
FBI says foreign hackers penetrated state election systems - velodrome
https://www.yahoo.com/news/fbi-says-foreign-hackers-penetrated-000000175.html
======
rawfan
Voting is such a simple and cheap thing to undertake if you do it on paper.

It's precise, it's easily observable, it's easy for people to understand where
their vote goes. It's also easy to grasp how the election is protected from
manipulation.

With electronic voting systems it is physically impossible to prevent
manipulation and provide control.

~~~
thecrow1213
But you also need to scale these systems. Paper doesn't scale

~~~
chendies
The benefit of transparent elections outweighs the costs of counting paper.

If we _really_ wanted to do elections cheaply, we'd just hire a couple of
undergrads to write a Node.js script and give polling stations some desktop
PC's loaded up to the page. Would hardly cost anything. But doing elections
cheaply is not the point.

~~~
specialist
For the USA, precinct-based paper mediated voting is the cheapest option.

We don't need PCs. Self contained scanotronic style systems (think SAT tests)
work just fine. In fact, all but the largest jurisdictions (because of ballot
size, complexity) could get away with manual counting.

------
1337biz
I find it amazing how strong the anti-Russian rumor mongering is in this
election.

I thought we already had reached the point where 'Terrorism' has replaced
'Russia' as the perpetual enemy figure. Is Trump's soft stand on Russia so
scary to some? Apparently attributing anything unattributable to Russia is
having a massive comeback right now.

If China and others would at least be occasionally mentioned as potential
alternative attackers, these reports would look a lot less as some one sided
opinion engineering operations.

~~~
at-fates-hands
This is really due to the increasing tension between the two super powers.
Russia has been on the loose, and Obama has done little to challenge them to
try and reign them in. I would suspect this is why they get blamed for
everything - regardless of the evidence. It's very "cold war era" feeling to
me when both sides would blame each other for the smallest thing.

Lots of increasing geopolitical drama and it probably won't end anytime soon.

~~~
akhilcacharya
> Obama has done little to challenge them to try and reign them in.

Our sanctions regime crashed their economy (or at minimum, exacerbated their
long running problems). It's difficult to say "little to challenge them".

~~~
saynsedit
I wasn't aware their economy had crashed. Could you provide a source?

~~~
ethanbond
[http://www.xe.com/currencycharts/?from=RUB&to=USD&view=5Y](http://www.xe.com/currencycharts/?from=RUB&to=USD&view=5Y)

First the illegal annexation of Crimea was "complicated," and now the Russian
economy isn't in a freefall? Where are you getting your news?

~~~
saynsedit
That's not evidence of a Russian-specific crash. All markets across the globe
had a correction in January 2016. According to your chart, Russia has
apparently bounced back, just like the rest of the world. This is the DJIA:
[https://finance.yahoo.com/quote/%5EDJI?p=%5EDJI](https://finance.yahoo.com/quote/%5EDJI?p=%5EDJI)

Do you have a more specific source?

~~~
dntrkv
I think his chart is using the wrong date range. Here is a better one:
[https://encrypted.google.com/finance/chart?espv=2&q=CURRENCY...](https://encrypted.google.com/finance/chart?espv=2&q=CURRENCY:RUBUSD&tkr=1&p=5Y&chst=vkc&chs=269x94&chsc=2&ei=BlvEV_XTBYGUjwPvpqHQBQ)

~~~
saynsedit
Thanks!

------
neom
I'd imagine that every major US bank, healthcare provider and government
department have been breached at some point by unauthorized person or persons.
It's almost impossible for this not to be the case to my mind.

~~~
Globz
"Still, the FBI warning seems likely to ramp up pressure on the Department of
Homeland Security to formally designate state election systems as part of the
nation’s “critical infrastructure” requiring federal protection"

I can't believe what I am reading!

What are they waiting for ? For the Russians to rig the election? seriously...

~~~
JumpCrisscross
Legal consensus? De-centralised elections are not something we should give
away in a panic. The costs and benefits need to be weighed before a prudent
plan is developed and implemented.

