state in which the vote is cast....
So, this is what our kids are being taught ?
I think there are more pressing matters to teach them, like how to behave and be a decent person that does not hack.
This is so typical for the decline of humanity, just turn them into a bunch of goofheads who don't know anything about anything.
But hacking they now can.. can they wipe their own asses allready ???
Thatâ(TM)s fine I guess in a country where hotel security ignores your DnD sign, invades your room, rifles through your stuff, and steals whatever they feel like. https://www.secjuice.com/defcon-hotel-security-fiasco/amp/
I knew I'd seen it somewhere, the software used to change the totals on cash registers to steal money. They simply edit the electronic record of sales in order to remove the amount of theft that occurred.:
https://www.nytimes.com/2008/08/30/technology/30zapper.html
Stealing elections is the same techniques. If these voting machines don't have a paper audit trail that's checked against the computer total, then they are not capable of performing a recount of the votes and thus not fit for elections.
Paper audit trails are essentially. Pennsylvania is not auditable.
I see Rand Paul, the Republican Senator from Kentucky, went to visit Putin taking a letter from Trump with him. Paul also promised to vote against anymore Russian sanction. I also see they use these voting machines without paper audit trails. That's a problem. Paul should be seeking votes from Kentucky voters, *not* Putin's hackers.
We trust that our election officials do the right thing only because we can audit the results.
In other words 'Trust but verify'.
A simple concept, which requires care and attention to detail to provide an auditable chain of custody.
Putting software in the chain places super human requirements on the auditors.
Trying to do this on proprietary equipment without a manual audit path makes it a joke.
A result is Georgia trying to defend a 243% turnout as a valid result.
We still have general agreement that trust in the election is a fundamental requirement.
Where did the concept of getting this thru a verifiable chain of custody get lost?
Paper ballots with electronic counting seems the right compromise.
All electronic, to date, seems unsuitable for this critical function.
Fuck Caesars Entertainment!
11 year old changes election results! ... er no, news about results posted to a website ... er, no, not an actual website, a fake one ...
Sheesh. I can always count on /.
"It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols,"
should read
"It would be way easier to hack some of the states because they are all built by unsupervised consultants and use all sorts of insecure systems as a basis."
We regret the error.
Stop the hacks and count paper ballots. Granted paper has it's own issues but at least it's not connected to a network where it can be at risk during an audit like electronic voting is.
It beggers all belief to think that a tool so simply accessed is not utilized.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
At this year's illegal immigrant influx, a group of illegal immigrants aged unknown participated in maybe? 13 elections. One illegal immigrant changed the voting results. A 11 year-old-girl was also able to change the voting results. Overall, illegals voted, and you can't prove otherwise.
This is exactly as true as the original shit /. story.
No, not exactly the same. The original story had a fucking point. Your bullshit ramblings do not.
The original story, and the pseudo event it was based on, was nothing more than click-bait troll activity.
Too late for proactive. Time to try and catch up for the foolish election commission.
Why is our sexist bias such that young women are not competitive in this sort of activity?
So much slower than the young men! Sad!!
At this year's illegal immigrant influx, a group of illegal immigrants aged unknown participated in maybe? 13 elections. One illegal immigrant changed the voting results. A 11 year-old-girl was also able to change the voting results. Overall, illegals voted, and you can't prove otherwise.
This is exactly as true as the original shit /. story.
White men taking psychotropic medications have voted in every election and you can't prove otherwise. How about we legally require everyone declare any prescriptions and randomly drug test at the voting booths? It’s common sense and fair right? Not my problem if that just HAPPENS to affect one party more than the other.
— Le Trolle
My state's voting system was on paper but I worked with the systems.
The websites DID NOT run on the county election computer; HOWEVER they ran on a single staffer's computer which was often a LAPTOP and each ran an insecure public FTP server where the results were exported as a text file. Every news/TV service posting results had access to this insecure FTP server. Not only could somebody temporarily change results reported, but they could hack the OS from there and tamper with the actual totals stored on that computer.
Furthermore, the paper ballots were optically scanned by machines with a reject switch which if turned off would just skip ballots with errors instead of reject them. This wouldn't amount to much but it would allow certain polling places to throw out flawed ballots instead of letting the voter try again with a new ballot. In a close race, this really could add up if done strategically; however, luckily laws passed afterwards made mandatory HUMAN recounts happen well within that range. It does however result in recount totals NOT matching the "perfect" machine recount. We also wasted $$$ from an odd push from the GOP to get computer voting machines (running on win XP) but at least they were only able to waste money having them for handicapped people (it was a phase in plan which failed... but they sure seemed anxious to wreck our system with expensive insecure error prone complex machines... ) These 1 per polling place machines did totals completely separately which had to have the # manually added to the totals; and were not a secure verifiable total either...
Results aren't posted until after the polls close; this has no impact on people casting votes.
Certified results aren't taken from the Internet, they're on a separate non-Internet connected system.
The girl did nothing more than media manipulation. Facebook does this every day.
They don't really. Without some kind of conspiracy, they have no practical way to get to the polls. That mom with 6 kids on welfare would need to find a babysitter. That homeless guy would need to hitchhike to the polls, and then once he got there jump through all the residency and voter registration hoops. Illegal immigrants: also not registered to vote, generally. Gangbangers were generally against Clinton because she called them "superpreditors" in 1996.
If you don't believe me, try being an election judge. You will see first hand how these people really don't vote at all.
The response from The National Association of Secretaries of State was:
"While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results."
