Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security United States Government Privacy News Politics

Should We Ignore the South Carolina Election Hacking Story? (securityledger.com) 139

chicksdaddy provides five (or more) "good" reasons why we should ignore the South Carolina election hacking story that was reported yesterday. According to yesterday's reports, South Carolina's voter-registration system was hit with nearly 150,000 hack attempts on election day. Slashdot reader chicksdaddy writes from an opinion piece via The Security Ledger: What should we make of the latest reports from WSJ, The Hill, etc. that South Carolina's election systems were bombarded with 150,000 hacking attempts? Not much, argues Security Ledger in a news analysis that argues there are lots of good reasons to ignore this story, if not the very real problem of election hacking. The stories were based on this report from The South Carolina Election Commission. The key phrase in that report is "attempts to penetrate," Security Ledger notes. Information security professionals would refer to that by more mundane terms like "port scans" or probes. These are kind of the "dog bites man" stories of the cyber beat -- common (here's one from 2012 US News & World Report) but ill informed. "The kinds of undifferentiated scans that the report is talking about are the internet equivalent of people driving slowly past your house." While some of those 150,000 attempts may well be attempts to hack South Carolina's elections systems, many are undifferentiated, while some may be legitimate, if misdirected. Whatever the case, they're background noise on the internet and hardly unique to South Carolina's voter registration systems. They're certainly not evidence of sophisticated, nation-state efforts to crack the U.S. election system by Russia, China or anyone else, Security Ledger argues. "The problem with lumping all these 'hacking attempts' in the same breath as you talk about sophisticated and targeted attacks on the Clinton Campaign, the DCCC, and successful penetration of some state election boards is that it dramatically distorts the nature and scope of the threat to the U.S. election system which -- again -- is very real." The election story is one "that demands thoughtful and pointed reporting that can explore (and explode) efforts by foreign actors to subvert the U.S. vote and thus its democracy," the piece goes on to argue. "That's especially true in an environment in which regulators and elected officials seem strangely incurious about such incidents and disinclined to investigate them."
This discussion has been archived. No new comments can be posted.

Should We Ignore the South Carolina Election Hacking Story?

Comments Filter:
  • by elrous0 ( 869638 ) on Tuesday July 18, 2017 @05:46PM (#54835583)

    I pretty much just assume that any computer attached to the internet is being tested by hackers all the time. Why should election computers be any different?

    • by Anonymous Coward on Tuesday July 18, 2017 @06:09PM (#54835695)

      Because they shouldn't be attached to the internet?

      • And should be paper ballots.

        "Was the election hacked? The GOP says no because it won. The democrats respond with... actually breaking news, we cut back to the GOP who are defending the president's ability to punch the pope in the dick."

        Then if the democrats ever win again,

        "Was the election hacked? The GOP says liberal elitist hackers rigged the election. Democrats start to say something before the honorable senator from Iowa starts flinging his own poop at reporters, we go live to pooped-on report
    • Exactly. The NSA data center in Utah gets something like 300 MILLION hacking attempts a day. A non-story if ever there was one. Probably the reason it doesn't have legs is because some reporter breathlessly runs it by their IT folks, and they just roll their eyes.

      • by AK Marc ( 707885 )
        I've worked for a PHB, and he insists every non-conformant packet is an "attack", even when I had traced some of them back to a poorly written internal app. The idiot managers "alert" on every IPS/firewall hit/block, and claim every individual packet to be a separate "attack". Trying to justify his job, since his performance can't justify it. Numbers of "attacks" is meaningless without a clear definition of "attack".
      • No one placed a gun to your head to do your job, if you can't do it; it's OK to step aside.
    • I pretty much just assume that any computer attached to the internet is being tested by hackers all the time. Why should election computers be any different?

      Presumably there might be something different about who does it.

      Computers, whether or not they're used to manage elections, should be secured from people looking for vulnerabilities in order to steal data or money. But if hackers try to penetrate election computers, possibly with the intent to alter the results, then it seems important to follow up.

