WordPress database error: [Table './sarvajan_ambedkar_org/wp_comments' is marked as crashed and should be repaired] SELECT ID, COUNT( comment_ID ) AS ccount
FROM wp_posts
LEFT JOIN wp_comments ON ( comment_post_ID = ID AND comment_approved = '1')
WHERE ID IN (4743)
GROUP BY ID
Free Online FOOD for MIND & HUNGER - DO GOOD 😊 PURIFY MIND.To live like free birds 🐦 🦢 🦅 grow fruits 🍍 🍊 🥑 🥭 🍇 🍌 🍎 🍉 🍒 🍑 🥝 vegetables 🥦 🥕 🥗 🥬 🥔 🍆 🥜 🎃 🫑 🍅🍜 🧅 🍄 🍝 🥗 🥒 🌽 🍏 🫑 🌳 🍓 🍊 🥥 🌵 🍈 🌰 🇧🇧 🫐 🍅 🍐 🫒Plants 🌱in pots 🪴 along with Meditative Mindful Swimming 🏊♂️ to Attain NIBBĀNA the Eternal Bliss.
Free Online FOOD for MIND & HUNGER - DO GOOD 😊 PURIFY MIND.To live like free birds 🐦 🦢 🦅 grow fruits 🍍 🍊 🥑 🥭 🍇 🍌 🍎 🍉 🍒 🍑 🥝 vegetables 🥦 🥕 🥗 🥬 🥔 🍆 🥜 🎃 🫑 🍅🍜 🧅 🍄 🍝 🥗 🥒 🌽 🍏 🫑 🌳 🍓 🍊 🥥 🌵 🍈 🌰 🇧🇧 🫐 🍅 🍐 🫒Plants 🌱in pots 🪴 along with Meditative Mindful Swimming 🏊♂️ to Attain NIBBĀNA the Eternal Bliss.
DEFCON Hackers Found Many Holes in Voting Machines and Poll Systems
By Mark Anderson
Posted
Photo: Steve Marcus/Reuters
A hacker tries to access and
alter data from an electronic poll book in a Voting Machine Hacking
Village during the Def Con hacker convention in Las Vegas, Nevada, on 29
July 2017.
E-voting machines and voter registration systems used widely in the United States and other countries’
elections can readily be hacked—in some cases with less than two hours’
work. This conclusion emerged from a three-day-long hackathon at the
Def Con security conference in Las Vegas last weekend. Some of those
hacks could potentially leave no trace, undercutting the assurances of
election officials and voting machine companies who claim that virtually unhackable election systems are in place.
Def Con,
an annual computer hacking conference celebrating its 25th year, hosted
its first Voting Machine Hacking Village this year. In it, conference
attendees were given access to many of the most popular voting machines
and voter registration tracking systems in use around the world today.
And before the Hacking Village organizers were even finished with their
opening morning introductory remarks, a Danish hacker in the audience
had already broken into one of the target machines wirelessly.
Soon after on the same morning, a second group in the room wirelessly hacked into a popular electronic poll book system, responsible for storing and maintaining voter registration information. In
total, the inaugural e-voting hackathon turned up at least 18 new
vulnerabilities to e-voting and e-poll book systems. (This may be a
conservative estimate, as the hacks discovered at the Village are now
being verified and studied before they’ll be compiled and counted as
legitimate new hacks.)
“We have shown it over and over again that electronic voting is currently beyond our technical capabilities” —Harri Hursti, Hacking Village at Def Con
“These people who hacked the e-poll book system, when they came in
the door they didn’t even know such a machine exists. They had no prior
knowledge, so they started completely from scratch,” says Harri Hursti, Hacking Village co-coordinator and data security expert behind the first hack of any e-voting system in 2005.
The Danish hacker, Hursti added, also had no prior knowledge about
the e-voting system he hacked. Both hacks, Hursti says, undermine
critics who have claimed that computerized election system hacks are too
elaborate and unrealistic to be used in real world settings.
“I hacked the same e-poll book system in 2007,” Hursti says. But it
took him two weeks instead of the few hours it took hackers last
weekend.
One big difference between now and then is a key rule issued in October 2015, by the U.S. Copyright Office. That rule established
that hacks to e-voting and electronic vote counting and tabulating
systems are allowable under the Digital Millennium Copyright Act—so long
as those hacks are used for research purposes.
