Slashdot Mirror

← Back to Stories (view on slashdot.org)

11-Year-Old Changes Election Results On Florida's Website: Defcon 2018 (pbs.org)

Posted by BeauHD on from the child's-play dept.

UnknowingFool writes: At this year's DEFCON, a group of 50 children aged 8 to 16 participated in a hack of 13 imitation election websites. One 11-year-old boy changed the voting results in 10 minutes. A 11 year-old-girl was also able to change the voting results in 30 minutes. Overall, more than 30 of the 50 children were able to hack the websites in some form. The so-called "DEFCON Voting Machine Hacking Village" allowed kids the chance to manipulate vote tallies, party names, candidate names and vote count totals. The 11-year-old girl was able to triple the number of votes found on the website in under 15 minutes.

The National Association of Secretaries of State said in a statement that it is "ready to work with civic-minded members of the DEFCON community wanting to become part of a proactive team effort to secure our elections." But the organization expressed skepticism over the hackers' abilities to access the actual state websites. "It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols," it read. "While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results."

80 of 202 comments (clear)

  1. Misleading Title by _Sharp'r_ · · Score: 5, Insightful

    11-Year-Old Changes Election Results On Florida's Website: Defcon 2018

    should actually be:

    11-Year-Old Changes Numbers Displayed On Faked Replica HTML Page Setup to be Changed by Kids: Defcon 2018

    --
    The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
    1. Re:Misleading Title by Tunefix · · Score: 3, Informative

      Apparently they used simple techniques such as SQL-injection, and swapping accessible SD-cards on the poll-book-machines.
      Also, on the SD-cards pulled from the machines, they found usernames and passwords in plaintext.

    2. Re:Misleading Title by Anonymous Coward · · Score: 2, Insightful

      Likely it is something like that. However, there is NO reason at all, none, not a single reason in the universe, to have any form of automated vote counting. To have electronic voting. To have mechanized voting. I mean, what the flying fuck.... you get a card, you mark an X on it, and you're done.

      Here we have representatives from each party, at each voting site, counting the vote together. And we have up to 6 or 7 legitimate parties, even in Federal elections! There is no benefit for mechanized or electronic voting, or counting. None. Nada.

      If someone is going to blather on about "counting", ffs. It's not that hard, at all. We have all those parties, and we get counts an hour after polls close.

      Some things do NOT need to be improved. Ever!

      And the cost to democracy is waaaaaay, way too high.

    3. Re:Misleading Title by AmiMoJo · · Score: 5, Interesting

      Which is normally how security demos work, because hacking the real site would be illegal.

      The point here is that those sites are vulnerable to literal script kiddie attacks. While the government tries to hand wave it away as just an attack on a site showing preliminary results and correctly points out that such a site would not be used to make the official determination of who won, that's missing the point.

      These days such a hack would spawn a brand new QAnon-style conspiracy theory, pushed on social media by the same people did the hack. It would further erode trust in the electoral system, which leads to lower turnout next time. It makes the whole process look like some dictatorship doing a bad job of rigging the votes.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    4. Re:Misleading Title by asylumx · · Score: 1

      The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.

      When I first read this, I tried to figure out which party was which. Then I realized it doesn't matter. Great quote.

    5. Re: Misleading Title by Highdude702 · · Score: 1

      https://www.youtube.com/result...

      youre even lazier than ever

    6. Re: Misleading Title by Highdude702 · · Score: 1

      think you just about covered everyone on earth. you must be a xenophobic alien. i guess still better than an illegal alien.

    7. Re: Misleading Title by Luckyo · · Score: 2, Insightful

      The sad part of this narrative is that you take something that is factually correct and should be used to beat the guilty party into submission to paint an innocent party.

      Yes, what was done to police force in UK is fucking horrifying. But it wasn't the media that did it. At most, it is complicit, but the main act was by someone else. It was the government, driven by anti-Western ideologues that its university are now producing. Read the 1998 McPherson report. It literally states that it has found no evidence for any systemic racism in Metropolitan police service or Crown Prosecution Service. And then goes to conclude that both of those parties were institutionally racist. It literally took the innocent people, concluded that it had no evidence of their wrongdoing, and then publicly hanged them for the crimes that they had no evidence for.

      After this, police were utterly horrified of even the mentioning of the word racist toward them, and for a good reason. And it had nothing to do with "jews" or "media" at that point. It had everything to do with McPherson's witch hunt and government's will to go with it.

      And this witch hunt has continued ever since, since the progressive movement with its ultimate goal of destruction of Western civilization took this decision and used it in media among other places to terrorize both the police and prosecution services in UK ever since.

