Drudge Retort: The Other Side of the News
Wednesday, November 01, 2017

Some good ideas sneak into the Senate

A law bill was introduced today to the US Senate designed to safeguard American elections from hacking by miscreants or manipulation by Russian or other foreign agents.

The Securing America's Voting Equipment (SAVE) Act [PDF] would designate elections systems as part of the US national critical infrastructure, task the Comptroller General of the United States with checking the integrity of voting machines, and sponsor a "Hack the election" competition to find flaws in voting machines.

Advertisement

Advertisement

More

Alternate links: Google News | Twitter

[T]he proposed legislation would instruct the Director of National Intelligence to perform a security clearance check on the chief election official of each state and one designee, and – after they passed – would keep them updated on current and projected hacking threats.

Meanwhile, the Department of Homeland Security would be given the job of developing a threat assessment model for hacking election systems and develop a best practice guide to protect them. States would also get a grant to buy new, and hopefully more secure, voting machines....

The dire state of election machine security was amply demonstrated at this year's DEF CON hacking convention in Las Vegas. A squad of enthusiasts managed to compromise election machines with ease, either in person or remotely, to potentially alter final tallies for candidates....

Comments

Admin's note: Participants in this discussion must follow the site's moderation policy. Profanity will be filtered. Abusive conduct is not allowed.

Sorry but Republicans would never allow that to become law. Republicans depend on cheating to win elections.

#1 | Posted by danni at 2017-11-01 10:47 AM | Reply

The russians didn't hack into voting machines.

#2 | Posted by Sniper at 2017-11-01 10:57 AM | Reply | Funny: 1

If the damn things wern't hooked to the internet, they could not be hacked!!!!!!!!!!!!!

#3 | Posted by Sniper at 2017-11-01 10:59 AM | Reply | Funny: 1

@#2 ... The russians didn't hack into voting machines. ...

Whether they did or did not is not relevant to this proposed law.

What is relevant is the security of our election process.

You do want the election machines to be secure, don't you?

"... A squad of enthusiasts managed to compromise election machines with ease, either in person or remotely, to potentially alter final tallies for candidates.... "

#4 | Posted by LampLighter at 2017-11-01 11:00 AM | Reply


@#3 ...If the damn things wern't hooked to the internet, they could not be hacked!!!!!!!!!!!!!

They could not be hacked remotely, but that won't stop someone inserting a USB drive into the USB slot on the election machine and downloading malware that changes the tallies in the election machine.

The current state of the election machines is grossly insecure.

At least we are starting to move towards better solutions.

#5 | Posted by LampLighter at 2017-11-01 11:03 AM | Reply | Newsworthy 2

Aww isn't that precious.

The mental midgit thinks computers can't be hacked because they aren't hooked to the internet.

#6 | Posted by Lohocla at 2017-11-01 11:18 AM | Reply

#5 Presuming that there is an operational USB port open.

I have no issues with the law, frankly, but the solution is straightforward: make voting machines subject to the same systems engineering processes that DOD systems go through. All aspects of program security are included: supply chain, cybersecurity, software assurance, anti-tamper, anti-counterfeiting, etc... These are pretty simple systems - it wouldn't take very long for a team of DoD subject matter experts to do a vulnerability assessment and threat assessment and mitigate the risks to the attack surface. In addition to system level protections, there would be necessary policy protections, such as verifying the identity of the voter, whose credentials would need to be valid prior to allowing login to the system.

#7 | Posted by MUSTANG at 2017-11-01 11:21 AM | Reply | Newsworthy 3

They could not be hacked remotely, but that won't stop someone inserting a USB drive into the USB slot on the election machine and downloading malware that changes the tallies in the election machine.

#5 | POSTED BY LAMPLIGHTER AT 2017-11-01 11:03 AM | REPLY | FLAG:

Disable the USB port. This isn't rocket surgery.

#8 | Posted by sitzkrieg at 2017-11-01 11:22 AM | Reply

They could not be hacked remotely, but that won't stop someone inserting a USB drive into the USB slot on the election machine and downloading malware that changes the tallies in the election machine.

#5 | POSTED BY LAMPLIGHTER AT 2017-11-01 11:03 AM | REPLY | FLAG:

Disable the USB port. This isn't rocket surgery.

#9 | Posted by sitzkrieg at 2017-11-01 11:22 AM | Reply


@#5 & #7 ... Presuming that there is an operational USB port open. ... Disable the USB port. This isn't rocket surgery.

Yup, that is one easy solution. But it wasn't done.

That's why we need a better way, and this proposed law is the move in the right direction, doncha think?


... the solution is straightforward: make voting machines subject to the same systems engineering processes that DOD systems go through. ...

If the voting machines went through the same process that the Las Vegas gambling machines go through, it would be order of magnitudes better.

Think about that for a bit... the computerized slot machines go through a far, far more stringent security process than many (most?) of our voting machines go through.

From the cited article...

...If passed by both the House of Reps as well as the Senate, and signed into law by President Trump, the proposed legislation would instruct the Director of National Intelligence to perform a security clearance check on the chief election official of each state and one designee, and – after they passed – would keep them updated on current and projected hacking threats.

Meanwhile, the Department of Homeland Security would be given the job of developing a threat assessment model for hacking election systems and develop a best practice guide to protect them. States would also get a grant to buy new, and hopefully more secure, voting machines....


As I've said, its a good start.

#10 | Posted by LampLighter at 2017-11-01 11:42 AM | Reply

Advertisement

Advertisement

You do want the election machines to be secure, don't you?