Prior to 2015, Hursti says, the DMCA restricted e-voting machine
access to hackers. And those few like Hursti who could access them had
to ensure that the machines were not altered in any way that might
affect their performance or void their warrantees.
So, realistically, the Hacking Village couldn’t have happened anytime
before the Copyright Office’s DMCA e-voting machine exemption, Hursti
says.
The restricted access that real-world hackers previously had to
voting machines made the weekend something of an opening of the
floodgates. As Village co-organizer Matt Blaze, associate professor of
computer and information science at the University of Pennsylvania, tweeted, “Overheard more than once (at the Hacking Village): ‘Wait, it can’t be that simple, can it?’”
Another attendee added, “Default passwords, man. Default passwords. #votingvillage”
One disturbing aspect of a number of attacks was that a hacker might
be able to cover their tracks. The untraceability of such hacks is
nothing new. Hursti recalls an interaction he had with Ohio’s then-Secretary
of State Jennifer Brunner, who he says assured him there was not a
single incident of any e-voting machine ever being hacked.
“I said if you continue to use these machines, that will always
remain true,” Hursti says. “These machines have no capability of
providing you any kind of evidence whether they were not hacked or
hacked. There’s no protective locks, there’s no forensic evidence
gathering. There’s absolutely nothing. The machine cannot prove it’s
been hacked.”
And while this year’s Hacking Village concentrated on voting’s
front-end—the e-voting machines and e-poll registration systems used at
polling places—there are other spots for hackers to attack.
“There has been a lot of interest in the voting machines, because
that’s the customer-facing side. That is the machine the voter sees,”
Hursti says. “That is just the tip of the iceberg. The whole system is
the election management system, the ballot originating system, the
tallying system, the reporting system, the voter registration system,
the e-poll books. That is a humungous amount of infrastructure.”
Future DEF CON Voting Machine Hacking Villages plan to tackle such larger election cybersecurity challenges, the organizers say.
In the meantime, Hursti is advocating for a return to a smart paper-ballot and scan machine system, plus regular audits.
“A lot of these electronic voting machines are software unfixable,”
he says. “The problem is in the hardware design. The problem is in the
architecture. There’s nothing you can do in software to really fix
them.”
On the other hand, Hursti disagrees with some e-voting critics who
overcompensate and advocate a return to hand-counting paper ballots.
“That is stupid,” he says. “Humans are extremely error prone. Humans
have the capability of being dishonest. So paper ballots with the
responsible use of technology—meaning, optical scan machines, software
analyzing, and an audit process which will verify the machine-produced
results. And whether the audit process is purely human, or by software
and other scanners, those are other questions. Different jurisdictions
will pick up different answers.”
“The sad part here is in 10 years nothing really has happened, except
that the [voting officials] have moved on,” he says. “And we have shown
it over and over again that electronic voting is currently beyond our
technical capabilities… if we keep auditability and secrecy and privacy
of the ballot, then we cannot have electronic voting. That’s a full
stop.”
The
problem can be solved quickly by holding the voting machine manufacture
liable. Right now, they have nothing to loose because the public has
been lead to believe that there is nothing we can do about hacking.
There is. Design secure hardware and software. It is the right thing
to do. Not the cheap thing to do.
In
the last paragraph, when he says “…electronic voting is currently
beyond our technical capabilities…” is he referring to the us, humans,
with our current technology, cannot deploy an adequate (in every
aspect) electronic voting system?
Ten
years? We’ve been pointing this out since the 1990s. Black Box Voting
actually trained a **chimp** to change vote totals on one of the site
tabulators, and the change was entirely undetectable.
The optical scan readers are every bit as hackable (if not more so) than the touchscreen machines.
Edit:
In most jurisdictions the only way to audit paper ballots is with a
court order, and the only way to get the court order is first show the
paper ballots were altered or miscounted. A deliberately created
chicken/egg problem.
It
entirely depends on the state/county/city. That’s why I said “In most
jurisdictions”. There is no national standard, and that’s deliberate on
the part of the politicians. Chaos is easier to manipulate.