      So put blame on correct people. Your target for blame should be McPherson and his progressive cronies first and foremost, and people in government who haven't touched the report itself, and instead simply read the conclusions and took them for granted.

    8. Re: Misleading Title by Anonymous Coward · · Score: 1

      "Hand counting each and every one of those is infeasible."

      Yet hand counting was exactly the way it was done for well over two hundred years.

    9. Re:Misleading Title by Toad-san · · Score: 1

      True that.

    10. Re:Misleading Title by Anonymous Coward · · Score: 1

      No, the sites aren't even replicas of the actual vote records and tallies, they are replicas of the systems used to display the results.

      Which, unsurprisingly, would exist even if voting was done on paper.

    11. Re: Misleading Title by shplopt · · Score: 1

      Centrist extremism is a pretty well known phenomenon. It usually hinges on the horseshoe fallacy, which itself depends on an abstract left-right polarity that not many people actually fit into. It's often associated with flawed concepts such as objective truth, pure rationality, positivist logic, etc. It doesn't hold up to scrutiny is what I'm saying.

    12. Re: Misleading Title by GLMDesigns · · Score: 1, Troll

      Really you dumb fuk? You haven't heard about this before? You haven't heard of Tommy Robinson who was put into prison? If you really haven't heard about this ish before you need to take your head out of your a$$.

      Government agencies from San Francisco to Stockholm to Berlin to London have had issues and have covered it up. Not all the rape and crime issues are the same. It's the silencing of reporting that counts.

      https://sanfrancisco.cbslocal....
      https://www.washingtonpost.com...
      https://www.independent.co.uk/...
      https://www.bbc.com/news/uk-en...
      https://www.bloomberg.com/news...
      http://wjla.com/news/inside-yo...

      I haven't vetted these articles. It just shows that if you were at all paying attention you would have seen this.

      What's as disturbing as the physical violence is the coordinated news blackout. This is horrible. Not discussing a problem doesn't make it go away.

      --
      If you're scared of your govt then you need to further restrict its powers
      Vote 3rd Party in 2016 and beyond
    13. Re:Misleading Title by Junta · · Score: 1

      It may be going too far to claim them to be 'replicas' and more like 'mockups of something that vaguely resembles the actual site'.

      At least, that is the claim of the government. Meaning one of: the government helped and admits their mockups aren't reflective of the genuine implementation, the government had nothing to do with it and thus the organizers were just making a mockup, or the government is lying.

      Given the age range, and the overwhelming success, but no 'the sky is falling' prior to the exercise despite many concerned researchers looking at it, I'm leaning toward this was a themed exercise to have a competition for the kids than an actual model of what's happening in reality.

      --
      XML is like violence. If it doesn't solve the problem, use more.
    14. Re:Misleading Title by mark-t · · Score: 1

      Likely it is something like that. However, there is NO reason at all, none, not a single reason in the universe, to have any form of automated vote counting. ....

      If someone is going to blather on about "counting", ffs. It's not that hard, at all. We have all those parties, and we get counts an hour after polls close.

      I agree.... but just because it's not hard to do, and doesn't even take very long doesn't mean that it's not a reason.

      There is a difference between not having any reason and not having any good or justifiable reason.

      --
      File under 'M' for 'Manic ranting'
    15. Re:Misleading Title by mark-t · · Score: 1

      Human error is likely to average out over a large number of votes, however it is hard to hack a large number of human counters, computers on the other hand are easy to hack.

      This. Exactly.

      The simple solution is, use computers only for counting and not for casting votes.

      I would argue that you don't even need this... counting is not difficult, and if you have at least two people counting the same ballots, then you've got redundancy that can often catch errors by even a single vote. If there are discrepancies, you recount the votes at the station where the discrepancies occur right then. The whole process shouldn't take more than an hour, and probably much less.

      --
      File under 'M' for 'Manic ranting'
    16. Re: Misleading Title by omnichad · · Score: 2

      I think you'll find that stupidity is a fully bipartisan thing.

    17. Re: Misleading Title by AmiMoJo · · Score: 1

      Keeping in mind that a regular, or garden-variety centrist is one who believes that solutions to problems that provide the greatest good for the greatest number,

      Centrists are people who believe in a balance of social equality/justice and hierarchy. Supporting things that produce the greatest good for the greatest number of people only goes so far as to not do serious harm to or seriously disadvantage anyone.

      For example, taking strident voices and shooting them would be a step too far for centrists... I know you are only joking but it seemed like a good example.

      What you want is utilitarianism.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    18. Re: Misleading Title by spyfrog · · Score: 1

      So? Have the percentage of your population that can count decreased? A larger population also means more people available to count the votes - this is a system that scale beautifully.