      If the CIA or NORAD were subjected to attempts to penetrate their computer systems, I doubt they would just shrug their shoulders and chalk it up to script kiddi

    • Try to hack the voting system 150000 times and it's a statistic... [quoteinvestigator.com]
      Try to do it once and you're likely a Trump voter. [vice.com]

    • by rthille ( 8526 )

      Election computers should be different, because they shouldn't be attached to the internet!

  • by Frosty Piss ( 770223 ) * on Tuesday July 18, 2017 @05:46PM (#54835585)

    The public-facing srvers I'm reponsible for are port-scanned thousends of times a day in addition to the SSH access attempts, but these are all so common that only a fool falls victim to this sort of thing, the basic protections are fairly elementary and catch most if not all such common garbage.

    • Non stop every day! I have about twenty offices, and each one is being consistently scanned. SIP ports have been very popular recently.

      And that's not even counting Shodan. I wonder how many of the "hacking attempts" it was responsible for...

  • Hell, we don't even have to investigate. An election has never been hacked, and cases of attacks are so few and far between that it doesn't make sense to even try to figure out how often this happens.

    • Re:Ignore? (Score:4, Funny)

      by Freischutz ( 4776131 ) on Tuesday July 18, 2017 @05:52PM (#54835615)

      Hell, we don't even have to investigate. An election has never been hacked, and cases of attacks are so few and far between that it doesn't make sense to even try to figure out how often this happens.

      Donald? Is that you?

      • No, it's me, a generic Democrat who thinks we don't have to investigate anything involving election fraud, unless it hurts one of our candidates.

      • by Anonymous Coward

        No its Obama from last November.

        There is only one known 'hacked' election last year. It was not the Trump v. Hillary matchup. Hillary had locked it up well before it started. It is in the emails leaked by a former burnout.

      • by gnick ( 1211984 )

        ...cases of attacks are so few and far between that it doesn't make sense to even try to figure out how often this happens.

        Donald? Is that you?

        Isn't DJT the one that claimed 3-5M illegal votes in the election? And ordered an investigation into the results? He's the one claiming the highest rate of voter fraud because he can't accept losing the popular vote. It seems odd to allege massive fraud in an election he won, but his ego is insatiable.

  • Perfectly willing to claim Trump was elected from vote hacking, utterly unwilling to investigate or question any votes - and in fact attempts to block those seeking to investigate voter hacking [politico.com].

    It is absurd to claim with as loose as protocol is around most voting systems, that there is not widespread voter fraud ongoing - probably "benefitting" both parties and screwing honest voters over with rigged elections across the country.

    • Actually, local polls tend to be very vigilant. While we make all the fuss about national candidates, the same elections usually also concern everyone down to dogcatcher and ordinances about how many chickens you can own.

      It would be hard for someone in Beijing to accurately fake such voting to provide a complete ballot while skewing national figures. While we make a big deal of where the polls went wrong, when the polls go straight into the Twilight Zone, people start hand-counting. Checks and balances also

    • Re: (Score:1, Informative)

      by buss_error ( 142273 )

      Perfectly willing to claim Trump was elected from vote hacking - er no. President Trump was elected by an out moded and no longer useful electoral college system, rather than a simple popular vote. Also, fear, fake news, and statements that play on the ignorance of his supporters and lack of imagination.

      utterly unwilling to investigate or question any votes er, no. There is no reason President Trump needs the names, ages social security numbers and party affiliation data from the States to investigate what

      • by 4im ( 181450 )

        Just to be clear, vote fraud is when someone casts a ballot when they aren't supposed to. Election fraud is things like passing ID requirements to vote.

        ... and election hacking is also manipulating voters into voting in a certain way - e.g. false news, unverified and biased social media posts, specially timed release of real information, etc. It doesn't necessarily mean attacks on the actual voting machines or tabulation process, or ballot stuffing.

        This just for completeness sake, as all too many /. poster

      • Perfectly willing to claim Trump was elected from vote hacking - er no. President Trump was elected by an out moded and no longer useful electoral college system, rather than a simple popular vote. Also, fear, fake news, and statements that play on the ignorance of his supporters and lack of imagination.

        Well, one of the biggest fake news is about the vote hacking. Probably, it is only surpassed by the DNC hacking fake news.

      • by Anonymous Coward

        "President Trump was elected by an out moded and no longer useful electoral college system, rather than a simple popular vote."