I
disagree that “the only way to audit paper ballots is with a court
order”. A Board of Elections does not need a court order to take paper
ballots out of one counting machine and either put them through another
or even hand count the ballots from a sample of machines. They could
even put ballots from numerous machines through a second set of
machines; hand count some sets to confirm accuracy; then send all ballot
sets through the audit machines.
SUBSCRIBE OUR CHANNEL = https://www.youtube.com/channel/UCaIi… Video Credits goes to : https://www.youtube.com/channel/UC7Id… SHARE this video and comment below your views and Don’t forget to subscribe this CHANNEL. SUBSCRIBERS Aim: 5000 ====================================================== These Big Politicians are against EVM Machine Results - EVM Fraud Scam के लिए सवाल उठाने वाले नेता https://www.youtube.com/watch?v=T1tmn… ====================================================== Supreme Court ने EVM Fraud Scam पर कर दिया फैसला - देखें पूरा वीडियो - Arvind Kejriwal ने बताया https://www.youtube.com/watch?v=ZZt_M… ====================================================== क्या
ABP news, Aaj tak news, India tv News और Zee News जैसे बड़े News
Channel EVM Tampering or EVM Fraud Scam को छिपाने की कोशिस कर रहे है | Supreme Court ने माना EVM में कराई जा सकती है गड़बड़ी | EVM Fraud Scam की जांच होनी चाहिए या नहीं ? https://www.youtube.com/watch?v=UJmmL… ====================================================== EVM Fraud Scam से देश के नागरिकों में भड़का BJP और PM Narendra Modi के खिलाफ गुस्सा https://www.youtube.com/watch?v=TVHzq… ====================================================== How to Hack EVM Machine | Hacked EVM Machine, How it works | 2 Methods to hack | UP Election https://www.youtube.com/watch?v=pJFa4… ====================================================== THIS VIDEO IS NOT IN SUPPORT OR AGAINST OF ANYONE: Give
your comments and views below without using abusive words, just stay
calm and give your views in acceptable manner as a good citizen of your
countries. BJP won due to EVM machine SCAM, allegations by
Oppositions. UP: Fraud in EVM Machine By BJP explained in detail ईवीएम
में कैसे हुई गड़बड़ी- मायावती का सनसनीखेज खुलासा/MAYAWATI BLAMES FRAUD
IN EVM BJP tampered with EVMs, alleges Mayawati; asks for fresh polling by ballot papers “Most
votes in Muslim majority constituencies have gone to BJP, makes it
evident that voting machines were manipulated,” said Mayawati.
uttar
pradesh elections 2017, up polls, mayawati akhilesh yadav, bsp,
samajwadi party, indian express news, india news, elections updates BSP Chief Mayawati (File Photo) Not
ready to accept defeat in Uttar Pradesh, BSP chief mayawati accused the
BJP of tampering with the EVMs and demanded fresh poll with the use of
ballot paper. The BJP is likely to secure a landlisde victory in the
state, according to the latest trend. But Mayawati alleged that the
voting was fudged and accused the BJP and its workers of tampering with
the electronic voting machines. She said that she will write to the
Election Commission to conduct a fresh poll in the state. “The
results in UP and Uttarakhand are surprising and not palatable to
anyone…it seems EVMs did not accept votes polled for any party other
than BJP,” said Mayawati, whose Bahujan Samaj Party has fared poorly in
Revert back to paper ballots to save Democracy as the fraud EVMs
negates the Universal Adult Franchise provided by our Modern
Constitution.
The ex CJI Sathasivam had committed a grave error
of judgement by ordering that the EVMs could be replaced in a phased
manner as suggested by the ex CEC Sampath. Only 8 out of 543 Lok Sabha
seats in 2014 were replaced that helped the Murderer of democratic
institutions (Modi) to gobble the Master Key. In Uttar Pradesh Assembly
elections only 20 out of 403 seats were replaced helping the BJP (Bahuth
Jiyadha Psychopaths) to corner power. The very fact that the EVMs had
to be replaced is itself a clear proof that the EVMs are tamperable. 80
democracies have discorded these fraud EVMs. The ex CJI never ordered
for Paper Ballots to be used till the entire EVMs were replaced.
