Should We Ignore the South Carolina Election Hacking Story? (securityledger.com) 139
chicksdaddy provides five (or more) "good" reasons why we should ignore the South Carolina election hacking story that was reported yesterday. According to yesterday's reports, South Carolina's voter-registration system was hit with nearly 150,000 hack attempts on election day. Slashdot reader chicksdaddy writes from an opinion piece via The Security Ledger: What should we make of the latest reports from WSJ, The Hill, etc. that South Carolina's election systems were bombarded with 150,000 hacking attempts? Not much, argues Security Ledger in a news analysis that argues there are lots of good reasons to ignore this story, if not the very real problem of election hacking. The stories were based on this report from The South Carolina Election Commission. The key phrase in that report is "attempts to penetrate," Security Ledger notes. Information security professionals would refer to that by more mundane terms like "port scans" or probes. These are kind of the "dog bites man" stories of the cyber beat -- common (here's one from 2012 US News & World Report) but ill informed. "The kinds of undifferentiated scans that the report is talking about are the internet equivalent of people driving slowly past your house." While some of those 150,000 attempts may well be attempts to hack South Carolina's elections systems, many are undifferentiated, while some may be legitimate, if misdirected. Whatever the case, they're background noise on the internet and hardly unique to South Carolina's voter registration systems. They're certainly not evidence of sophisticated, nation-state efforts to crack the U.S. election system by Russia, China or anyone else, Security Ledger argues. "The problem with lumping all these 'hacking attempts' in the same breath as you talk about sophisticated and targeted attacks on the Clinton Campaign, the DCCC, and successful penetration of some state election boards is that it dramatically distorts the nature and scope of the threat to the U.S. election system which -- again -- is very real." The election story is one "that demands thoughtful and pointed reporting that can explore (and explode) efforts by foreign actors to subvert the U.S. vote and thus its democracy," the piece goes on to argue. "That's especially true in an environment in which regulators and elected officials seem strangely incurious about such incidents and disinclined to investigate them."
Someone is attempting to hack everything (Score:5, Insightful)
I pretty much just assume that any computer attached to the internet is being tested by hackers all the time. Why should election computers be any different?
Re:Someone is attempting to hack everything (Score:5, Insightful)
Because they shouldn't be attached to the internet?
Re: (Score:2)
"Was the election hacked? The GOP says no because it won. The democrats respond with... actually breaking news, we cut back to the GOP who are defending the president's ability to punch the pope in the dick."
Then if the democrats ever win again,
"Was the election hacked? The GOP says liberal elitist hackers rigged the election. Democrats start to say something before the honorable senator from Iowa starts flinging his own poop at reporters, we go live to pooped-on report
Re: (Score:3)
Re: (Score:2)
I am an officer of election in Virginia. Do you seriously think we're stupid enough to NETWORK our voting machines?
As if.
Re: (Score:2)
Re: (Score:3)
Exactly. The NSA data center in Utah gets something like 300 MILLION hacking attempts a day. A non-story if ever there was one. Probably the reason it doesn't have legs is because some reporter breathlessly runs it by their IT folks, and they just roll their eyes.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I pretty much just assume that any computer attached to the internet is being tested by hackers all the time. Why should election computers be any different?
Presumably there might be something different about who does it.
Computers, whether or not they're used to manage elections, should be secured from people looking for vulnerabilities in order to steal data or money. But if hackers try to penetrate election computers, possibly with the intent to alter the results, then it seems important to follow up.
If the CIA or NORAD were subjected to attempts to penetrate their computer systems, I doubt they would just shrug their shoulders and chalk it up to script kiddi
Re: (Score:2)
Yes of course, you can't follow up every ping. But if analytics show something different about the attack -- something that indicates it's not just a random port-scan -- then it deserves to be investigated. Especially if the computer in question is managing something sensitive.
Ah... the old millions vs. individual thing... (Score:2)
Try to hack the voting system 150000 times and it's a statistic... [quoteinvestigator.com]
Try to do it once and you're likely a Trump voter. [vice.com]
Re: (Score:3)
Election computers should be different, because they shouldn't be attached to the internet!
Re: (Score:2)
Why do they have a USB port? The only connection should be some obscure, proprietary connector.
Security by obscurity is not a complete fix, but it does cut down on attack vectors.
Re: (Score:2)
A USB port is fine, as long as you have the key to open the metal box (which should sound a buzzer) to get to it.
All in a day's business... (Score:5, Insightful)
The public-facing srvers I'm reponsible for are port-scanned thousends of times a day in addition to the SSH access attempts, but these are all so common that only a fool falls victim to this sort of thing, the basic protections are fairly elementary and catch most if not all such common garbage.
Re:All in a day's business... (Score:5, Informative)
those scans are so prevalent because they are regularly successful.
Those scans are so prevalent because they're trivially easy to implement - regardless of the success percentage. That percentage can be very low and still be worthwhile.
Re: (Score:2)
Re: (Score:2)
And that's not even counting Shodan. I wonder how many of the "hacking attempts" it was responsible for...
Ignore? (Score:2)
Hell, we don't even have to investigate. An election has never been hacked, and cases of attacks are so few and far between that it doesn't make sense to even try to figure out how often this happens.
Re:Ignore? (Score:4, Funny)
Hell, we don't even have to investigate. An election has never been hacked, and cases of attacks are so few and far between that it doesn't make sense to even try to figure out how often this happens.
Donald? Is that you?
Re: (Score:2)
No, it's me, a generic Democrat who thinks we don't have to investigate anything involving election fraud, unless it hurts one of our candidates.
Re: (Score:1)
No its Obama from last November.
There is only one known 'hacked' election last year. It was not the Trump v. Hillary matchup. Hillary had locked it up well before it started. It is in the emails leaked by a former burnout.
Re: (Score:2)
He's pretty good. Plays a mean game of chess too.
Re: (Score:2)
...cases of attacks are so few and far between that it doesn't make sense to even try to figure out how often this happens.
Donald? Is that you?
Isn't DJT the one that claimed 3-5M illegal votes in the election? And ordered an investigation into the results? He's the one claiming the highest rate of voter fraud because he can't accept losing the popular vote. It seems odd to allege massive fraud in an election he won, but his ego is insatiable.
Ask me how I can tell you're a Democrat (Score:2, Insightful)
Perfectly willing to claim Trump was elected from vote hacking, utterly unwilling to investigate or question any votes - and in fact attempts to block those seeking to investigate voter hacking [politico.com].
It is absurd to claim with as loose as protocol is around most voting systems, that there is not widespread voter fraud ongoing - probably "benefitting" both parties and screwing honest voters over with rigged elections across the country.
Re: (Score:1, Troll)
Perfectly willing to ignore that the actual hacking that Democrats are concerned about was related to breaking into email accounts for Democrats, not elections computers ...
Nobody on the R side is ignoring that. But what the Ds are trying to distract everybody from is that the alleged "Russian hacking" consists of exposing what the major Ds were actually saying to each other (about how they cheated Sanders out of a legitimate primary run, what contempt they had for the voters and how they lied to them, and
Re: (Score:2)
Actually, local polls tend to be very vigilant. While we make all the fuss about national candidates, the same elections usually also concern everyone down to dogcatcher and ordinances about how many chickens you can own.
It would be hard for someone in Beijing to accurately fake such voting to provide a complete ballot while skewing national figures. While we make a big deal of where the polls went wrong, when the polls go straight into the Twilight Zone, people start hand-counting. Checks and balances also
Re: (Score:1, Informative)
Perfectly willing to claim Trump was elected from vote hacking - er no. President Trump was elected by an out moded and no longer useful electoral college system, rather than a simple popular vote. Also, fear, fake news, and statements that play on the ignorance of his supporters and lack of imagination.
utterly unwilling to investigate or question any votes er, no. There is no reason President Trump needs the names, ages social security numbers and party affiliation data from the States to investigate what
Re: Ask me how I can tell you're a Democrat (Score:4, Informative)
The UN makes third world countries use real ID to vote. That doesn't ring true to my knowledge. Do you have a citation for that? Years ago when I was keeping up with this sort of thing, what they did was use ink on the finger or thumb showing that person voted. If you think about it, third world countries have problems getting clean drinking water, food security, sanitation, and clothing - let alone health care, so I guess the US does share a little in common with them. I expect that in a place like India, where 60% of the population doesn't have access to a toilet, an ID would come pretty far down on their list of important needs.
