'I Know That Voting Machines Can Be Hacked, Because My Colleagues And I Have Done It'

[GMDino]

Just an interesting read from a hearing yesterday.

(link has the video)

http://crooksandliars.com/2017/06/i-know-voting-machines-can-be-hacked

Quote:The Senate Intelligence Committee held a hearing on Russian election hacking yesterday, and the expert testimony wasn't all that reassuring.

Because while federal officials assure us that they didn't succeed, one expert left us with more questions about the integrity of our 2016 vote. He should know, because J. Alex Halderman, a professor of computer science at Michigan University and director of the Center for Computer Security and Society, has been hacking election systems for years and says you can do it without leaving a trace.


"I know firsthand how easy it can be to manipulate computerized voting machines," he told the committee in his opening statement.


"As part of security testing, I've performed attacks on widely used voting machines, and I've had students successfully attack machines under my supervision."


He said whether election functions are centralized or not doesn't matter.


"Some election functions are actually quite centralized. A small number of election
technology vendors and support contractors service the systems used by many local
governments. Attackers could target one or a few of these companies and spread
malicious code to election equipment that serves millions of voters," he said.


"Furthermore, in close elections, decentralization can actually work against us. An
attacker can probe different areas of the most important “swing states” for
vulnerabilities, find the areas that have the weakest protection, and strike there.


"In a close election, changing a few votes may be enough to tip the result, and an attacker can choose where—and on which equipment—to steal those votes. State and local elections are also at risk."


Halderman also warned our election infrastructure "is not as distant from the Internet as it may seem."


He explained that before every election, voting machines are programmed with the ballot design.


"This programming is created on a desktop computer called an election management system, or EMS, and then transferred to voting machines using USB sticks or memory cards, he said. "These systems are generally run by county IT personnel or by private contractors. Unfortunately, election management systems are not adequately protected, and they are not always properly isolated from the Internet.

"Attackers who compromise an election management system can spread vote-stealing
malware to large numbers of machines."


He said experts recommend paper ballots with optical scanners -- with required post-election audits.



"One of the reasons why post-election audits are essential is that pre-election “logic and accuracy” testing can be defeated by malicious software running on voting machines. Vote-stealing code can be designed to detect when it’s being tested and refuse to cheat while under test," he wrote in a footnote to his opening statement.

The statement:
 
https://www.intelligence.senate.gov/sites/default/files/documents/os-ahalderman-062117.pdf

This does not mean the election was hacked...just that it is probably not as safe and secure as we have heard.

[Belsnickel]

Nothing too surprising to me, here.

[xxlt]

It reminds me of the good old days when the president of Diebold promised to 'deliver the election results declaring George W Bush the winner' at a Bush campaign event.

That made me sad and angry at the time.

But now it is a precious memory.

Now the painful memory is of a Russian mafia king pin telling Super Trump that his hackers will deliver the election results declaring Donny Boy the winner, and he better play ball, or the vig goes up, his legs get broken, and no more hooker pee for him!

[*michaelsean*]

http://www.foxnews.com/politics/2017/06/21/jeh-johnson-testifies-dnc-rejected-dhs-help-on-hack-russia-meddling-did-not-alter-ballots.html

Quote:Former Homeland Security Secretary Jeh Johnson testified Wednesday that the Democratic National Committee last year turned down his agency's offer to help protect its network despite being warned about a hack.

He also confirmed that while Russia, at the direction of President Vladimir Putin, orchestrated cyberattacks on the United States to influence the 2016 presidential election, Moscow was unable to actually alter ballots.

“To my current knowledge, the Russian government did not through any cyber intrusion alter ballots, ballot counts or reporting of election results,” Johnson said during his opening statement before the House Intelligence Committee.

Johnson, who served in the Obama administration from December 2013 to January 2017, said his concerns about a cyberattack against the U.S. election systems intensified last summer. He added that he and his counterparts “sounded the alarm but that the press and voters were focused on a lot of other things” during the election season.

In August, he said he “floated the idea” of designating the country’s election infrastructure as critical – which would allow election officials to get cybersecurity help. Johnson testified that multiple secretaries of states turned down his offer and viewed any aid as the federal government trying to Big Brother the election.

Johnson also confirmed he went to the Democratic National Committee about a hack in their system but was told that the DNC “did not feel it needed” DHS assistance.

“Sometime in 2016, I became aware of a hack into systems of the Democratic National Committee,” Johnson said. “… I pressed my staff to know whether DHS was sufficiently proactive, and on the scene helping the DNC identify the intruders and patch vulnerabilities. The answer, to the best of my recollection, was not reassuring: the FBI and the DNC had been in contact with each other months before about the intrusion, and the DNC did not feel it needed DHS’s assistance at that time.”

The FBI reportedly faced a similar rejection.

Emails from then-DNC Chairwoman Debbie Wasserman Schultz ultimately were leaked ahead of the party’s national convention in Philadelphia. Those emails seemed to show party officials conspiring to sabotage Sen. Bernie Sanders’ campaign. The incident led to Schultz’s resignation.

During his testimony, Johnson also described steps he took once he learned about the Russian-backed hacking of the Democratic National Committee, his fears about an attack on the election itself as well as his rationale for designating U.S. election systems, including polling places and voter registration databases, as critical infrastructure in early January before President Trump’s inauguration.

Johnson testified that 33 states and 36 cities and counties used his department’s tools to scan for potential vulnerabilities. Johnson said he personally reached out to Gary Pruitt, CEO of The Associated Press, which counts votes.

“Prior to Election Day, I personally reviewed with the CEO of The Associated Press its long-standing election-day reporting process, including the redundancies and safeguards in its systems,” Johnson said.

On the other side of the Capitol, the Senate Intelligence Committee heard Wednesday from federal officials as well as state election representatives about Russia cyber-meddling.

Connie Lawson, president-elect of the National Association of Secretaries of States, pointedly suggested Johnson’s DHS held back information last year. She testified it was “gravely concerning” that state election officials “only recently” learned about the threat to voting systems, after DHS “repeatedly” told them no credible threat existed last fall.

“Secretaries of state took part in three calls where ... Johnson was asked whether any documented threats existed,” Lawson said, adding the calls took place Aug. 15, Sept. 8, and Oct. 12. “Each time, Secretary Johnson was directly asked about specific, credible threats and each time he confirmed that none existed.”

She also expressed concerns about DHS designating election systems as “critical infrastructure” without clear parameters.

In the same hearing, Acting Director of Undersecretary of National Protection and Programs Directorate at DHS Jeanette Manfra told lawmakers that 21 states were targeted in the presidential election.

“But no votes were changed,” Manfra said.

Ranking Member Mark Warner, D-Va., pressed Manfra on whether election officials were aware of the interference. “All of the system owners are aware of the targeting,” Manfra responded.