The Supreme Court must order for dissolving the Central and the state
governments selected by these fraud EVMs and go for fresh polls with
paper ballots. Then the BJP will not even get 1% of the votes polled. In
Uttar Pradesh Panchayat Polls with paper ballots the BSP won majority
of the seats while it lost in 2014 Lok Sabha elections and the Assembly
elections which is nothing but a practice of untouchability requiring
punishment to the ex CJI, ex CEC, Modi and Yogi under atrocities act to
save equality, liberty and fraternity as enshrined in our Modern
Constitution.
Comments:
Amit Kumar How does “no right to decide how to vote” even come into the picture? Why not just say that the ruling party is afraid of fair elections via VVPAT?
Indian
This govt is too suspicious with his approach. VVPAT will further increase the transparency.
Ramesh Raioneramballi
The elections itself are costly affairs.So why worry over spending
pittance on Vvpat units.Is it not a diabolic idea to continue in power for ever?
Murderer of democratic institutions (Modi) can spend 3000 crore for a
statue of an anti-Modern Constitution leader. But not for replacing the
fraud EVMs.
Neena Sharma Sorry GOI the voters will decide how they want to vote.
Had the Govt been transparent in its responses to voters suspicions
about the invincibility of these EVM’s this situation may not have
arisen. But the ridiculous hackathon condition the EC laid down before
hacking experts in Delhi this year, telling them that they could not
touch the machines nor would the software be explained leaves us with no
choice but to view the Govt with extreme suspicion. In California last
month the authorities allowed hackers to inspect their EVM”s and also
explained the soft ware after which the hackers hacked the machines in
minutes ! So these machines are hackable so VVPATS must be mandated or
no elections allowed to be held. This is final , this Govt will have to bend or face large scale boycott…
The source code of the software is in the hands of people from outside
our country. Even the EC are not accessible to the source code which has
to be made public in a Democracy.
The Supreme Court must order for making the source code of the software public to save Democracy.
That’s pretty much worrisome, to put it rather mildly.
And it also amounts to negating the commitment made by the EC to use
VVPAT machines with all EVMs in the coming Lok Sabha poll (ref., e.g.:
‘VVPAT machines at every polling booth by 2019 general elections says
imran479 Aug 10 They will change their mind once BJP starts to lose elections.
arshervani Aug 10 Yes, Imran Saheb, Just as the other “they” first boasted that “They” have brought EVMs and kept extolling its magnificence but changed their minds when they started losing. Netas are netas, the same johnny is this side today, that side tomorrow. No use calling anyone communal or secular even. There is hardly anyone who is even communal honestly, genuinely. Where to look for someone “secular” honestly, genuinely. That’s why I like NOTA better than Neta. Exceptions, as always, only prove the rule. Rashid
Hackers Were Able to Breach — and Then Rick-Roll — a Voting Machine
byAlyssa Newcomb
“Never gonna give you up, never gonna let you
down,” Rick Astley sings in his 1987 hit. But the voting machine the
song was blaring from at the Def Con security conference in Las Vegas
sure did.
Hackers were able to successfully “Rick-Roll” a
WinVote voting machine at the Def Con cyber security conference this
weekend. Video of the hack, which was shared on Twitter, provides a
stunning reminder of how nothing is ever truly safe from hackers.
“Never gonna give you up, never gonna let you
down,” Rick Astley sings in his 1987 hit. But the voting machine the
song was blaring from at the Def Con security conference in Las Vegas
sure did.
Hackers were able to successfully “Rick-Roll” a
WinVote voting machine at the Def Con cyber security conference this
weekend. Video of the hack, which was shared on Twitter, provides a
stunning reminder of how nothing is ever truly safe from hackers.
“The need for us to get our act together on
cyber security and get much better at it is becoming very acute,”
Michael Daniel, president of the Cyber Threat Alliance and former cyber
security coordinator in the Obama Administration, told NBC News.
From connected home devices to voting machines
and cars, thousands of hackers spent the past week in Las Vegas sharing
research and discussing the future of hacking at the Black Hat and Def
Con security conferences. But this year’s message was striking: We have
to do better.
A
conference attendee checks the schedule on his phone as he waits for a
keynote address during the Black Hat information security conference in
Las Vegas on July 26. Steve Marcus / Reuters
Finding the problems is the relatively easier
part. The harder part, according to security professionals, is designing
defenses.