Why can't we do the same in the first world? Fine. Let's also require ID to purchase a gun and ammunition. But really, there is no need for either of those solutions. After all, I'm told gun violence is fake news, and I don't see any cases of mass voter fraud, just the one off Republican voting in two states.
As far as how prevalent fraud is... you put cart before horse claiming it's nothing. Impossible to say when the cheaters won't allow an investigation. I think purple elephants are a problem in my front yard, so I drew a huge KEEP OFF sign. Sure works. Haven't seen a purple elephant in years now. Of course that's nonsense, but I hope that you can at least see my view of your argument. It's nonsensical to me. If there were massive voter fraud, I think the authorites would be locking people up. As it stands, the FBI crime report shows fewer than 200 convictions of voter fraud in 2014.
We investigate the hell out of everything else but oh no don't look behind the vote fraud curtains! Nothing to see there! Trust me! No one is saying there is no vote fraud, we're saying it's not six million votes big. Slight difference there. And President Trump is the one that in my opinion, over uses the words "Believe me" and "Trust me". I do neither because I have a memory, a intellect, a moral compass, and a bit of compassion for my fellow human beings.
Re: (Score:2)
This just for completeness sake, as all too many /. poster
Re: (Score:2)
Perfectly willing to claim Trump was elected from vote hacking - er no. President Trump was elected by an out moded and no longer useful electoral college system, rather than a simple popular vote. Also, fear, fake news, and statements that play on the ignorance of his supporters and lack of imagination.
Well, one of the biggest fake news is about the vote hacking. Probably, it is only surpassed by the DNC hacking fake news.
Re: (Score:1)
"President Trump was elected by an out moded and no longer useful electoral college system, rather than a simple popular vote."
Woah there cowboy. There's a reason straight-up popular votes aren't used, and it's called "Tyranny of the Majority". I don't like any more than you do that so many of my fellow Americans were retarded enough to elect an obvious con-man, but it isn't the system's fault. Though we really could use a better system, something that isn't based in the provably flawed first-past-the-post
Re: (Score:2)
The electoral college is an equalizer similar to the way each state gets 2 Senators and a population-proportionate number of Representatives.
Without it, the mob rules (queue Black Sabbath from the Heavy Metal soundtrack.)
Historically, it was created because Philadelphia would have been able to dictate to the entire country.
Utter BS to your statement there is no vote fraud. You're playing semantic games. There has always been, and always will be, vote/election fraud. Otherwise, how to explain dead people vot
Re: (Score:2)
I saw what you did there. Voter Fraud != Election Hacking.
Re:Of course (Score:5, Informative)
Plus voter ID, clear ballot boxes and indelible ink marks on voters thumbs to prevent double voting. The UN has a set of best practices.
Re: (Score:1)
Voter ID is voter suppression according to the democrat party policy for the last ~15 years that people, RNC, voter groups have all tried to get into place. And for the vast majority of media, it's also voter suppression. Even if you provide the ID free of charge.
Re: Of course (Score:1)
And bank robbers complain about bank vault having locks, too.
Re:Of course (Score:5, Insightful)
Is that Voter ID really free of charge or is it free after you pay a fee to get a certified copy of your birth certificate which is required in order to get your free ID? Paying money for anything in order to vote has a bad history in this country, as do literacy tests (hey, you should be able to read, else how can you cast an informed vote!), etc. You can always make an argument why there should be some test or other extra-constitutional requirement to vote -- they've all been tried in the past.