Rushing to put the nation's electoral system under the federal guidance of an
organisation not precisely lauded for its transparency or democratic values is
at least a bit troubling.

~~~
Globz
They could at least provide help to properly secure the state election systems
instead of reacting after a breach. Why not try to secure the systems to a
higher standard and be proactive?

~~~
JumpCrisscross
"Securing" as in reaching in and making changes? Or "securing" as in
publishing guidance around best practice?

Latter, I'd be fine with. I'd even go so far as to requuire it by law. The
former amounts to an unelected federal body with a nasty history tampering
with election electronics.

~~~
Globz
Publishing guidance around best practice should be mandatory when dealing with
government infrastructure, these election systems are not "low level" target
they can potentially influence the course of history if they are rigged.

------
joshfraser
My thoughts on e-voting have changed as I've grown older.

In high school and college I said technology is the future! It's insane that
we're still using paper and pencil for something so important. Computers are
better at counting than humans. Yay e-voting!

Then I realized that you can't trust individual company or organization with
that much power & any trusted e-voting software would have to be open source
so that it could be independently verified by security experts everywhere.

Then I learned more about how many 0-day vulnerabilities exist and are being
stock-piled by state actors for every layer of the stack -- routers, firmware,
operating systems, browsers, popular code libraries, etc. It's all been
compromised. You can't trust any of it. So you'd have to open-source the
hardware too & probably keep the whole thing air-gapped from the internet. And
still that might not be enough!

Today I believe there's no way to secure a system (electronic or not) without
publishing a log of every vote cast. This gets tricky when you have secret
ballots, but there are a couple ways to handle it. The first way would to be
to allow people to choose whether they want their ballot to be public or
private. That way you'd end up with enough public votes that you should be
able to tell whether the election was massively rigged or not (assuming you
expect the private votes to follow the same distribution as the public ones).
The second option would be to assign everyone a private one-time key when they
vote -- a receipt they can look up later. Everyone can then look up the key
from their voting receipt on the public log and make sure their vote was
tallied correctly. The second option has the benefit of keeping secret
ballots, but you'd need a separate way to verify that the number of lines in
the public log is the same as the number of people who showed up to vote. That
can be solved by publishing a list of who showed up to vote.

Of course, we can't know for sure that we've had a fair election while the NSA
dragnet continues to exist. We would never know which candidates were forced
to drop out from those in power using their access to surveillance intel to
blackmail a candidate or leak their dirty secrets to the press.

~~~
AnimalMuppet
Don't assume that the private votes follow the same pattern as the public
votes. When you have an election where there is public shaming of people
voting for one side, even exit polls are off.

For example, in the "should Scotland leave Great Britain" referendum, there
was a lot of public pressure for voting to leave. Those who voted to remain
were much more quiet, but in the end, they were the majority. I was actually
in vacation just before the vote. Even as an outsider, I could tell that the
leave faction was much more vocal, but the remain faction was quietly solid.

------
farico
They hacked it via sql injection using sqlmapper, now this is serious
security.

------
JoeAltmaier
Sounds alarming - elections at risk!

But its just data taken, right? Aren't voting records public domain already?
Is this equivalent to stealing a phone book?

~~~
colinbartlett
If they gained read access, who is to say they didn't also gain write access?
What if they started selectively deleting voter registrations from a given
party? Or changing the party affiliation to obstruct primary voters?

~~~
tunap
You just nailed the unspoken vulnerability with the hand count of paper
ballots. Despite obvious intent, it is scary how many ballots are dismissed by
the colluding parties' representatives.

------
blasteye
Just have a SMS message texted to voters once their vote is counted with a
link to a scan of their paper ballet. Would make voter fraud a bit harder as
each person could validate their vote was correctly counted. If the voter
doesn't get their SMS, then provide a 1800 number for them to figure out what
happened. This would only stop the changing and non counting of a real voter,
but does not stop fake voters from adding their vote....which would need a
diff fraud protection scheme.

~~~
pjc50
Voters must not be allowed to _prove_ to others how they voted. That's also a
disaster scenario of a different kind. Not just vote selling but voter
intimidation.

~~~
ianferrel
Hasn't that ship sailed?