The research presented is essentially a
glimpse into the future and “tells us what is going to happen in the
next 12 to 18 to 24 months out,” said Jeremiah Grossman, chief of
security at SentinelOne.
“In many ways, the attack research is easy.
Now we need to start designing and deploying the defenses,” he said.
“That is the hard part. That’s where we need time. But if we don’t talk
about the attacks, when it’s not allowed, that’s when we have problems.”
Grossman was referring to a Moroccan hacker living in France who was reportedly denied entry to the United States to give a scheduled Black Hat talk.
The public’s perception of hacking — what it
is and how it can harm people — has also undergone a metamorphosis in
the past year. While there will likely always be black hat hackers who
are happy to snag your credit card information and passwords, there’s
also an intense focus on how other countries may be using hacking to —
say — meddle in an election.
“Cyber operations and the use of cyber
capabilities as a tool of state craft is here to stay. It is a fact of
life in the 21st century and one of the things we as societies need to
figure out,” Daniel said. “We need to figure out how to get some rules
of the road surrounding the use of those capabilities so they don’t
become inherently destabilizing to the international system.”
With the fake news scourge and bots running
rampant online, Chris Wysopal, chief technology officer at Veracode,
said the security community can use its expertise to help.
“It’s not something we traditionally think
about — people using info systems to target individuals with fake news
or whatever,” Wysopal said. “Usually intelligence agencies think about
nation states and we don’t, but I think we could have a role to play
there on how systems can be misused to manipulate people.”
“It’s a little too new for this community to
start doing anything about it, but hopefully by the next election we can
start thinking about designing systems that can detect when you are
being targeted by a bot,” he told NBC News.
At Def Con — an annual hacking conference held in Las Vegas —
hackers were given the rare chance to crack into US voting machines. It
took one person just 90 minutes to hack in and vote remotely on one of
the machines.
Voting Machine Hackers Have 5 Tips to Save the Next Election
American democracy depends on the sanctity of the vote. In the wake of the 2016 election, that inviolability is increasingly
in question, but given that there are 66 weeks until midterm elections,
and 14 weeks until local 2017 elections, there’s plenty of time to fix
the poor state of voting technology, right? Wrong. To secure voting infrastructure in the US in time for even the next presidential election, government agencies must start now.
At
Def Con 2017 in Las Vegas, one of the largest hacker conferences in the
world, Carsten Schurmann (coauthor of this article) demonstrated that US election equipment suffers from serious vulnerabilities.
It took him only a few minutes to get remote control of a WINVote
machine used in several states in elections between 2004 and 2015. Using
a well-known exploit from 2003 called MS03-026, he gained access to the
vote databases stored on the machine. This kind of attack is not rocket
science and can be executed by almost anyone. All you need is basic
knowledge of the Metasploit tool.
WIRED OPINION
ABOUT
Carsten
Schurmann is an associate professor at the IT University of Copenhagen.
He is an election technology expert and is heading the DemTech, a
research project that investigates how the use of technology in the
election process affects voter trust. Jari Kickbusch is a journalist,
author and member of the DemTech team. Schurmann and Kickbusch have
observed elections in Egypt, Australia, Norway and Estonia, and the
United States during 2016 presidential election.
Had Schurmann hacked the WINVote during an
election, he could have changed the vote totals stored on the machine,
observed voters while they were voting or simply have turned off the
machine during voting day to cause havoc. This is not exactly the kind
of news that increases public trust in election results. But the really
bad news is that since the WINVote voting machine does not provide a
paper trail, the manipulations of database would not have been
detectable. The same goes for many of the voting machines still in use,
which prevent auditors from checking that the votes reflect voter
intent.
All of this poses a threat against the
heart of US democracy. The people responsible for maintaining and
updating these outdated and vulnerable devices are obliged to take steps
to rectify the shortcomings and to minimize the risk of disruption
through cyber-attacks. Reiterating that everything is secure and safe
enough will not do. Here are five recommendations on how to tackle this
challenge:
1. Retire old and outdated voting machines.
A
voting machine is outdated when it has known security holes. For
example, other hackers at Def Con 2017 demonstrated that the Diebold
Express-pollbook is exposed to the openSSL vulnerability CVE-2011-4109.
Outdated voting machines should either be updated or dumped.
Furthermore:
We know from history that all voting machines can be hacked. Voting
machines that do not produce a voter verifiable audit paper trail should
be decommissioned. In the end paper gives election officials a way a
deliver a correct result, even if the technology fails due to hacking
attacks, system malfunction, or power outages. If cost is prohibitive,
revert to pencil and paper or older non-electronic equipment.
2. Secure voter registration systems and voter databases against hacking attacks.
To
ensure that hackers cannot steal or alter voter registrations requires
that the data is encrypted and that the cryptographic keys are carefully
curated. Adjust administrative processes to minimize the risk of data
leakage and unauthorized access. Harden the security of the database
systems, for example, by deploying them only on secured and dedicated
servers.
3. Require risk limiting audits for any precinct that uses electronic voting machines.
A
risk-limiting audit is a statistical method to verify an election
result and to detect vote tempering independent of the voting machine
technology. By picking a truly random sample of the paper trail of
suitable size and inspecting it, one can gain confidence in the
correctness of the election result.
4. Adjust the rules of procurement and maintenance of election voting systems.
Policies
and laws should reflect that voting machines are used in an
ever-changing environment, which is under the adversary’s control. Hence
a continuous delivery and installation of security patches should be
mandatory. An up-to-date voting machine decreases the risks of hackers
disrupting the voting day activities.
5. Improve training of polling station staff.
Election
officials need to be able to handle cryptographic keys and to protect
them in the face of social engineering and other hacking attacks. Most
people could master this after attending a one-day workshop, which
covers the basics of IT security.
In the
current geopolitical climate protecting the election technologies
against hacker attacks is tantamount to protecting the integrity of the
election. Many counties have already made good progress. In Colorado
risk-limiting audits are required and in Maryland paper trails are
mandatory. Unfortunately, it seems unlikely that every state can be
completely secured within the next 66 weeks. However, taking the first
steps toward legislating for risk-limiting audits and hardening the
security of the systems in use should be achievable everywhere.
Today’s topics include a demonstration by hackers
at DefCon on voting machine vulnerabilities; new U.S. cyber-security
legislation that could help reassert Fourth Amendment rights; Microsoft
previewing phone-friendly features in the Windows 10 Creators update;
and Aqua Security revealing developer security risks with Docker
containers.
Last week’s DefCon 25 hacking conference in Las Vegas
showcased a Voting Village that gave attendees the opportunity to
attempt to exploit weaknesses in voting machine designs.
A number
of security researchers were successful in their attempts, including
Carsten Schurmann, who was able to gain remote access to a WinVote
machine that was actually used in a local election in 2014. The system
had an open port that allowed Windows Remote Desktop sessions, according
to Schurmann, adding that the port was discovered simply by running the
open-source Wireshark network packet capture program.
Other
hackers in the Voting Village also used Wireshark to compromise voting
machines that had known vulnerabilities simply with the open-source
Metasploit penetration testing framework.
Senators Mike Lee and Patrick Leahy have introduced the Senate
version of a bipartisan bill to modernize the Electronic Communications
Privacy Act. The new bill, which would modernize the original ECPA to
require warrants for access to electronic communications such as email,
also adds a requirement for a warrant for location information.
The original House bill, the Email Privacy Act, did not cover location information.
The
bill, which if passed, would need to go to a conference committee for
reconciliation. While the bill appears to have broad bipartisan support,
it still needs to go the relevant committees before it will be
considered by the full Senate. The bill also allows for suppression of
evidence in cases where the information was obtained in violation of the
ECPA.
At its Build developer conference in May, Microsoft teased
some features in the upcoming Windows 10 Fall Creators Update that will
allow users to resume on an iOS or Android device tasks they started on a
PC and vice versa. Now, some users can take an early, if limited, peek
at those phone-friendly features and the cross-device experiences they
enable with the release of build 16251 to the Windows Insider program.
A
new Phone icon now appears in the Windows Settings screen, inviting
users to link their Android smartphones or Apple iPhones. For now, the
option only supports Android and is restricted to handing off mobile and
browsing sessions to PCs.
In a session at the Black Hat USA
conference in Las Vegas last week, researchers from Aqua Security
detailed vulnerabilities they found in Docker that could have put
developers at risk.