Re: (Score:2)
Is that Voter ID really free of charge or is it free after you pay a fee to get a certified copy of your birth certificate which is required in order to get your free ID?
You mean the part where you don't pay a fee and even with the existing ID that's available so you can get your free ID? You can find lots of democrat and progressive talking points against free ID, using existing forms of ID which you're already required to use for everything from voting in your local primary(including entrance), to buying a pack of smokes, booze, or any type of government benefits for.
Can you make any valid argument where not having voter ID enhances and benefits democracy, democratic vot
Re: (Score:2)
You mean [washingtonpost.com] the thing [theguardian.com] that is actually [aclu.org] a discriminatory [cnn.com] burden [newyorker.com]?
These court cases are crap and I'm sick of this argument that people are just incapable of getting an ID somehow. Everyone should have an ID. Here's a list of reasons why, provided by the NYC government:
http://www.nyc.gov/html/id/htm... [nyc.gov]
People object no matter how easy the local government makes it. People objected even when they were sending mobile voter ID vans into neighborhoods to make it easy. If those vans were giving out free phones people would have waited on lines for hours.
Voters are supp
Re: (Score:1)
These court cases are crap and I'm sick of this argument that people are just incapable of getting an ID somehow.
Yes, yes, ignore the actual documented problems that were substantiated in a court of law. This is the biggest issue with the legitimacy of your argument, you rail and rant at the concerns, instead of solving them.
I said this to Mashiki, but you should realize it as well, a little contrition is what you need, not obstreperousness.
I didn't ignore them. I say they are anecdotal crap that liberal judges buy into.
Everyone should have an ID.
Then make it an obligation for the state to provide it, even if the Governor of the State has to walk around in EVERY single neighborhood with a camera and a printer.
No. Adults who want to vote have to go and get an ID. No one has to go hand it to them. If they can make it to the polls they can make it to get an ID.
Here's a list of reasons why, provided by the NYC government:
Yes, yes, there are good reasons to have ID. Which is why the City of New York set up a Municipal ID program, thank you for appreciating them.
I do appreciate it. The mayor is not however walking door to door. People still have to take action
If those vans were giving out free phones people would have waited on lines for hours.
Yes, yes, there were protests over providing people with phones too.
Irrelevant comment
Voters are supposed to be adults. Treat them accordingly.
Yes, yes, blame the voter, a common attitude, except the state's legitimacy only exists with the provision of the vote. Treat it accordingly.
Also irrelevant
I bet if you needed a photo ID to collect social security benefits the person named in that lawsuit would have had one for 20 years.
I bet if Social Security started doing photo ID, there'd be massive protests and objections about the mark of the beast [forbes.com].
More irrelevance.
Re: (Score:1)
Re: (Score:2)
You mean the thing that is actually a discriminatory burden?
You mean where half of those cases have been tossed out, and in two others the legalese was adjusted to come into compliance with the courts ruling making voter ID a defacto requirement.
You mean the arguments that actually persuade a court of law, that the point out the discriminatory intent that is quite apparent from the actual statements of the legislators who enacted the law with the specific desire to disenfranchise voters? From legislators, who if your contentions are correct, were not lawfully elected in the first place, thus rendering their position suspect.
You mean those same arguments which successfully won as well? Want to continue running with that line of thought or would you like to try something else?
Yes, I can. You forgot to ask it to be done though.
Apparently you couldn't, or can't. You missed the question mark in the original sentence.
Yes, I can also do this. Of course, since you neglected to ask for any argument to be actually presented, so I don't feel any obligation to do so, and I won't until you address the question of what to do when the state legislature is found to have engaged in discriminatory intent in its passage of the laws. You instead resist any addressing of that concern at all, revealing at best, your own complicity in it.
Seems to me you don't have any actual point in showing this, because if you did.
Re: (Score:2)
Voter ID is a solution in search of a problem. We have no evidence of rampant voter fraud, yet are told we need to implement voter ID.