We're all carrying cameras into the voting booth.

~~~
brassic
Here in the UK you can ask for a replacement ballot paper if you make a
mistake.

So you vote for candidate A, photograph it, swap it for a replacement ballot,
vote for B, photograph it, etc. and get paid by all the candidates.

Except the candidates know that a photo of a ballot paper proves nothing.

------
ourmandave
Ha! Let's see those gerrymanders in AZ try and redraw the lines around
Chelyabinsk, eh Komrades!

------
camillomiller
Somebody should throw some blockchain at the remote voting problem and see
what happens

~~~
Keverw
Yeah I was thinking blockchain based voting would be cool but how do you hand
out keys to people, how to make it easy for anyone and then what about privacy
if who you voted for is recorded in the blockchain.

~~~
logfromblammo
You mail out postcards to registered voters with their asymmetric private key
obscured by an opaque scratch-off covering, and a plainly visible public key.
If the scratch-off is not intact, the voter requests another via website form,
or shows up in person at an office in the county seat. The registration office
revokes the key pair for the original card and issues another.

This key is the voter's identity-linked private key.

The registration office then sends a list of public keys without any
identifying information information to the ballot office, who encrypts a
separate anonymous blockchain key with each public key, and publishes the
entire list of results paired with the hash of the blockchain key.

The voter then attempts to decrypt each entry with their private key, and then
hash the result. When the hash matches, that is the voter's anonymous
blockchain key. Each voter has to make, at most, a number of attempts equal to
the number of registered voters in their district before finding their own
key.

The ballot office can verify that each blockchain key for that election
belongs to a registered voter, but cannot say which one. The registration
office can verify that each registered voter has a blockchain key available
(by counting), but cannot even tell who bothered to decrypt their key and vote
with it, much less what anyone in particular voted for.

~~~
camillomiller
Very interesting, but it should come down like two or three orders of
difficulty if we want anybody to even remotely attempt something like that.

~~~
logfromblammo
Going down three orders of difficulty would put us back to dropping colored
stones into a jar.

Can you at least identify the bottleneck that makes this system infeasible, in
your opinion?

------
bsbechtel
Would a 2-factor voting model help resolve some of these issues?

------
1024core
My tinfoil-hat wearing twin would like to claim that groundwork is being laid
for a massive election fraud this november.

------
xxdesmus
Dear Yahoo.

Look up the definition of TLP:AMBER. You weren't supposed to publish this you
asshat.

Love, People who understand TLP

~~~
0xffff2
Yahoo is (among other things) a news organization. Of course they are going to
publish this, it's clearly newsworthy. Presumably for Yahoo to get ahold of
the PDF in the first place, someone else that wasn't supposed to share it did
so, but that's not a reason to be mad at Yahoo.

------
philip1209
Yet, voting is still not under the purview of the Department of Homeland
Security.

------
headShrinker
> The FBI bulletin listed eight separate IP addresses that were the sources of
> the two attacks and suggested that the attacks may have been linked, noting
> that one of the IP addresses was used in both intrusions... “Attempts should
> not be made to touch or ping the IP addresses directly.”

The whole thing just sounds so basic and rudimentary. They didn't spoof ip
addresses or cover their tracks. Then FBI has to remind techs not to contact
the hackers directly by resolving the ip. It reminds me that we are a sitting
duck if someone with skills wants to do damage.

~~~
heartbreak
Just because they used the same IP twice doesn't mean the IP address
corresponds directly to an ISP account paid for by the attacker(s). Could just
be a zombie or any of a dozen other means of misdirection. It's a safe
assumption that the FBI is competent in these matters and knows a lot more
about this than they're saying even in this leaked document.

~~~
neom
"It's a safe assumption that the FBI is competent in these matters" LOLOL, ok.
Clearly you've never listen to James Comey talk at length on, well, any
subject at all.

~~~
heartbreak
It's also safe to assume that the FBI Director is not in the weeds on highly
technical investigations like this.

~~~
neom
I mean the guy is a bumbling fool, so I can't imagine he knows how to build a
team of competent technologist,something you tend to be charged with doing
when you're the director. His congressional hearing talks are embarrassing.
_eyeroll_

