Not state sponsered but
we'll call him Rasputin - Russian AS in PUTIN
Or Recorded Future just like Boney M?
The US government agency charged with ensuring that voting machines meet security standards may have been compromised, according to evidence uncovered by cyber security firm Recorded Future. In a statement, the Election Assistance Commission confirmed it was investigating a potential security breach: EAC has become aware of a …
How we can we even know this is not fake news, or even a CIA operation to seed doubt and uncertainty? (The CIA is pretty good in these, running them on the national level? Yes we can!)
During the Bush years, I remember unsecure voting machines being fielded and not much peep was raised (someone raised a peep, but he later commited suicide just across the border in Mexico after telling his family he would be home soon. The FBI then forgot to take photos of the scene, or so I rememebr...)
According to local Atlanta, GA news reports it is state sponsored (http://www.wsbtv.com/news/local/more-states-confirm-cyber-attacks-sourced-to-dhs/476227320). However, it is the feral Department of Homeland (In)Security behind the attacks. I did not realize Putin was moonlighting as DHS official.
A USA government agency having a vulnerable website. News at 10.
Now if said news at 10 contain provable info on successful break in all the way to the testing and certification network and ability to upload alternative firmware, USA can frankly kiss the last election results bye-bye.
Suppose you were running a nuclear weapons storage facility (and pretend for a minute that nukes are made or serviced or painted or something by SME; I imagine this org is an ME.) Oh and public sector, which ad you know in the US means less than gold standard of security clue. Their public website gets hacked. You wouldn't worry, because of COURSE they wouldn't be mad enough to have the publicly accessible web servers on the same network as the "test this bomb exploded properly? (Y/N)" internal systems - right? Right. Because no-one ever messes that up, or has people doing generic web, mail and office docs on a network from where you can reach prod... Right? I mean, the chances of that mistake being made must be, oh, 50/1...
Would you get on a plane that had a 2% chance of crashing on its next flight? Or trust the nukes? Well, then, what odds are acceptable when it comes to hackers being able to get to this org's prod systems? Would you bet you life on it? How about 400 millipn lives?
You see my point I hope, though I've out it clumsily... (It's Friday night! *) )
I've probably misunderstood how it works and/or failed to read TFA properly but am I right in thinking this means the agency that certified the machines as secure now given the task of certifying that their certification was correct and the machinese were in fact properly certified nothing to see move along?
I have no reason to suspect the agency of anything dodgy but even if/when they find nothing wrong, there's still going to be a lot of people who really won't take their word for it because it's them darn Russkies (etc).
From various articles over the last 10+ years, I thought it was widely accepted within the IT community that the US electronic voting machines are at best about 10 years out of date regarding security practices and at worst are the Adobe of the election software industry - i.e. it looks OK, but underneath is a first gen product struggling to cope with the demands of the modern world and securing the product was done by capitalising the first letter of the admin password...
Having been involved in local body elections in a past life, I have some trust in the inherent checks and balances in at least some countries election processes. If you are relying on a start-to-finish electronic process with no ability to verify actual votes, you probably get the result you deserve....
How many hack attacks does it take before all entities understand the vulnerabilities and employ the necessary roadblocks? When script kiddies can hack into government and enterprise servers with little effort, security officials and senior management are not performing their responsibilities.
This Administration and the CIA say the "election hacking" information came from Russian hackers.
The supplier of that info, WikiLeaks, says it didn't.
I find Mr Assange more credible.
This new "controversy" seems like another action in a coordinated effort by our government to discredit the results of the past election.
Too bad the article didn't point out that each state and each of its districts have their own differing processes/systems/machines/ballots, etc.
Why wouldn't it be possible to just use a standard secured website for voting? Set up some Computer-vision software so that people can hold up their ID cards next to their faces on a webcam to verify they are who they say they are.
It'd probably be much more effective than the 60-year-old woman with severe glaucoma that checked my ID at the polling place the last time I voted in person. And it'd be a lot more secure than the mail-in ballots I typically use.
This way, they would have much better accounting with none of this voter intimidation stuff and would allow people in areas far away from polling places to actually vote. Plus, being fully digitized, the count would be instantaneous.
I've never seen anyone hack into a piece of paper from a computer and change the writing on it - paper will always be secure from digital manipulation.
technology for the sake of it is usually a waste of time and almost always presents opportunities for malicious intent.... hence I'm avoiding the move to a smart home. I like manual valves and hand operated controls.
Biting the hand that feeds IT © 1998–2021