Well, we don't know if there's evidence of rampant voter fraud. Mainly democrat states are blocking the government from trying to determine how much fraud there actually is. But let's go with the extrapolated report from earlier in the year. [washingtontimes.com] Which figures that somewhere between 4m and 6m people voted illegally. That includes everything from voting twice, to non-citizens.
The real reason behind voter ID laws is for Republicans to make it harder for people who tend to vote Democratic to vote at all.
So let's run with that. The reason democrats are for amnesty of illegals, is to make sure they always win by subverting democracy.
Re: (Score:1)
Even if you provide the ID free of charge.
Thanks in no small part to the States failing to provide the ID free of charge. Like in Pennsylvania [aclupa.org]
I bet if you needed a photo ID to collect social security benefits the person named in that lawsuit would have had one for 20 years.
Re: (Score:1)
"The very real problem of election hacking" (Score:4, Insightful)
Re:"The very real problem of election hacking" (Score:5, Informative)
There has been nonstop coverage about how the election was "hacked", of course that may not fit into your or others narrative that if they didn't directly hack voting machines then there is no "hacking" (let's call this the glove does not fit so you must acquit theory). There was the DNC hack and leaks and the disinformation campaigns that have been well covered and sourced to be either Russian government lead or by Russian parties with which we are unsure of their ties. You hear about Russia 20 times a day because the Trump campaign and Cabinet and close ties are oozing in unanswered questions/connections with regard to Russia and every day a new connection either direct or indirectly made.
That is all non-partisan fact. Take of it what you will.
Re: (Score:2)
As long as there's a single voting machine that doesn't leave a paper trail, you don't know that and neither do I.
Re: (Score:2, Interesting)
Story for you [dailymail.co.uk]
Its also a non-partsian fact that not a SINGLE person is willing to testify in court that they have seen evidence of hacking the election.
Under oath, Comey said the DNC refused the FBI's help in checking their servers. The company the DNC did hire is a DNC shell company that said the Russians did it. That company is also unwilling to testify that Russia did it now after some more information came out about them. That leaves the FBI with no ACTUAL evidence of Russia doing anything. When aske
Re: (Score:2, Funny)
Those e-mails hacked/leaked were confirmed to be genuine, i.e. real information about what those politicians stand for.
Knowing what the politicians stand for is an important part of democracy.
So, if you include those, you are really accusing Russia of democracy. If that's the worst accusation you can come up with - well, I'm sure Russia has been accused of worse things.
Re: (Score:2)
how come do western powers engage in propaganda of our own against (you name it: communism, Islamist states, banana republic dictators)
You misspelled "Israel".
Re: (Score:2)
The Russians targeted the candidate most likely to stand up to Putin with a disinformatsiya campaign straight out of the old KGB playbook, sowing as much general FUD in the US government and electoral process as they could along the way.
Re: (Score:2)
Thanks for illustrating my point.
Re: (Score:2)
As far public evidence goes, the "Russian interference" basically boils down to three prongs:
1. Hacking into state voter registration to get detailed data for targetting voters in critical states. Comey stated publicly that Russians tried this hundreds of times through spearfishing attacks, but it is unclear how successful they actually were in accessing/tampering with voter registrations.
2. Hacking and releasing e-mails from the DNC and John Podesta. We now know that more than one person unofficially a
Ummm, no? (Score:2, Insightful)
Re: (Score:1)
If a port scan "hacking" rocks your confidence in elections, you'd better be cowering in fear after I tell you about port scans on the local power company, water company, and - hold your hat - police & military web sites. WE'RE DOOMED!!!
I'm worried about the 150,001 they didn't see... (Score:1)
The only burglar that pounds on your door 150,000 times is the meth-ed out one that's going to end up on "America's Dumbest Criminal's" or some other reality show. Likewise, good hackers do not advertise their presence like that. If this was a serious attack it would have begun months ago and with slow targeted scans that aren't going to draw attention and/or spearphishing. 150,000 "attacks" is not enough to even qualify as a DoS. This is common portscan activity and the sysadmin is either showboating f
Even More "Strangely Incurious about investigating (Score:2)
Voter Fraud via the Presidential Commission.