I hate to say it, but that sure sounds like they just issued a challenge.
http://www.geoffreylandis.com
How's this news? Some script kiddies hack a website and change something related to reported vote counts? Basically they created fake news. nothing more.
Call me when somebody hacks the systems that actually collect and count the votes and gets the certified results changed.
Until then, we are spitting into the wind with all these "SOMEBODY HACKED THE ELECTION RESULTS" stories, they are nothing but fake news, designed to inflame. We don't need this garbage.
"While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results." https://www.nass.org/node/1511
You're forgetting West Virginia that is allowing online voting with your smartphone. https://www.wired.com/story/sm...
Also, modding me offtopic but not the also offtopic comment I was replying to...
Seemed little point in that, since it's modded "-1 troll".
When I have a limited amount of mod points, I will mod down the highest-ranked off-topic points first. If your off-topic post is the higher rated, you'll get modded down before the lower-rated off-topic post to which you responded.
I guess it's the right that takes the 'most butthurt by fafalone's unending disdain of both right and left' award today, though maybe this comment will get the center good and pissed too.
Of course there is no need for machine voting. Time that is required to count the votes is relatively short, even if it takes a day. Computers should only be used to verify the human performed count.
The opposite works slightly better: humans used to verify the machine-performed count.
It works better because if there is a flaw, I would want to see humans in the loop doing the final count.
http://www.geoffreylandis.com
That's just not true in the US. Here a typical ballot may consistent of a hundred different races. Ballot initiatives, sheriff's races, county commissioners, mayor, treasurer, judges, state reps, etc. It adds up. Hand counting each and every one of those is infeasible. The solution is two fold:
...
No, you missed a third solution: don't put so much stuff on the ballot.
Having a hundred different things on the ballot does not make democracy more democratic, it makes democracy work less effectively. Voters aren't paid; there is zero chance that any substantial fraction will do the work required to analyze a hundred different races.
Ballots with a hundred issues and races is the voting equivalent of micromanagement.
http://www.geoffreylandis.com
While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results.
While the preliminary results are by definition not final and not official, they do matter. What people *think* the results are can lead to riots. If the preliminary results are radically different than the final results, people lose confidence in the election process. If results (accurate or not) are published prior to the polls closing, people supporting the "winning" candidate may opt not to vote at the last minute, whereas those in support of the "losing" candidate may rush to the polls. If one wanted candidate A to win, they could hack the web server, and publish early results indicating that candidate B was winning, thus encouraging the desired turnout prior to polls closing.
Instead of a mentally one in 2016.
Disclosure: My Wife was/is part of the organization team so Im posting as AC for this one. The whole thing was a publicity stunt and you shouldn't believe too much of what you read
They kids did not use any type of SQL injection, it was part of the propaganda plan but too complex in execution for the kids. The only way to make it work was an obvious setup which they wanted to try and keep away from. The SD cards (which are normally locked away in the cabinet and not accessible) were similar in structure to a normal voting machine but everything was in plain text instead of hashed. The only things that was actually done by any kids without it being a setup were HTML element changes, which some were given training on beforehand. This HTML changes were done on a simplified replica of a site that displayed voting results from manual input, nothing at all to do with voting machines.
Simply put here were no hacks on voting machines (that element was sensibly pulled because it was just pure fraud) and no hacks on websites. The whole thing is just for publicity
"preliminary, unofficial results for the public and the media"
So reported results and official results don't matter if they differ? Public perception of the validity of the voting process isn't called into question, recounts don't happen? Crazy people aren't incited to revolt?
BeauHD is a communist. That's why he posts fake news headlines like this.
4chan has been demonstrating for YEARS that a person with the intellectual capacity of a second grader can manipulate and deface websites.
Also, if you are concerned about the possibility of influencing an election by misreporting the results, just look at what all those bullshit polls and surveys did for Clinton's campaign two years ago.
The experts say, "But the organization expressed skepticism over the hackers' abilities to access the actual state websites. "It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols,""
What an idiot.
I hope someone hacks the shit out those "unique networks and custom-built databases with new and updated security protocols".
I'm glad SOMEONE is trying to secure our elections, since the people in power seem to have no interest in doing so... almost as if securing elections and ensuring the results are NOT fraudulent is against the interests of the people in power. Makes sense when you think about it, since their being put IN power,
was through entirely fraudulent means in the first place, so of course they're not going to have any interest in doing something that might interfere with their holding onto their fraudulently-obtained authority.
I have no more faith or confidence in our government or its legitimacy. World War III was just fought, and no one noticed because the weapons used were even more powerful and destructive than the nuclear bombs everyone was convinced World War III would be fought with. This is the INFORMATION age, not the ATOMIC age, and so the weapons are of course, information-based, not atomic. Incidentally, we lost.
Russia is now, for all intents and purposes, the world's lone super-power, (though China and others might challenge that, it's not a real challenge, for now,) and Vladimir Putin is our king. King of the World, really, since he is now able to do whatever he wants and no one can stop him.
It is at this point that, on Slashdot, it would be customary to welcome our new Russian overlord, but I just can't bring myself to welcome this particular overlord, even in jest.
Our reign has gone on long enough. Indeed. Summon the meteors.
Fake news. Misleading title, bullshit story that doesn't really mean what they pretend it does to get clicks. Things have kinda slid downhill around here.
But now it seems defcon is working with the media to spread FUD.
The exercise seems to be designed only to generate this kind of FUD spreading by the media.