        Woah there cowboy. There's a reason straight-up popular votes aren't used, and it's called "Tyranny of the Majority". I don't like any more than you do that so many of my fellow Americans were retarded enough to elect an obvious con-man, but it isn't the system's fault. Though we really could use a better system, something that isn't based in the provably flawed first-past-the-post

      • The electoral college is an equalizer similar to the way each state gets 2 Senators and a population-proportionate number of Representatives.
        Without it, the mob rules (queue Black Sabbath from the Heavy Metal soundtrack.)
        Historically, it was created because Philadelphia would have been able to dictate to the entire country.
        Utter BS to your statement there is no vote fraud. You're playing semantic games. There has always been, and always will be, vote/election fraud. Otherwise, how to explain dead people vot

    • I saw what you did there. Voter Fraud != Election Hacking.

  • by cunina ( 986893 ) on Tuesday July 18, 2017 @06:07PM (#54835689)
    If it's such a "very real problem," then why has not one single media outlet actually explained how the election was "hacked?" We hear "Russians" twenty times a day, but no one actually points a single compromised voting system, nor any research that show Clinton would have won if hadn't been circulated. This, from a media that has become otherwise quite good at explaining things like quantum teleportation and CRISPR/CAS9 to the general population - but somehow lots of hand-waving about the "hacked election."
    • by gatfirls ( 1315141 ) on Tuesday July 18, 2017 @06:25PM (#54835793)

      There has been nonstop coverage about how the election was "hacked", of course that may not fit into your or others narrative that if they didn't directly hack voting machines then there is no "hacking" (let's call this the glove does not fit so you must acquit theory). There was the DNC hack and leaks and the disinformation campaigns that have been well covered and sourced to be either Russian government lead or by Russian parties with which we are unsure of their ties. You hear about Russia 20 times a day because the Trump campaign and Cabinet and close ties are oozing in unanswered questions/connections with regard to Russia and every day a new connection either direct or indirectly made.

      That is all non-partisan fact. Take of it what you will.

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        Story for you [dailymail.co.uk]

        Its also a non-partsian fact that not a SINGLE person is willing to testify in court that they have seen evidence of hacking the election.

        Under oath, Comey said the DNC refused the FBI's help in checking their servers. The company the DNC did hire is a DNC shell company that said the Russians did it. That company is also unwilling to testify that Russia did it now after some more information came out about them. That leaves the FBI with no ACTUAL evidence of Russia doing anything. When aske

      • Re: (Score:2, Funny)

        by Anonymous Coward

        Those e-mails hacked/leaked were confirmed to be genuine, i.e. real information about what those politicians stand for.

        Knowing what the politicians stand for is an important part of democracy.

        So, if you include those, you are really accusing Russia of democracy. If that's the worst accusation you can come up with - well, I'm sure Russia has been accused of worse things.

    • by azaris ( 699901 )

      As far public evidence goes, the "Russian interference" basically boils down to three prongs:

      1. Hacking into state voter registration to get detailed data for targetting voters in critical states. Comey stated publicly that Russians tried this hundreds of times through spearfishing attacks, but it is unclear how successful they actually were in accessing/tampering with voter registrations.

      2. Hacking and releasing e-mails from the DNC and John Podesta. We now know that more than one person unofficially a

  • Ummm, no? (Score:2, Insightful)

    Sorry for being painfully naive, but no, the election hacking thing, whether it be in SC or elsewhere is a Big Fucking Deal. We need to have confidence in the election results or no elected representative (note the use of the word "representative" and not "leader") can have the confidence of the people that he/she is legitimate.
    • by Anonymous Coward

      If a port scan "hacking" rocks your confidence in elections, you'd better be cowering in fear after I tell you about port scans on the local power company, water company, and - hold your hat - police & military web sites. WE'RE DOOMED!!!

  • The only burglar that pounds on your door 150,000 times is the meth-ed out one that's going to end up on "America's Dumbest Criminal's" or some other reality show. Likewise, good hackers do not advertise their presence like that. If this was a serious attack it would have begun months ago and with slow targeted scans that aren't going to draw attention and/or spearphishing. 150,000 "attacks" is not enough to even qualify as a DoS. This is common portscan activity and the sysadmin is either showboating f

  • Voter Fraud via the Presidential Commission.

