By
Brian Klaas February 9
This week, the U.S.
government confirmed
that Russian hackers infiltrated voting systems in several states,
having targeted 21 of them. While there is currently no evidence
suggesting any votes were changed, a hostile foreign power did gain
access to voter registration databases — the vital foundation of
election integrity. After all, if you control who can and cannot
vote, you control a democracy.
America’s foolish
experiment with digital voting processes must end. The Kremlin —
or other hostile foreign actors — will certainly strike again.
It’s time for good old-fashioned paper to make a comeback.
Researchers at Princeton
University have shown that they can pick the lock on voting
machines in seven seconds. In minutes, they could have replaced the
machine’s chip with a malicious one, ensuring that voters who
voted for candidate A were recorded as having voted for candidate
B. Thankfully, their demonstrations were just for research. But
they could have been real.
All Direct Recording
Electronic (DRE) voting machines are vulnerable to local
(in-person) hacking. Some can also be hacked remotely, over the
Internet. These vulnerabilities are particularly glaring for
machines without a voter-verified paper audit trail, which enables
voters to see their vote choice on a piece of paper and verify that
their vote was recorded correctly.
DRE voting machines
without any paper trail whatsoever are in use in 15
different states. About 1
in 5 voters cast a ballot without any sort of verified paper
trail. Even if foul play were suspected, it would be virtually
impossible to audit the tally, because the only recorded votes
would be on the compromised machine itself.
The least secure models,
such as WinVote, can be hacked
remotely over WiFi. In recent investigations, researchers
found that some administrator accounts had a password that was
“admin.” Many machines were found to be running outdated
Windows XP software. In some cases, software hadn’t been updated
since 2004.
Recent illustrations of
these vulnerabilities have been darkly comic. One research team
hacked into a
voting machine to have it play the Pac-Man game. Another
programmed
the system to play the University of Michigan fight song every time
a vote was cast. Last summer, a group of hackers “Rick-rolled”
a voting machine, programming it to play Rick Astley’s iconic
1980s hit “Never Gonna Give You Up.” These tweaks were simple.
They took minutes. And they were virtually undetectable, despite
manufacturers’ claims that the machines are secure and feature
“tamper-evident” seals.
If a few amateur hackers
could turn a voting machine into a game, think of how Russia, Iran
or a nonstate group of hackers could play with our democracy.
In U.S. elections, there
are three main areas of digital vulnerability: the voter
registration database (who can vote); the voting machines
themselves (who people vote for); and the tabulation (the
government’s count). Malicious hackers or agents could delete
groups of voters from registration databases. They could program
DRE machines to switch votes. It is even possible to tamper with
optical scan machines, which scan paper ballots and record tallies,
so they miscount. Malicious agents could change election outcomes
by manipulating official result tallies on government websites.
Donald Trump is president
because a small number of voters — so few that they could fit in
a single football stadium — were the deciding factor in just
three states. It’s not hard to imagine how easy it would be to
change a small number of votes in several strategically located
precincts and steal an election.
Worse, a hostile foreign
actor wouldn’t even have to change the result to severely damage
U.S. democracy. Imagine if evidence emerged that even a handful of
voting machines had been hacked in Michigan, Pennsylvania or
Wisconsin in 2016. If that happened, it wouldn’t be necessary to
show that the result changed; it would destroy Americans’
confidence in the electoral process regardless. A cloud of
illegitimacy would hang over the U.S. government for years. And all
it would take is a single cunning Kremlin agent visiting a few
unguarded precincts in a swing state and installing new chips or a
bit of malware.
Virginia rightly took
2016 as a wake-up call and retired its
vulnerable DRE machines. But that’s not good enough. The federal
government should mandate that all elections must, at a minimum, be
able to produce an independently verified paper trail for every
election held at the state and local level.
Moreover, only 32 states
mandate post-election audits (of varying
quality and rigor). It must be 50.
Thankfully, a bipartisan
group of six senators is
championing legislation to secure our elections. There’s no
time to waste. The politicians that Americans choose in elections
make decisions that affect the lives of billions of people. Do we
really want to cede that choice to the Kremlin or Iran or even a
cyberterrorist group?
President Trump’s
response to Russian attacks on American democracy has been to
praise Russian President Vladimir Putin, thank
him for purging U.S. diplomats from Moscow and float the idea of
forming
a joint cybersecurity venture between Moscow and Washington.
Trump has made clear that he is more interested in kowtowing to the
Kremlin than safeguarding our republic.
Congress and state
legislatures must not make the same mistake. Twenty-first-century
elections require a return to a 1st century B.C. technology: paper.
==//==
How
Hackers Broke Into U.S. Voting Machines in Less Than 2 Hours
Stay
Connected
How Hackers Broke Into U.S. Voting Machines in Less Than 2 Hours
Courtesy
of Cylance
By
Barb Darrow
July
31, 2017
It took computer hackers
less than two hours to break into U.S. voting machines at the annual
DefCon computer security conference, according to tech news site
The
Register. DefCon is an annual event that draws hackers from all
over the world to Las Vegas to strut their stuff.
The idea behind this
effort was “to raise awareness and find out for ourselves what the
deal is. I’m tired of reading misinformation about voting system
security,” conference founder Jeff Moss noted, according to USA
Today.
Some participants
physically took machines apart to find and document vulnerabilities.
Others gained remote access over Wi-Fi and were able to upload
malware to them. DefCon organizers aggregated some 30 voting
machines—including those made by Diebold, Sequoia, and WinVote—to
make up its first-ever Voter Hacking Village, and turned them over
to the pros on Friday to work their magic.
The wireless hacks are
clearly more worrisome because of their stealthy nature. People are
apt to notice someone taking a screwdriver to a polling place during
an election.
Hackers testing the security of 30 voting machines at Defcon
— Matthijs Pontier (@Matthijs85) July 29, 2017
This is the first time
that DefCon formally took on the issue of voting machine hacks—a
hot topic given that U.S.
intelligence agencies have found that Russians used hacking
techniques to influence the last U.S. presidential election.
While there is no proof
that actual vote count was compromised by the Russian efforts, there
hasn’t been much research to see if that could happen. Danish
researcher Carsten Schürmann used a 14-year old exploit in
Microsoft
(msft,
+3.66%) Windows XP operating system to gain remote access to one
unpatched machine within 90 minutes. That access would enable him to
change the vote tally from anywhere, according
to CNET.
Incredible. #votingvillage. Very recent #votingmachines being hacked. Some running Windows XP. Scary stuff. #defcon pic.twitter.com/rGYTel6oSC
— Micho Schumann (@MichoSchumann) July 29, 2017
“Without question, our
voting systems are weak and susceptible,” said Jake Braun, CEO of
security consulting firm Cambridge Global Advisors, told the
Register. “Thanks to the contributions of the hacker community
today, we’ve uncovered even more about exactly how.”
SPONSORED FINANCIAL CONTENT
You May Like
Stories From
marketwatch.com
marketwatch.com
time.com
time.com
time.com
Read More
Sign Up for Our Newsletters
Sign
up now to receive FORTUNE's best content, special offers, and much
more.
Subscribe & Save
Subscribe
today and save 79% off the cover price.
Sign Up for Our Newsletters
Sign
up now to receive FORTUNE's best content, special offers, and much
more.
©
2017 Time Inc. All Rights Reserved. Use of this site constitutes
acceptance of our Terms
of Use and Privacy
Policy (Your
California Privacy Rights).
Fortune may receive compensation
for some links to products and services on this website. Offers may
be subject to change without notice.
Quotes delayed at least 15
minutes. Market data provided by Interactive
Data. ETF and Mutual Fund data provided by Morningstar,
Inc. Dow Jones Terms & Conditions:
http://www.djindexes.com/mdsidx/html/tandc/indexestandcs.html.
S&P
Index data is the property of Chicago Mercantile Exchange Inc. and
its licensors. All rights reserved. Terms
& Conditions. Powered and implemented by Interactive
Data Managed Solutions.
THE END
Nenhum comentário:
Postar um comentário