The vulnerabilities discovered by Aqua
Security have already been responsibly disclosed to Docker and were
fixed in the Docker 17.05 update released at the end of May. The flaws
specifically take aim at Docker for Mac and Docker for Windows desktop
releases for developers and could have enabled an attacker to infect a
system.
In an interview with eWEEK to discuss the findings, Sagie
Dulce, senior security researcher at Aqua Security, explained that with
Docker for Windows, the default configuration enabled anonymous access
to the Docker API through an open TCP port. As it turns out, that TCP
port could be abused by an attacker through a malicious webpage to
attack a developer.
Hacking a US electronic voting booth takes less than 90 minutes
The same machines used in US elections were easily hacked
REUTERS/Steve Marcus
By Timothy Revell
A
voting machine hacked to play Rick Astley’s “Never Gonna Give You Up”
might seem amusing – but it has a sinister sting in the tale.
At security conference DEF CON in Las Vegas last week, security
researchers proved that it is possible to access and change votes on the
same voting machines used in US elections in the time it takes to watch a movie. Some of the hacks were even carried out wirelessly.
DEF CON purchased thirty voting machines from eBay and government
auctions for the event. Ninety minutes after participants were let loose
the first machines started to fall, with vote rigging and Rickrolling
coming soon afterwards.
One of the machines was still using Windows XP, and so an exploit
that has been known since 2003 allowed people to get remote access
through its Wi-Fi system. This meant that the votes could be changed
from anywhere.
Other exploits involved prying open mechanical locks covering USB
ports or spotting the uncovered USB ports on the back. One team then
simply plugged in a mouse and keyboard to gain control of the machine.
Go open source?
Rarely do voting machines get put through a test like this. Despite
DEF CON hosting many hacking events over the past 25 years, this is the
first time they’ve hosted one specifically for voting machines.
Manufacturers do their own testing, but few make the code or machines
available for researchers or the general public to look over.
“If you make your code open source, any vulnerabilities that are found can be sorted before election day, which is good for democracy but not necessarily for the manufacturer’s reputation,” says Steve Schneider, the Director of Surrey Centre for Cybersecurity.
To counteract this governments could announce that they will only buy
voting machines with open source software. That way a competitor can’t
gain an advantage by being less transparent than another.
“One possible solution is to have end-to-end verifiability,” says Feng Hao
at Newcastle University. This uses similar techniques to those used in
encryption to give voters a verifiable receipt of their vote. If the
vote or the machine is tampered with then the receipt won’t match the
public record of votes cast, indicating that the system has been
compromised.
If security researchers find it so easy to hack voting machines, what
about nation states? There’s already substantial evidence that Russia
hacked emails from the Democratic National Committee and party leaders
during the US presidential election. French president Emmanuel Macron’s
team also suffered from cyberattacks during his election campaign.
There’s no evidence that election results have actually been directly
hacked in this way as yet, but an election is clearly a big target.
“You have the stereotype of the hacker in their bedroom, but what we
see these days is states like Russia, China, and presumably the US as
well, who have a lot of resources to throw at cyberattacks on other
countries,” says Schneider.
The worrying thing is because many countries use voting machines that
don’t have sufficient checks in place, rigging may have already gone
unnoticed. “It could have already happened and we wouldn’t know,” he
says.
Hackers will target American voting machines—as a public service, to prove how vulnerable they are.
When over 25,000 of them descend on Caesar’s Palace in Las
Vegas at the end of July for DEFCON, the world’s largest hacking
conference, organizers are planning to have waiting what they call “a
village” of different opportunities to test how easily voting machines
can be manipulated.
Some will let people go after the network software remotely,
some will be broken apart to let people dig into the hardware, and some
will be set up to see how a prepared hacker could fiddle with
individual machines on site in a polling place through a combination of
physical and virtual attacks.
At 2015’s DEFCON, hackers targeted onboard car software, and two shut down a Jeep’s brakes and transmission from miles away.
With all the attention on Russia’s apparent attempts to
meddle in American elections—former President Barack Obama and aides
have made many accusations toward Moscow, but insisted that there’s no
evidence of actual vote tampering—voting machines were an obvious next
target, said DEFCON founder Jeff Moss.
Imagine, he said, what a concerted effort out of Russia or anywhere else could do.