    19. Re: Misleading Title by HornWumpus · · Score: 1

      I bagged 5 with the national guard at Kent state. Nothing like Hippie honey...

      Odorous.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    20. Re:Misleading Title by BinBoy · · Score: 1

      Nobody would click on the honest title.

    21. Re: Misleading Title by Luckyo · · Score: 1

      I have never, not even once suggested that McPherson was a progressive. There's a reason why there's "and" separator between "McPherson" and "his progressive cronies".

      Notably, you acted in the very similar way to what was in that report. You condemn me based on something I have never done.

    22. Re: Misleading Title by thomst · · Score: 1

      FWIW - I'm somewhat amused to discover that mods have so far twice chosen to mod the above -1 Offtopic.

      I was expecting +1 Funny - but then I realized I should not have placed that much faith in the perspicacity and sense of the absurd in moderators here. After all, this is Slashdot, where humor apparently has no place in discussions of politics ...

      --
      Check out my novel.
  2. We need a visible and unambiguous hack to occur by Bruce66423 · · Score: 2

    Something like Bill Gates winning a House of Representatives seat for which he didn't stand with 100% of the vote. Until something that visible occurs, this will remain a phony war.

    1. Re:We need a visible and unambiguous hack to occur by Opportunist · · Score: 3, Insightful

      And why would I do that when I could make Senator A president, become a billionaire in the process and get perpetual legal immunity? It sure beats being hunted down by every three-letter-agency in the US for showing that the emperor has no clothes and then spending the rest of my life in the worst kind of prison in an attempt to not only have the world forget me but also to send a message to everyone who'd dare to repeat my stunt.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:We need a visible and unambiguous hack to occur by Buchenskjoll · · Score: 2, Informative

      Why don't all American hackers get together to hack the election and get some ridiculous clown elected as president to prove how vulnerable the election system is?

      Hey..., wait... did you already do that?

      --
      -- Make America hate again!
    3. Re:We need a visible and unambiguous hack to occur by Anonymous Coward · · Score: 1, Insightful

      Try looking at the videos of Trump's election campaign speeches to see the size of the crowds that attended, versus the size of the crowds that attended Clinton's campaign speeches. Notice something? Trump had about FIVE TIMES as many people at his events. Why is that? Because you're an idiot who believes everything the media tells you, and you actually believe that Clinton had 50% of the population supporting her - she clearly did not - as proved by the best evidence possible - the number of people who attended her rallies.

      Anything to say?

    4. Re:We need a visible and unambiguous hack to occur by Buchenskjoll · · Score: 1

      I see nothing in your post that contradicts that some ridiculous clown was elected.

      --
      -- Make America hate again!
    5. Re:We need a visible and unambiguous hack to occur by Anonymous Coward · · Score: 1

      i guess none of them bothered to go to the smallest inauguration ever captured on tape then.

      I didn't go for two reasons. 1. I have a job and it would have required two to three days off to get there. 2. I knew the protestors would be out in force and I don't have time for that crap or want to risk it in DC where I cannot legally carry.

      I suspect that the difference from the previous Jan 20'th form 4 years previous was FRIDAY vrs SUNDAY.

    6. Re:We need a visible and unambiguous hack to occur by Geoffrey.landis · · Score: 1

      Yep. Nevertheless, the article cited shows some pretty shocking stuff:

        "We've looked at poor voting security in the state previously. In 2017, a report by a Georgian security researcher revealed a shocking lack of security throughout the state's voting system. Later that year, we discovered that servers that were thought to be key evidence for the same federal lawsuit that has led to this week's news were wiped, then repeatedly degaussed."

      I'm a little disturbed that in response to a federal lawsuit over election results, the people running the election destroyed the evidence including the backup servers. This, I would think, should be obstruction of justice, and definitely contempt of court. (Not to mention violation of the Georgia State law on record retention.)

      --
      http://www.geoffreylandis.com
  3. Finally by 93+Escort+Wagon · · Score: 2

    ”The 11-year-old girl was able to triple the number of votes found on the website in under 15 minutes.”

    At last we know who to blame regarding the elephants in Africa!

    --
    #DeleteChrome
  4. A Replica ? by csmithers · · Score: 1

    Certainly impressive hacking skills, but how can anyone know that the "replica" of the Florida election site is identical to the real site. They need to be able to hack into the real site.

    1. Re:A Replica ? by sjames · · Score: 2

      Contributing to the delinquency of a minor, such as encouraging them to hack the real page, would be a crime. Suggestions?

    2. Re:A Replica ? by bill_mcgonigle · · Score: 1

      Contributing to the delinquency of a minor, such as encouraging them to hack the real page, would be a crime. Suggestions?

