All that vigorous APT analysis and attribution hasn't been in vain! Good job, good job.
US lawmakers have formally earmarked hundreds of millions of dollars for an election security overhaul. On Monday, the Republican-controlled Senate and Democrat-owned House of Reps struck a deal to designate $425m for protecting tallies and voter rolls from tampering and snooping. The agreement is set to be formalized later …
Instead of having the votes sent "online" to the various collection points, wouldn't it be more secure to just burn a CD or two off each machine and send the CD's? If they're not online they can't be tampered with. But then the news networks, etc. would scream bloody murder because it interrupt their breathless breaking headlines.....
It isn't as though we don't have long established methods to securely send information over the internet. That doesn't require connecting the individual voting machines to the internet, just that there is a way to get the data off them.
The "right" way to do voting IMHO is either to use the scantron paper where you fill in the bubbles with a #2 pencil or use a touchscreen voting machine that outputs scantron paper that the voter then verifies and carries to the scanner. The scanner doesn't need to be on the internet, it just needs to have a memory card that can be removed and be connected to something that connects to the internet to upload its results to home base. The card should have its data encrypted with a certificate so it can only be unencrypted at home base - so no one in the precinct could possibly tamper with it nor could it be tampered with in transit.
You keep the scantron paper, and the day after the election randomly audit 2% of precincts via hand count. If the audit count differs by enough from what the scanners uploaded to home base, that triggers a manual hand count of 100% of precincts.
In oz, the entire paper election (with the preferential voting that the UK should have taken up) is done for about US$3/vote. And it is not only secure, but transparent. And here they are spending $2/vote to patch up their mess.
But I thought that the whole point of the US electronic voting system is that it was meant to be hacked. Mainly by Republican returning officers.
That's the thing I don't get, if they just said "we're going back to paper for elections" it'd be far more secure straight away. Only issue is training staff, having premises available etc but that should be relatively easy as those machines had to be placed somewhere for the vote anyway.
US elections always seem to have issued caused by technology..
Ransomware just shut down New Orleans this week and this time they suspect that the ransomware exported much of the city data before encrypting it. I see ransomware infection attempts via email virtually everyday at work and about 20% of them sail through the AV software that's supposed to stop them. I expect that the money that the US is spending will go into the pockets of companies that are just selling more insecure election machines.
We need to go back to paper ballots.
"about 20% of them sail through the AV software"
Pretty sure someone once sent me a attempted hack email to my business. It was an invoice with a MS doc or spreadsheet with macros.
Nobody sends me invoices so it was easy to see. But my provider's email scanning only lets me report missed SPAM. It tries to block viruses and suspicious attachments, but if it doesn't, you can't tell them that they missed it. :-(
When even a half-hearted attempt at encryption is enough to have US "intelligence" agencies scream bloody murder and push for legislation to ban/neuter the technology, and at the same time it seems to be "technically difficult" to the tune of hundreds of millions of dollars to make the same technology work for sending what need be no more than an annotated CSV file over the interwebs, you need to wonder...
Are those people telling porkers while being busy applying snout to trough, or are they so bloody imcompetent they should be taken to the back of the shed for the good of mankind, because they'd be a waste of oxygen even on the B-Ark..
I could make the elections system pretty much iron clad secure. Quit putting everything under the sun on the internet / cloud. For decades business and government used dedicated lines for data transmission. The electric companies even used their own power lines. And since most if not all the states don't even certify the election results until several weeks after the vote, there really is no need to instantaneous transmission of a precinct's tallies. Besides, with all the millennials and other geeks wanting nothing but to use cell phones, the phone companies could use the traffic for their POTS.
And don't forget. A net is just a bunch of holes held together with string and a cloud is just a bunch of holes held together with vapor. And everyone should already know what a web is. Just ask any spider.
Biting the hand that feeds IT © 1998–2020