Dog bites man story? (Score:4, Insightful)
More like man inhales story...
I ran a basic web server for awhile at home a few years ago just for amusement on a Linux box running apache. It served up ONE static page that said something like "this is the only page on this server" and that was it. I got "attacked" thousands of times a week by the script kiddies running the IIS exploit attempt scripts, port scans and all sorts of things that I found a little bit amusing.
Surely, during an election, ANY computer on the net associated with anything to do with voting would be a primary target of all the hackers out there trying to make a name for themselves....Oh Look at me! I broke in and disrupted the election!
The fact is, this is not unusual..
Computerized voting is *Supposed* to be hacked (Score:5, Interesting)
By the partizan electoral officials that control them. Heck, the Diabold machine was even found to have and "Adjust Votes" option on the menu, no need for any actual hacking.
It amazes me that Americans put up with this grossly dubious system.
I am sure that the Australian election was not hacked. I was one of the scrutineers who watched while every paper ballot (at a particular booth) was tallied. And then forwarded those subtotals on to the candidate themselves. No fuss. No court cases. Just transparency.
Re: (Score:3)
Remember the entire motivation behind electronic voting was because Florida Democrats were deemed too stupid to handle paper ballots. This "tragedy" cost Mr Gore the election.
The 'proper' person didn't win, ergo, the system 'must be' broken.
Like many theoretical exercises in logic, if you begin with such premises the rest make perfect sense.
Re: (Score:2)
One county issued illegal "butterfly" ballots. It was a bipartisan decision. Any halfway reasonable statistical analysis shows that it cost Gore the election, all other things being equal. The ballots did confuse the voters.
Like many of you ... (Score:2)
... I've been a firewall jockey and the logs were fraught (new word of the day) with attempts to penetrate.
Particularly interesting were the pokes at RDP [speedguide.net] (standard port 3389).
I used RDP a lot back then but I went to the registry and changed the port to the last four digits of our firm's phone number as a mnemonic.
So,
mstsc /v:joemcnamara.trandoninc.com:8192
gets Joe to his desktop.
Another common attack point was FTP.
Russia and North Korea are working together.... (Score:2)
LoL - "Attempts to penetrate" (Score:2)
I had a special box set up to be outside our firewalls, but isolated from the company network just in case, that I used to keep an eye on some of the traffic and to generate logs I could show people. I know that sounds like something for marketing, but it wasn't. Some people are a bit p
Oh, Occam, we hardly knew ye (Score:3)
Of all the states where someone might be trying to (undetectably) swing the result of an election through hacking, who in their right mind would pick South Carolina where Trump was already expected to win within the range of the 15 point margin he did?
Yes, we should ignore this story for desperately grasping at straws to the point of extinguishing critical thinking.
This is indeed probably no story (Score:2)
My web and email server is hit by >15,000 attempts per minute. Fail2Ban, iptables recipes, a variety of DNS hardening, and a pile of other tools make this livable. And mail scanning helps also. Reverse DNS etc. also help.
And this has been going on for more than decade. My logs from 1998 show steady attempts, and sometime around 2001 attacks picked up.
So far as I can tell my servers haven't been compromised since 1998, and I still harbor a grudge against the the kids from Atlanta. I would punch every on
SC vote procedures (Score:2)
There are other reasons this post and many of the comments (what a surprise) are basically invalid; they ignore the structural protections of SC voting procedures.
Echo the comments about hundreds of daily port scans. Use an enterprise-class firewall like UTM and see how often your IPs are probed to get an idea of what is really going on.
SC requires people to be registered 30 days prior to an election. Computers used for the elections are not connected to the Internet. Printed materials and data are prepared
Nothing burger! (Score:1)
Come right here.. get your nothing burger... compliments of CNN, etc.