      Seems to me that persuading a kid to challenge authority would be sufficient evidence in most courts of contributing to delinquency; the actual hacking attempt would just be symptomatic.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    3. Re:A Replica ? by sjames · · Score: 1

      It would be enough that the courts and prosecutor would WANT to find you guilty, but they'd still be stretching.

  5. Damn, now they have 11-year-old sleepers! by Archtech · · Score: 4, Funny

    "One 11-year-old boy changed the voting results in 10 minutes. A 11 year-old-girl was also able to change the voting results in 30 minutes".

    But is he Russian?

    That's all that matters.

    --
    I am sure that there are many other solipsists out there.
    1. Re:Damn, now they have 11-year-old sleepers! by Anonymous Coward · · Score: 1

      To be honest when I go vote I can change the voting results in less than 1 second. I put my paper ballot in, and voila, the results are changed!

      Not sure if that counts as "hacking" but hey, I'm a logician.

    2. Re:Damn, now they have 11-year-old sleepers! by Highdude702 · · Score: 1

      If you look at todays definition of hacking, youre the leet.

    3. Re:Damn, now they have 11-year-old sleepers! by c · · Score: 2, Informative

      But is he Russian?

      That's all that matters.

      Nonsense. What matters is that the boy and the girl both got the same pay for the hack.

      --
      Log in or piss off.
    4. Re:Damn, now they have 11-year-old sleepers! by Type44Q · · Score: 1

      But is he Russian?

      According to Fire Marshall Bill, it was Nate Romanoff, an 11 year old transgendered Russian ballet dancer and trained assassin...

    5. Re:Damn, now they have 11-year-old sleepers! by jbn-o · · Score: 1

      But is he Russian?

      RT shows these claims including a child from this contest saying much the same thing. This doesn't legitimate the ongoing Russiagate accusations but it helps to further other ends.

      --
      Digital Citizen
  6. Hack an election with paper trail by Anonymous Coward · · Score: 4, Interesting

    OR.... hack an election with the paper audit trail type voting machines, then challenge the result. The recount of the paper trail vs the machine will show the fraudulent nature of the machine count.

    If you look at the current state of voting machine, you'll been dismayed. Pennsylvania still has paperless voting machines, it still cannot verify the election result and its not the only state to get unexpected voting results.

    https://www.buzzfeednews.com/article/kevincollier/the-voting-machines-in-pennsylvanias-18th-dont-leave-a

    The only fix for that is to show how the paper trail reveals the fraud, then block the use of these Fisher Price voting machines in court so trustable paper voting can be used.

    1. Re:Hack an election with paper trail by Anonymous Coward · · Score: 1

      To be effective, the hack has to be totally plausible, then totally confirmed to be fake.

      A voting machine that adds 'Bill Gates" to the roll, would immediately be noticed and blocked. And people would pat themselves on the back that they'd caught this error, and so would catch any future error..... it would *encourage* their complacency if anything.

      On other other hand, one where a voter wins with 1% more of the vote, and everything *appears* fine and in order, and they're all patting themselves on the back at running a hack free election, which they then certify..... ....that then turns out to be totally fake, with none of the voting machines matching their paper audit trails in any way at all.... suddenly that's a big wake up call to get their security shit together.

      Hacking an *auditable* machine, would confirm how the lack of *audit* permits fraud.

      I thought they'd all switched to paper audit trails, and random cross verification etc. but as I read up on it, Pennsylvania, Florida, Virginia, are swing states running electronic voting with no paper trail. They cannot verify the election in these states. Any hacking software could change the result, delete the hack software and there would be no way of telling and no trace left behind. Any malicious actor could run that software, set the result they want and nobody could verify it.

      https://ballotpedia.org/Voting_methods_and_equipment_by_state

    2. Re:Hack an election with paper trail by bluefoxlucid · · Score: 1

      We can make election machines verifiable; it requires some strict integrity protocols. You have no integrity if you don't have public observers and known-good ballot boxes.

      Today, we have black-box EVMs and poor public understanding of elections security, which has lead to people rushing back to paper ballots without even fully protecting paper ballot integrity. If you had proper handling procedures, you would start with known-good software images for EVMs (yes, that means those images are public, published ahead of time, and verified by public observers at poll open), and provable ballot sets coming off the EVMs.

      The public at large could look at the elections Web site and validate each set of ballots to ensure that they match with a real ballot set from each polling center. None dropped, none added. You'd still have the questionable paper mail-in ballots; however, practical integrity concerns are marginal, and the amount of tampering in mail-in paper ballots is acceptable compared to the impact of disenfranchising absentee voters.