  • by bobbied ( 2522392 ) on Tuesday July 18, 2017 @06:47PM (#54835903)

    More like man inhales story...

    I ran a basic web server for awhile at home a few years ago just for amusement on a Linux box running apache. It served up ONE static page that said something like "this is the only page on this server" and that was it. I got "attacked" thousands of times a week by the script kiddies running the IIS exploit attempt scripts, port scans and all sorts of things that I found a little bit amusing.

    Surely, during an election, ANY computer on the net associated with anything to do with voting would be a primary target of all the hackers out there trying to make a name for themselves....Oh Look at me! I broke in and disrupted the election!

    The fact is, this is not unusual..

  • by aberglas ( 991072 ) on Tuesday July 18, 2017 @07:11PM (#54835981)

    By the partizan electoral officials that control them. Heck, the Diabold machine was even found to have and "Adjust Votes" option on the menu, no need for any actual hacking.

    It amazes me that Americans put up with this grossly dubious system.

    I am sure that the Australian election was not hacked. I was one of the scrutineers who watched while every paper ballot (at a particular booth) was tallied. And then forwarded those subtotals on to the candidate themselves. No fuss. No court cases. Just transparency.

    • Remember the entire motivation behind electronic voting was because Florida Democrats were deemed too stupid to handle paper ballots. This "tragedy" cost Mr Gore the election.

      The 'proper' person didn't win, ergo, the system 'must be' broken.

      Like many theoretical exercises in logic, if you begin with such premises the rest make perfect sense.

      • One county issued illegal "butterfly" ballots. It was a bipartisan decision. Any halfway reasonable statistical analysis shows that it cost Gore the election, all other things being equal. The ballots did confuse the voters.

  • ... I've been a firewall jockey and the logs were fraught (new word of the day) with attempts to penetrate.

    Particularly interesting were the pokes at RDP [speedguide.net] (standard port 3389).

    I used RDP a lot back then but I went to the registry and changed the port to the last four digits of our firm's phone number as a mnemonic.

    So,

    mstsc /v:joemcnamara.trandoninc.com:8192

    gets Joe to his desktop.

    Another common attack point was FTP.

  • Hackers are most likely among the "slave labor" sent from NK to Russia in exchange for missile tech.
  • I've done support for security software, and you'd be amazed how many people, admins in this case, have no idea just how many port scanners and other such bots are out there looking for possible entry points into your system.
    I had a special box set up to be outside our firewalls, but isolated from the company network just in case, that I used to keep an eye on some of the traffic and to generate logs I could show people. I know that sounds like something for marketing, but it wasn't. Some people are a bit p
  • by SlaveToTheGrind ( 546262 ) on Wednesday July 19, 2017 @06:17AM (#54838041)

    Of all the states where someone might be trying to (undetectably) swing the result of an election through hacking, who in their right mind would pick South Carolina where Trump was already expected to win within the range of the 15 point margin he did?

    Yes, we should ignore this story for desperately grasping at straws to the point of extinguishing critical thinking.

  • My web and email server is hit by >15,000 attempts per minute. Fail2Ban, iptables recipes, a variety of DNS hardening, and a pile of other tools make this livable. And mail scanning helps also. Reverse DNS etc. also help.

    And this has been going on for more than decade. My logs from 1998 show steady attempts, and sometime around 2001 attacks picked up.

    So far as I can tell my servers haven't been compromised since 1998, and I still harbor a grudge against the the kids from Atlanta. I would punch every on

  • There are other reasons this post and many of the comments (what a surprise) are basically invalid; they ignore the structural protections of SC voting procedures.

    Echo the comments about hundreds of daily port scans. Use an enterprise-class firewall like UTM and see how often your IPs are probed to get an idea of what is really going on.

    SC requires people to be registered 30 days prior to an election. Computers used for the elections are not connected to the Internet. Printed materials and data are prepared

  • Come right here.. get your nothing burger... compliments of CNN, etc.

Algebraic symbols are used when you do not know what you are talking about. -- Philippe Schnoebelen

Working...