#4 | Posted by LampLighter

Take them off the internet and they can't be hacked. Ore, is that too simple for you to understand.

#11 | Posted by Sniper at 2017-11-01 12:49 PM | Reply

The mental midgit thinks computers can't be hacked because they aren't hooked to the internet.

#6 | Posted by Lohocla

And you, the huge brain thinks they can. How does that work ace.

#12 | Posted by Sniper at 2017-11-01 12:50 PM | Reply

Disable the USB port. This isn't rocket surgery.

#8 | Posted by sitzkrieg

Holy crap, that just might work. But noooooooooooo, that wouldn't cost enough money.

#13 | Posted by Sniper at 2017-11-01 12:52 PM | Reply

Why would a voting machines have a USB port in the first place.

Insecure. By design. This also describes most of our election process.

Like the CrossCheck matching algorithm, which produced a list ride with false positives. By design.

#14 | Posted by snoofy at 2017-11-01 01:05 PM | Reply

Not my job to educate your dumbass.

Hell if you could actually read you would have seen at least one example posted in this thread.

#15 | Posted by Lohocla at 2017-11-01 02:11 PM | Reply

People might understand more clearly if we quit using the word 'hacked' and started talking about 'compromised'. Compromise can be hacking. It can also be an insider. It can be the guy writing zero day faults into the firmware of a microprocessor. It can be a wholesaler knowingly buying counterfeit processors from China and selling them as US OEM. It can be a programmer dropping logic bombs into code he knows won't be scrutinized. There are lots of ways to compromise a system.

#16 | Posted by MUSTANG at 2017-11-01 02:42 PM | Reply

That's why we need a better way, and this proposed law is the move in the right direction, doncha think?

#10 | POSTED BY LAMPLIGHTER AT 2017-11-01 11:42 AM | REPLY | FLAG:

Unless they're commissioning actual DEFCON attending black hats, no not really it's a waste of time and money. Better off ditching computer based voting entirely.

#17 | Posted by sitzkrieg at 2017-11-01 02:47 PM | Reply | Newsworthy 1

Take them off the internet and they can't be hacked. Ore, is that too simple for you to understand.

#11 | Posted by Sniper

Hey Einstein, there are NO voting machines connected to the internet.

They are hacked by having access to them.

A voting machine hacked to play Rick Astley's "Never Gonna Give You Up" might seem amusing – but it has a sinister sting in the tale. At security conference DEF CON in Las Vegas last week, security researchers proved that it is possible to access and change votes on the same voting machines used in US elections in the time it takes to watch a movie. Some of the hacks were even carried out wirelessly.

DEF CON purchased thirty voting machines from eBay and government auctions for the event. Ninety minutes after participants were let loose the first machines started to fall, with vote rigging and Rickrolling coming soon afterwards.

One of the machines was still using Windows XP, and so an exploit that has been known since 2003 allowed people to get remote access through its Wi-Fi system. This meant that the votes could be changed from anywhere.

Other exploits involved prying open mechanical locks covering USB ports or spotting the uncovered USB ports on the back. One team then simply plugged in a mouse and keyboard to gain control of the machine.

www.newscientist.com

#18 | Posted by donnerboy at 2017-11-01 06:25 PM | Reply

So donnie, they have to have the machines in their hands to hack them. That isn't a hack, it is damn poor security and it has to be done to every machine. WOW!!!!

#19 | Posted by Sniper at 2017-11-01 07:41 PM | Reply

The U.S. could have secure election systems but first we need the political will to do it and it simply is not there. Democrats are ready, Republicans not so much, they wouldn't be a majority if we had honest elections.

#20 | Posted by danni at 2017-11-01 10:19 PM | Reply

#20 I've already defined what has to happen to secure the machines, Danni. Everyone missed the second part: verifying the identity of the voter. I can only think of one way to do that, and that's with dual-factor authentication. The government provides half and the voter provides half. Insertable chipped ID card combined with biometric data (i.e. a fingerprint). The second factor prevents hackers from making duplicate ID cards, and the issuance of a federal voter ID would ensure the voter was authorized. There would be a lot of additional benefits. Your ID # would be linked to things like the Census, so generating voter demographic statistics would be a breeze. No more databases, no more state-by-state processes, no more arguing over voter fraud. The ID could probably also be used when purchasing a firearm. Both sides of the aisle will find pros and cons with the idea, but it certainly secures our election processes.

#21 | Posted by MUSTANG at 2017-11-02 07:45 AM | Reply

So donnie, they have to have the machines in their hands to hack them. That isn't a hack, it is damn poor security and it has to be done to every machine. WOW!!!!

#19 | Posted by Sniper

Obviously you do not work in the IT field. I do. It is still called a hack.

"Most states have their own laws regarding hacking, which is also known as "unauthorized access" of computer systems."

"Definition - What does Hacking mean?

Hacking is unauthorized intrusion into a computer or a network. The person engaged in hacking activities is generally referred to as a hacker. This hacker may alter system or security features to accomplish a goal that differs from the original purpose of the system."

And and it can be done anywhere along the chain of custody from the manufacturer to to the end user to the guy who puts them back into storage.

www.theguardian.com

And in case you are not aware (because we know you obviously are not) most hacks are actually inside jobs. Why? Because they have direct access to the equipment.

#22 | Posted by donnerboy at 2017-11-02 03:46 PM | Reply

Comments are closed for this entry.

Home | Breaking News | Comments | User Blogs | Stats | Back Page | RSS Feed | RSS Spec | DMCA Compliance | Privacy | Copyright 2018 World Readable

Drudge Retort