      For certain types of absentee voting--such as deployed military voting, voting on-site at assisted living centers, and prison voting--we can carry out absentee elections, with video recording and all present personnel as public observers, obtaining the same integrity guarantees despite not being able to bring people to domestic polling centers. Essentially, we can make mobile polling centers; we just need too many people around to conduct any funny business.

      --
      Support my political activism on Patreon.
  7. how about by ooloorie · · Score: 1

    The National Association of Secretaries of State said in a statement that it is "ready to work with civic-minded members of the DEFCON community wanting to become part of a proactive team effort to secure our elections."

    How about you do your f*cking job and secure our elections, or you get fired and/or imprisoned?

  8. Mission Accomplished by hyades1 · · Score: 2

    "They need to be able to hack into the real site"

    https://www.reuters.com/article/us-usa-election-security/u-s-senator-says-russians-have-penetrated-florida-election-systems-tampa-bay-times-idUSKBN1KU003

    --
    I've calculated my velocity with such exquisite precision that I have no idea where I am.
  9. Relevant by NicknameUnavailable · · Score: 3, Informative

    https://xkcd.com/2030/

    1. Re:Relevant by ftobin · · Score: 2

      Also relevant: https://xkcd.com/932/

  10. Minor Issue by mentil · · Score: 1

    Minors are taking suffrage into their own hands, I see.

    --
    Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
  11. Short sighted by misnohmer · · Score: 2

    Apparently manipulation what is being reported on election night isn't a big deal? What if for example seeing "Candidate A declared a projected winner by all stations" causes people planning to vote for the opponent to simply stay home thinking the election has already been decided?

    1. Re:Short sighted by TheCowSaysMoo · · Score: 1

      That's not how election night (or general post-election) coverage works.

      First, election websites only show what polling locations report AFTER the polling locations are closed. All polling locations in a locality close at the same time (unless they stay open later for long lines, etc.) and then begin tallying and reporting to the election authorities. As the election authorities receive and validate results after the closure of all polling locations, they update the website. [Source: my best friend is an officer of election]

      Second, all (legitimate) news outlets refrain from projecting/declaring a winner until after all polls related to that election are closed to prevent this very thing. For example, CNN makes this expressly clear in their editorial policy: "CNN editorial policy strictly prohibits reporting winners or characterizing the outcome of a statewide contest in any state before all the polls are scheduled to close in every precinct in that state."
      http://www.cnn.com/2008/POLITI...

      The projections you see/hear immediately after the polls close is based on exit polls, pre-election polls, past elections, etc. It's why they're sometimes wrong. It's also why news outlets will hold off on projecting a winner if exit poll numbers aren't aligning with their pre-election projections.

      So, no, hacking an election website is not a big deal. It's the equivalent of hacking ESPN. Changing the score on the website does not actually change the score of the match.

    2. Re:Short sighted by omnichad · · Score: 1

      Isn't this what happened with the primaries?

    3. Re:Short sighted by grep+-v+'.*'+* · · Score: 1

      planning to vote for the opponent to simply stay home thinking the election has already been decided

      OH -- you mean for national elections, not local. Yeah, Hawaii's always been screwed with that. Hours before their polls even close "the election's already been decided" by the mainland, and has been that way for years (decades.) I wonder why they bother to vote at all.

      Until ALL polling stations close the shouldn't report early results or guestimates. That wouldn't fly though, all the newscasters would all have heads, bladders, or lungs exploded by then from them holding it in for so long

      HEY, WAIT......

      --
      If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
    4. Re:Short sighted by Obfuscant · · Score: 1

      First, election websites only show what polling locations report AFTER the polling locations are closed. All polling locations in a locality close at the same time (unless they stay open later for long lines, etc.) and then begin tallying and reporting to the election authorities.

      Unless, of course, the "locality" is "the entire US". I have seen no issues claimed or reported with local elections producing early results, simply because local election boards understand the issue and have all their polling places close at the same time.

      The issue only comes up during US Presidential elections, where the local polling places span 7 time zones. And each media outlet is anxious to get street cred by announcing the right projected winner.

      Second, all (legitimate) news outlets refrain from projecting/declaring a winner until after all polls related to that election are closed to prevent this very thing.

      I'm so glad that you thought enough about the issue to try to use the adjective "legitimate", but when ALL news outlets are rushing to declare results and guess at who won before the last polls close, it's a waste of characters.

      I guess you've never actually watched the election results for a national election, have you? All the east coast states start posting their vote totals as soon as the polls there close, which is three hours before they close on the west coast, and six hours before Hawaii. The news media starts reporting those totals as soon as they appear. First amendment, you know. And there's even one town in NH, I think it is, where the polls close at noon because there's only seven registered voters and they want to be the first to report the results.

      That means that at 5PM, before a lot of people even get off work on the west coast, they can start hearing the results from New York and other Eastern time zone states.

      "CNN editorial policy strictly prohibits reporting winners or characterizing the outcome of a statewide contest in any state before all the polls are scheduled to close in every precinct in that state."

      Goody for them. Now apply that to national elections.

      The projections you see/hear immediately after the polls close is based on exit polls, pre-election polls, past elections, etc.

      It's quite a quandary, isn't it? On the one hand, "exit polls" aren't really results and have no effect on the outcome, apparently. It doesn't matter if exit polls are published before all the polling places are closed because they don't mean anything. But then, when the outcome doesn't match the exit polls, the exit polls mean something and are significant. There must have been fraud if the exit polls and the outcome don't match.

      You can't have it both ways.

      So, no, hacking an election website is not a big deal.

      It COULD be a big deal, if it is an east coast state and it does impact the turnout in other states where the polls haven't closed yet.

      BUT, hacking an "imitation" website that looks like a page reporting the result is no big deal, and the headline for this article is a patent lie. No, a child did NOT change the Florida election website. Period.

    5. Re:Short sighted by vandamme · · Score: 1

      That doesn't work. Since I live in New York and it was decided for Clinton months before the election, I voted for Trump so you couldn't blame me. Didn't turn out well.

      Come to think of it, there was no scenario where the election could have turned out well.

  12. Misleading Analysis by Anonymous Coward · · Score: 1

    Hacking the displayed info is a legit issue. Its a sign that the rest of the infrastructure is likely to be similarly poorly defended. One-off systems — like tabulation and voter registration — are inherently more fragile than mass-market systems that have had hundreds millions of hours worth of real world deployment to work the bugs out.

    If they can't secure the most basic stuff, the stuff that everybody knows how to secure because its all common building blocks that have been vetted in hundreds of thousands of other systems, then we should not have any confidence that the more esoteric stuff is secured.

    And that's just assuming human error. When you start seeing malicious efforts by the people running the systems, it gets much worse. For example, Russians secretly bought the company handling Maryland's elections systems software.

    Imagine what insiders like that could do. They don't even have to hack the vote themselves, just "accidentally" leave in security vulnerabilities that the GRU hackers come along and exploit separately.

    1. Re:Misleading Analysis by _Sharp'r_ · · Score: 1

      Sure, but that's not what they did here. They made a faked mock-up designed to look similar to the actual site in the resulting html. That's where the resemblance to the real State website ended. The didn't replicate the architecture of the actual sites, it was basically a "If you do this, this happens" demo, then they let the kids play around with what they'd shown them in the demo environment.

      --
      The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
    2. Re:Misleading Analysis by jgdnavy · · Score: 1

      Also, while having an insecure website is not a positive sign, it's possible the organization took the (arguably technically correct but incorrect from a public relations view) that the website, not being part of the actual vote counting apparatus, was not particularly important to secure. If the actual vote counting infrastructure provided a secure read-only access to the website, the organizatoin may have decided to spend limited development dollars on securing the actual voting machines rather than the unofficial website.

  13. quite a summary by cascadingstylesheet · · Score: 4, Informative

    11 year old changes election results! ... er no, news about results posted to a website ... er, no, not an actual website, a fake one ...

    Sheesh. I can always count on /.

    1. Re:quite a summary by Junta · · Score: 1

      Yeah, as far as I can tell, this was an election themed kids hacking competition, designed for them to be able to succeed in large numbers.

      --
      XML is like violence. If it doesn't solve the problem, use more.
  14. These comments all miss the point by NEDHead · · Score: 1

    Why is our sexist bias such that young women are not competitive in this sort of activity?

    So much slower than the young men! Sad!!

  15. Re: We need a visible and unambiguous hack to occu by Anonymous Coward · · Score: 1

    They don't really. Without some kind of conspiracy, they have no practical way to get to the polls. That mom with 6 kids on welfare would need to find a babysitter. That homeless guy would need to hitchhike to the polls, and then once he got there jump through all the residency and voter registration hoops. Illegal immigrants: also not registered to vote, generally. Gangbangers were generally against Clinton because she called them "superpreditors" in 1996.

    If you don't believe me, try being an election judge. You will see first hand how these people really don't vote at all.

  16. Challenge from National Association by Geoffrey.landis · · Score: 1

    The response from The National Association of Secretaries of State was:
    "While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results."

    I hate to say it, but that sure sounds like they just issued a challenge.

