Sunday, August 12, 2018

Tensions Flare as Hackers Root Out Flaws in Voting Machines


Hackers at the 2018 Defcon Computer Security Conference believe they can help prevent Manipulation of U.S. Elections. Some Election Officials and Makers of Voting Machines aren’t so sure.

That tension was front and center at Defcon’s Second-Annual Voting Village, where Computer Hackers are invited to Test the Security of commonly used Election Machines. Organizers see the Event as an early Test of U.S. Election Security and a Counterpunch to potential outside Interference. On the First day of the Event, which runs through Sunday, Hackers were able to Swap out Software, Uncover Network Plug-Ins that shouldn’t have been left Working, and Uncover other ways for Unauthorized actors to Manipulate the Vote.

These Hacks can root out Weaknesses in Voting Machines so that Vendors will be pressured to Patch Flaws and States will Upgrade to more Ssecure Systems, Organizers say. Yet some Manufacturers and Security Experts believe the Hack-a-Thon is unlikely to uncover the type of Real-World issues that would come up in an Election. “Anybody could break into anything if you put it in the middle of a floor and gave them unlimited access and unlimited time,” said Leslie Reynolds, Executive Director of the National Association of Secretaries of State.

But the Vendors Failed to see the Benefit of Free Q&A, Quality Assurance for Preventing Mistakes and Defects in Software and Manufactured Products and Avoiding Problems, of their Products.

Election Systems & Software LLC, a Leading Manufacturer of Voting Equipment, was reluctant to have its Systems Tested at the Conference. The Company played down the expected findings from the Event in a Letter to Customers. Hackers “will absolutely access some voting systems internal components because they will have full and unfettered access to a unit without the advantage of trained poll workers, locks, tamper-evident seals, passwords, and other security measures that are in place in an actual voting situation.”

Kathy Rogers, Senior Vice President of Government Relations for ES&S, said the Letter was sent “in response to numerous inquiries by our customers as to what equipment might be at Defcon and what they might expect.” In the Letter, ES&S also warned Election Officials ahead of the Conference that Unauthorized use of its Software Violated the Company’s Licensing Agreements, according to a Copy of the Letter viewed by The Wall Street Journal. Voting Village Organizer Jake Braun Disagreed with this Interpretation of the Agreements.

The States and Vendors are making a Mistake by not Participating in the Voting Village, which Amounts to a thorough Security Test for any Machine involved, Mr. Braun said. “This is not a cyber-mature industry,” he said. Some State and Local Election Officials at the Conference said the Companies that Sell Voting Equipment are more interested in Maintaining their Profit Margins than Improving the Security of their Machines.

ES&S had Two Employees attend Defcon to “learn about any ideas for enhancements to voting security,” Monica Tesi, a Spokeswoman for the Company, said. Making Voting Equipment available to “potential bad actors, foreign or otherwise,” could harm National Security, Ms. Tesi said, adding that Defcon has No Security or Identity Requirements and that anyone who pays the $280 Registration Fee can enter.

Braun disputed the Assertion that the Voting Village Hacking could threaten National Security, saying it would be naïve to assume that Russia wasn’t already looking for Voting System Flaws. “I think it would be a national security threat not do so it,” said Braun.

Jeanette Manfra, a Senior Cybersecurity Official at the Department of Homeland Security (DHS), said that Security Researchers at Defcon were doing important work by finding Vulnerabilities in Voting Systems that could be used by Bad Actors. But she said she sympathized with concerns from Election Officials that the Vote-Hacking Village could Unintentionally Lower Public Confidence in American Elections, considered a Chief Goal of Russian Interference.

Voters should worry about the 22 States that don't have a Paper Backup in All or Some of their Voting systems and can't be Audited or perform a Valid Recount.

“You want companies to be building more secure products, but at the same time the public doesn’t necessarily know the full picture,” Ms. Manfra said. “If all you are saying is, ‘Look, even a kid can hack into this’, you’re not getting the full story, which can have the impact of having the average voter not understanding what is going on.” “It’s really, really difficult to actually manipulate the vote count itself,” she said.

But it’s still worth Uncovering any potential Security Flaws in these Machines, because there are plenty of others, Organized Criminals for example, who might want to Throw an Election, said Joseph Lorenzo Hall, Chief Technologist with the Nonprofit Center for Democracy & Technology. “Everybody’s talking about Russians, but we have to be clear that there are other threats here,” said Hall on Friday while mingling with Hackers at the Defcon Voting Village.









NYC Wins When Everyone Can Vote! Michael H. Drucker
Digg!

No comments: