Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Politics

Election Officials Are Vulnerable To Exim Security Vulnerability, Report Shows (thehill.com) 41

whh3 writes: The Wall Street Journal has an "exclusive" scoop about a report detailing that several counties host their own mail servers using a version of Exim that is vulnerable to exploitation (Warning: source paywalled; alternative source), exposing electing officials to potential interference during the upcoming cycle. "[Cybersecurity vendor Area 1 Security Inc.] found that officials in six small jurisdictions in Michigan, Missouri, Maine and New Hampshire, for example, were using a buggy version of a free software product called Exim, which has been linked to online attacks conducted by the Russian intelligence service known as the GRU," reports The Wall Street Journal. The report itself is online here. "The report, compiled by cybersecurity group Area 1 Security, found that over 50 percent of election administrators have 'only rudimentary or non-standard technologies' to protect against malicious emails from cyber criminals, with less than 30 percent using basic security controls to halt phishing emails," adds The Hill. "The study also found that around 5 percent of election administrators use personal emails, which are seen as less secure than government emails."

The researchers wrote in the report: "The disparate approaches to cybersecurity by state, local and county officials is such that should a cybersecurity incident occur in one small town, whether in a 'battleground state' or not, even if statistically insignificant, could cause troubling ripple effects that erode confidence in results across the entire country." They noted that 90 percent of cyberattacks begin with a phishing email.
This discussion has been archived. No new comments can be posted.

Election Officials Are Vulnerable To Exim Security Vulnerability, Report Shows

Comments Filter:
  • by rmdingler ( 1955220 ) on Monday July 27, 2020 @09:08PM (#60337757) Journal

    Pretty sure that's why umpteen smarter posters than me have already commented on /. that voting online is a poor idea.

    When important things can be controlled, and thus manipulated, from a central location, the outcome is never rosy for the weakest link.

    The Gates Corollary: in a room full of people, if you don't know who the weakest link is, it's you.

    • Re: (Score:2, Troll)

      by h33t l4x0r ( 4107715 )
      But possibly less poor than the idea to pack millions of people into unvented plague dungeons.
    • Oh, wait. He's out with the Covid-19.

      Anyway, it's kind of a shallow FP, especially in the Subject. I basically agree with you. Printed ballots and make sure the voters read them before they are stored for auditing, with at least random sampling even if everyone is happy with the results of the election and there are no challenges. (ROFLMAO at the idea of making everyone happy with any election's results these days.) I actually think it's okay to use voting machines to print the ballots and to report the PRE

      • by kenh ( 9056 ) on Tuesday July 28, 2020 @12:51AM (#60338005) Homepage Journal

        By the way, that's why mail ballots are basically okay with me. Too messy to manipulate easily on any large scale, even though each part of the system has weaknesses. To rig an election you need to fudge lots of ballots, and to rig it quietly you need to have single points of attack (again) and that isn't how mail-in voting works. If there's no single point of attack the multiple attacks are going to get detected, fer shure, fer shure.

        In principle, mail in ballots are fine, most of the challenges I've heard (from the people making the charges, not their critics that mis-represent the concern) is when you take the voter rolls which have been accumulating more and more bad records as voters move or die. The issue is sending a ballot UNREQUESTED by anyone to every address on record will flood apartment mail rooms with ballots for former tenants, ballots arriving at homes for former tenants, etc.

        What prevents the residents at those addresses voting those ballots? The signature on the ballot envelope? Maybe, I understand one county in NY state is STILL counting mail in ballots and has rejected about 20% of mailed-in ballots because signatures don't match.

        Imagine Florida goes all mail-in. How long will we wait for results? How many rejected ballots with signatures that don't match will we accept them rejecting? What if the loser decides to challenge the signature comparison criteria?

        As SOME have discussed, blindly sending ballots to every registered voter is a bad idea, because the the voter roll have not been cleaned up in decades.

        Oh, and remember how every year it seems like we hear about postal workers that hide hundreds of thousands of pieces of mail they were supposed to deliver in their house, apartment, or a storage space?

        What would keep a postal worker from keeping ballots for former tenants?

        And let's say a fraudulent ballot is sent in for you, but when you don't get your ballot, can you vote in person? Will your in person vote invalidate the mailed in ballot?

        Swamping the system with millions of mail in ballots will cause incredible logistic problems, even if everyone involved does everything exactly right. The states need to scale up and start training workers to verify signatures NOW if they don't want to fail miserably.

        • The other problem with mail-in ballots is how many will get lost on their way to and from the voter.

          That may be worth the risk if there is no other way for someone to vote otherwise (i.e. absentee reasons), but can you hear the screaming if 3% of ballots [cbsnews.com] don't get counted because of the mail? Or there's massive fraud? [realclearpolitics.com] Or 20% get tossed? [theatlantic.com]

        • by AmiMoJo ( 196126 )

          In the UK you don't have to sign your ballot. Aside from anything else it would exclude people who can't sign for some reason, e.g. I have arthritis in my hands so often had issues when signing credit card receipts before PIN numbers became standard.

          Fraud isn't very common even so. If you ballot doesn't arrive you complain and there is an investigation, but that's rare. People keep their address file current with the local government for tax reasons anyway, as in they don't want to pay tax at their former r

          • But there is usually only one person on the council tax list, typically the main earner in the household, whereas there might be more than one eligible voter; or they might not be eligible to vote because they have another house elsewhere and they nominated that as their address for voting purposes.

        • "As SOME have discussed, blindly sending ballots to every registered voter is a bad idea, because the the voter roll have not been cleaned up in decades."

          Can we get rid of those already? This is my biggest problem with voter ID is that nobody talks about streamlining registration or doing away with those awful county level voter registration databases. The state ought to know who's dead right? It knows which single county you live in. Let people vote if they have a state ID, and it probably could have b

          • There's a small issue with that, there are people who can get a state ID but are not eligible to vote under state law.

    • Send the email in both plain, and a copy in PGP or similar. solved. Even a simulated virtual fax will do, with a secret mark agreed to beforehand. Also the people can simply phone HQ and ask them to read back the results. Again simple. And if there is tampering, modern statistical analysis makes that harder to disguise. But if still dumb and dumber, Proton mail. As for Gmail, well who knows if somebody who works there, has it in for Trump. And they would also thae the brains to write a script, and erase log
      • You obviously don't understand the full issue around electronic voting.

        PGP or other public key crypto schemes aren't sufficient, as then don't insure anonymity, and allow proof after the fact of individual ballot contents. And regular PGP would let an attacker buy or steal private keys.

        • Yes, I do understand, and other countries have implemented electronic voting fairly well, it appears only the USA keeps on perverting a workable solution. The PGP reference was to voting stations calling in local tallies, backed by a phone call like Hey Bob, our regional tally is 38451, does that tally with the email I sent? That assumes centralized 'apps' are NOT distributed, and open sourced compiled by volunteers well in advance. What the politicians do not want is electronic voting that allows a voter t
          • Existing electronic vote systems rely on a smart-card ID w/ embedded private key. But there have been mass compromises of such ID's in the past, not to mention the legal difficulty of a state implementing such a system. And even if you like an open vote, good reason and tradition are against you and making the change in the middle of a singleton emergency is unlikely the yield the correct balance. And it allows people wanting to see an open vote a certain way assuming that closed votes are against them.

            And

    • by jd ( 1658 )

      It is possible to have an online voting system with no central control and independent monitoring.

      I've specced out the system a few times here, with the usual feedback of "yeah, ok, it's secure and resistant to interference, but what does it solve? There's no need for anything like that."

      Which is true, except the question was not whether it was useful but whether it was possible.

      It is possible to have a tamper-proof online voting system. It's expensive, useless and worthless, but it would do the job and do

    • There's already a central location. It's called the registrar and polling place.

      The difference is that when these are physical, we have a pretty good idea on how to secure and audit them. And that compromise of one doesn't necessarily snowball into a compromise of all.

      With digital/network voting we have a pretty good idea how to secure it, if we give up the non-disclosure requirement. If you want to keep it, then the best we can do is allows an audit/commit choice once a ballot is generated.

      On the upside yo

  • We recommend the use of cloud email infrastructure such as Google’s GSuite or Microsoft’s Office 365 in combination with a cloud email security solution.

    Basic summary: we would like government money for telling you that you need to update your systems or preferably pay for "cloud"

    • personal emails at $0/mo per box is cheap

    • Re: (Score:1, Redundant)

      by kenh ( 9056 )

      Hillary's campaign manager used GMAIL, luckily he used a really good password, and when he got a phishing email he sent it off to a security expert the campaign had who told him it was legit.

      Only the security advisor made a typo, and forgot the word NOT, as in not legit.

      And the password Mr. Podesta used on his gmail account? "password" - I kid you not.

  • The disparate approaches to cybersecurity by state, local and county officials

    If they weren't disparate, it would be a mono-culture from cost to coast, and get all exploited at once.

    • by kenh ( 9056 )

      Yes, imagine if every municipality all ran the same email server, all configured exactly the same way, as advised by a federal administrator. Find one flaw, crack all email servers.

  • any election official consented to have the exim mail server embedded in their body.
  • by kenh ( 9056 )

    Who cares if their email systems are corrupted? They aren't sending the official results in via an email sent from their iPhone, are they? Are they.

    Why aren't official results turned in on paper above a signature testifying to the accuracy of the numbers on the form?

    Ballots, election results shouldn't be sent officially via email. Period.

    • Comment removed based on user account deletion
    • Someone might be able to get from the mail server to the voter rolls, or just drop ransomware onto all the staff computers to generally make a mess of things. The machines and votes should be safely isolated, but you can make it much harder for the election officials to do their jobs, creating long lines and delaying results.
  • It looks like the referenced vulnerability is CVE-2019-10149.

    It was first seen in version 4.87, and patched in version 4.93.

    Latest Exim is 4.94

  • That 5% of officials are probably going to see fewer phishing attempts and at least have the option for MFA.
  • This sort of thing is exactly what makes forced automatic updates a good idea.

    Whoever set up these email servers should have also configured unattended updates and periodic reboots. And perhaps some automated email when the base operating system reaches the end of support. Or simply shut down. Assume it is Ubuntu 16.04 LTS for example. After 2021 it should just refuse to run services.

    Because it seems obvious from stories like this that too many people don't know how to maintain technology. The only thing th

  • The decentralization in the election system is good in one respect, that it provides isolation/containerization from state to state. So it becomes more difficult to manipulate the "entire" system.

    Other aspects of the arrangement create huge problems. Due to winner-take-all and the Electoral College, an adversary wouldn't need to manipulate the entire system. They'd only need to compromise one or two states to change the result. (Having battleground states helps foreign actors just as much as the politicians

Bus error -- please leave by the rear door.

Working...