    --
    http://www.geoffreylandis.com
  17. West Virginia by oh_my_080980980 · · Score: 1

    "While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results." https://www.nass.org/node/1511

    You're forgetting West Virginia that is allowing online voting with your smartphone. https://www.wired.com/story/sm...

  18. Humans in the loop by Geoffrey.landis · · Score: 1

    Of course there is no need for machine voting. Time that is required to count the votes is relatively short, even if it takes a day. Computers should only be used to verify the human performed count.

    The opposite works slightly better: humans used to verify the machine-performed count.

    It works better because if there is a flaw, I would want to see humans in the loop doing the final count.

    --
    http://www.geoffreylandis.com
  19. Solution is three-fold [Re:Misleading Title] by Geoffrey.landis · · Score: 1

    That's just not true in the US. Here a typical ballot may consistent of a hundred different races. Ballot initiatives, sheriff's races, county commissioners, mayor, treasurer, judges, state reps, etc. It adds up. Hand counting each and every one of those is infeasible. The solution is two fold:

    ...

    No, you missed a third solution: don't put so much stuff on the ballot.

    Having a hundred different things on the ballot does not make democracy more democratic, it makes democracy work less effectively. Voters aren't paid; there is zero chance that any substantial fraction will do the work required to analyze a hundred different races.

    Ballots with a hundred issues and races is the voting equivalent of micromanagement.

    --
    http://www.geoffreylandis.com
    1. Re: Solution is three-fold [Re:Misleading Title] by UnknowingFool · · Score: 1

      You make it sound like all these different ballots are only put there to frustrate the voter; they are there as required by law and because that is the point of voting. Barring the national election races, each state, county, city has their own elections of officials. That doesn't include any special districts the voter may reside. Now, to simplify the ballot, there could be multiple separate elections but that require organization and cost by the local authorities. The other thing that you are ignoring is that no one is required to vote on all the ballot measures. Some people vote on the elections they care about and ignore the rest. The vote is only counted as long one ballot is filled.

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
    2. Re: Solution is three-fold [Re:Misleading Title] by Geoffrey.landis · · Score: 1

      You make it sound like all these different ballots are only put there to frustrate the voter;

      No, I'm sure that frustrating the voters is not the purpose, merely an unintended side effect.

      they are there as required by law and because that is the point of voting. Barring the national election races, each state, county, city has their own elections of officials. That doesn't include any special districts the voter may reside. Now, to simplify the ballot, there could be multiple separate elections but that require organization and cost by the local authorities. The other thing that you are ignoring is that no one is required to vote on all the ballot measures. Some people vote on the elections they care about and ignore the rest. The vote is only counted as long one ballot is filled.

      Uh, did you actually just tell me that democracy works fine if most people didn't bother to vote for most of the elections because it's too hard?

      You do realize that what this means is that special interest groups-- for whom the minor issue and "unimportant" candidates are important-- dominate the results.

      --
      http://www.geoffreylandis.com
    3. Re: Solution is three-fold [Re:Misleading Title] by UnknowingFool · · Score: 1

      No what I said exactly is how you propose to "simplify" the elections other than not present the voter with all the ballots that are required by law?

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
    4. Re: Solution is three-fold [Re:Misleading Title] by Geoffrey.landis · · Score: 1

      No what I said exactly is how you propose to "simplify" the elections other than not present the voter with all the ballots that are required by law?

      Make different laws.

      --
      http://www.geoffreylandis.com
  20. Unofficial results matter by Nkwe · · Score: 1
    From the summary

    While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results.

    While the preliminary results are by definition not final and not official, they do matter. What people *think* the results are can lead to riots. If the preliminary results are radically different than the final results, people lose confidence in the election process. If results (accurate or not) are published prior to the polls closing, people supporting the "winning" candidate may opt not to vote at the last minute, whereas those in support of the "losing" candidate may rush to the polls. If one wanted candidate A to win, they could hack the web server, and publish early results indicating that candidate B was winning, thus encouraging the desired turnout prior to polls closing.

    1. Re:Unofficial results matter by PPH · · Score: 1

      What people *think* the results are can lead to riots.

      Pretty sad. With a 51 to 49% result (whichever way you think it went), the losing side should just shrug and say "That's the way it goes." It's not like a despot with a few percent of the population backing him (her) got into office.

      This country is built on the principle of individual liberty. Someone got elected you don't like? Big deal. Just carry on and things will be OK. If you really are so dependent on a mommy state to care for you, there's always the Soviet Union ..... or maybe not.

      --
      Have gnu, will travel.
  21. Re: Of course it could change actual votes by Geoffrey.landis · · Score: 1

    If the polls don't close until 8, they often publish preliminary results before the polls close.