We shouldn’t need another reminder, but the DefCon
hacking conference in Las Vegas provided one over the weekend anyway:
Voting machines are highly susceptible to electronic attacks.
You might remember the topic of hacking elections from
such recent presidential campaigns as: last year’s. And while – this is
important – there’s no evidence that hackers manipulated actual vote
tallies in 2016, there’s every reason to believe that cyber-malefactors
will try to do just that in future.
And the DefCon gang proved how easy that would be. The
convention set up a Voting Machine Hacking Village where attendees could
see what they could do against more than 30 voting machines (procured,
no kidding, via eBay and government auctions).
It took less than 90 minutes
before a hacker was able to crack the poorly-secured Wi-Fi on one
voting machine (which is, thankfully, outdated and was apparently last
used in 2015); another programmed a machine to play Rick Astley’s
ghastly song, “Never Gonna Give You Up.” Imagine casting your vote on Election Day and getting rickrolled for your trouble.
Several groups took machines apart, others found ports meant for
election officials and plugged computers and testing devices into them
to see what [they] could gain access to. Wireless and networked hacks
were also attempted.
But much of the work didn’t involve hacking at all.
“It just took us a couple of hours on Google to find passwords that let
us unlock the administrative functions on this machine,” said Pfeiffer,
whose group was working on a touch screen voting machine. “Now we’re
working on where we can go from there.”
Yeah, as CNET’s Alfred Ng wrote: “When the password for a voting machine is ‘abcde’ and can’t be changed, the integrity of our democracy might be in trouble.”
There are reasons to not to overplay this exercise.
Obviously, you can’t sneak into a polling place and start taking apart
voting machines; and physically sabotaging one voting machine at a time
would probably not be the most efficient way to rig an election.
Cartoon Gallery
That said, any vulnerabilities in our election systems are worrisome. We know that last year hackers launched spear-phishing attacks
on at least one company that makes voting equipment and software, as
well as state and local election organizations. If a state election
system from whence the voting machines are programmed prior to the
elections is penetrated, for example, machine-level security
vulnerabilities would make it that much easier for hackers to compromise
our elections.
And the fact of voting machine’s being a weak link in our
election system is not news. “I’ve demonstrated this in the laboratory
with real voting machines – in just a few seconds, anyone can install
vote-stealing malware on those machines that silently alters the
electronic records of every vote,” J. Alex Halderman, director of the
University of Michigan’s Center for Computer Security and Society, wrote last November.
Remember that five states use voting machines which have no paper record at all
and an additional 10 use such machines at least in part. Overall,
according to Pamela Smith of Verified Voting, between 20 and 25 percent
of voters cast their ballots electronically, without any accompanying
paper record. That’s a vulnerability that needs to be closed as soon as
possible. And as I’ve written before, each state ought to do a
risk-limiting audit as a matter of course to make sure that the votes
were properly counted.
Numerous national security officials and other experts
have said that not only was Russia behind the 2016 cyberattacks on our
elections but that they are coming back; and to date the U.S. has given
Russia little reason not to do so. They’ll be back and their attacks
figure to grow in sophistication.
DefCon reportedly plans to set up a “full end-to-end
simulation of a voting network,” per USA Today, to further identify
weaknesses. That’s great news; hopefully people besides foreign hackers
are paying attention.
Nevada law requires that the e-mail address of anyone who requests an electronic sample ballot be kept CONFIDENTIAL. It may not be given to third parties. For more information, see our page about Sample Ballots or our new video
.
Polling
place Team Leaders and Asst. Team Leaders are invited to the Clark
County Election Dept.’s informational demonstrations designed for them
of the new electronic poll books and “ICX” voting machines that will be
used countywide starting in 2018. More Information
All
are invited to the Clark County Election Department’s informational
presentation and demonstration of the new voting machines and electronic
poll books that will be used countywide starting in 2018.More Information
Focus on strengthening Bahujan Samaj party at Booth Level.
Either get the complete voters list from BSP HQ
Bahujan Bhavan, No. 23 Cockburn Road,
Near Cantonment Railway Station, Bangalore -560051
WordPress database error: [Table './sarvajan_ambedkar_org/wp_comments' is marked as crashed and should be repaired] SELECT COUNT(comment_ID) FROM wp_comments WHERE comment_post_ID = 4743 AND comment_approved = '1';