    No, news media could publish exit poll results, but actual voting results--even preliminary results--aren't released until polls close. (And reputable news sources don't even publish exit poll results until the polls close.).

    But... if you can hack into the election website, it doesn't matter that the people running the website don't release results until the polls close, because they're not running the website. So you could publish anything you want any time you want.

    --
    http://www.geoffreylandis.com
  22. Re: Misleading Everything by Anonymous Coward · · Score: 1

    Disclosure: My Wife was/is part of the organization team so Im posting as AC for this one. The whole thing was a publicity stunt and you shouldn't believe too much of what you read

    They kids did not use any type of SQL injection, it was part of the propaganda plan but too complex in execution for the kids. The only way to make it work was an obvious setup which they wanted to try and keep away from. The SD cards (which are normally locked away in the cabinet and not accessible) were similar in structure to a normal voting machine but everything was in plain text instead of hashed. The only things that was actually done by any kids without it being a setup were HTML element changes, which some were given training on beforehand. This HTML changes were done on a simplified replica of a site that displayed voting results from manual input, nothing at all to do with voting machines.

    Simply put here were no hacks on voting machines (that element was sensibly pulled because it was just pure fraud) and no hacks on websites. The whole thing is just for publicity

  23. Re: Of course it could change actual votes by Obfuscant · · Score: 1

    No, news media could publish exit poll results, but actual voting results--even preliminary results--aren't released until polls close. (And reputable news sources don't even publish exit poll results until the polls close.).

    All news media publish results as soon as they are available, and for national elections in the US that usually means three hours before the west coast polls close, and 6 hours before Hawaii's.

    I recall hearing exit poll results in the early afternoon here on the west coast, but certainly by 5PM the news is full of them. In case you're going to try handwaving away that as just "exit polls", then remember that exit polls are considered significant enough that some people will cry "fraud" if the exit polls show their candidate winning but the actual result doesn't match.

    As for your claim, I'll point you to Dixville Notch (a somewhat less unhappily named town compared to Dismal Nitch, WA), where:

    Dixville Notch is best known in connection with its longstanding middle-of-the-night vote in the U.S. presidential election, including during the New Hampshire primary (the first primary election in the U.S. presidential nomination process). In a tradition that started in the 1960 election, all the eligible voters in Dixville Notch gather at midnight in the ballroom of The Balsams. The voters cast their ballots and the polls are officially closed when all of the registered voters have voted - sometimes merely one minute later. The results of the Dixville Notch vote in both the New Hampshire primary and the general election are traditionally broadcast around the country immediately afterwards.

    So, 12:01AM Eastern time on election day, the first election results are published. Yet no "reputable" news source would do such a thing.

  24. Re: Of course it could change actual votes by Geoffrey.landis · · Score: 1

    I'm sorry we are talking about different things.

    In your example, you state that Dixville Notch publishes their results immediately after their polls close. That is echoing exactly what I said. They don't publish "preliminary" results before the polls close; they wait until the polls close and publish their results.

    Other polls in other places may still be open, yes.

    --
    http://www.geoffreylandis.com
  25. Re: Of course it could change actual votes by Obfuscant · · Score: 1

    That is echoing exactly what I said. They don't publish "preliminary" results before the polls close; they wait until the polls close and publish their results.

    They wait until THEIR polls close, yes. But the polls for almost every other place in their state, and in every other state in the Union, are still open. You said "the polls", not "their polls", and "the polls" are still open for the same election everywhere else.

    Other polls in other places may still be open, yes.

    Then "the polls" are not closed. It's the same damn election, voting for the same damn people. Trying to differentiate that THEIR polls are closed so it is just fine to publish the results when all the other polls are still open is ignoring the problem.

  26. Re: Of course it could change actual votes by Obfuscant · · Score: 1

    Oh, by the way, in the state of Oregon, where we have a special provision for super-majority on taxation measures that are on an other-than-regular election ballot, it is STANDARD PRACTICE for the election offices to publish preliminary results. Not the vote tally itself, but the percentage of returned ballots. That is of direct assistance to proposal supporters, because if the turnout is lagging it tells them their proposal cannot possibly pass. That's a call to get out more votes for them. In this case, the election results are not just votes yea and nay, but also percentage of registered voters. "We received 30% of the possible ballots" is a preliminary result.

  27. Re:Old, sad news by Ol+Olsoc · · Score: 1
    Apparetly there is a slashdotter who believes that the truth is a troll action.

    A perfect illustration of people who despite all evidence to the contrary. begger the imagination.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  28. Great job, /. by Anonymous Coward · · Score: 1

    Fake news. Misleading title, bullshit story that doesn't really mean what they pretend it does to get clicks. Things have kinda slid downhill around here.