Category: Internet Security Issues

David Jefferson: Email Voting — A National Security Threat in Government Elections

While all Internet voting systems are vulnerable to such attacks and thus should be unacceptable to anyone, email voting is by far the worst Internet voting choice from a national security point of view since it is the easiest to attack in the largest number of different ways.

Security expert David Jefferson, articulates the vulnerabilities of email voting, perhaps the most vulnerable form of Internet voting (and that is saying a lot, since all forms of Internet voting are very risky). <read>

David Jefferson is a computer scientist and researcher at Lawrence Livermore National Laboratory in California where he studies cyber security and ways to protect the nation’s military, civilian, and government networks from cyber attack.  He is also the Chairman of the Board of Verified Voting, and has been studying electronic and Internet voting for over a decade, advising five successive California Secretaries of State on voting technology issues.

Excerpts:

Neither the Internet itself, nor voters’ computers, nor the email vote collection servers are secure against any of a hundred different cyber attacks that might be launched by anyone in the world from a self-aggrandizing loner to a foreign intelligence agency. Such an attack might allow automated and undetectable modification or loss of any or all of the votes transmitted.

While all Internet voting systems are vulnerable to such attacks and thus should be unacceptable to anyone, email voting is by far the worst Internet voting choice from a national security point of view since it is the easiest to attack in the largest number of different ways.

The technical points I am about to state are not my opinions alone. The computer security research community in the U.S. is essentially unanimous in its condemnation of any currently feasible form of Internet voting, but most especially of email voting. I strongly urge legislators in states considering e-mail voting to request testimony from other independent computer network security experts who are not affiliated with or paid by any voting system vendor. Email voting is extremely dangerous in ways that people without strong technical background are not likely to anticipate.

Here are the problems with email voting:

1. Lack of privacy:

2. Vote manipulation while in transit:

3. Server penetration attacks:

4. Ballot files can carry malware into the election network:

5. Voters’ computers infected with malware:

6. Denial of service attacks:

7. Email ballots are unauditable; attacks are undetectable and irreparable:

8. Multiple simultaneous attacks:

9. These facts will not change:

10. Similar problems with FAX voting:

11. Move toward Internet distribution of blank ballots.

For these reasons I strongly urge states that do not currently provide for email voting not to start down that path. In my professional opinion this path leads only to a major risk to U.S. national security, exposing our elections to easy manipulation by anyone in the world.

Video: If you still have faith in Internet/online voting

We are not surprised that some do not trust us. What is surprising is that many still trust their intuition over the testimony of experts. For those who still have faith in the Internet we present a panel earlier this year at the Overseas Vote Foundation.

We have said it simply in an op-ed, we have pointed to a statement by technologists and presented lists of cyber attacks, but people still think Internet voting is a good idea and that technologist should be able to figure it out. We are not surprised that many still do not trust us. What is surprising is that some trust their intuition over the testimony of experts. For those who still have faith in the Internet we present a panel earlier this year at the Overseas Vote Foundation, UOCAVA Summit.<view> (the 1st first video is the introduction, which automatically links to the panelists in order)

The moderator Assoc. Prof. Candice Hoke, Cleveland-Marshall College of Law, introduces the panel and explains why taking prescription drugs is safer than internet voting.

Joe Jarzombek, Department of Homeland Security, explains the risks of purchased software and what questions elections officials need to ask vendors.

Prof. David Jefferson, Lawrence Livermore National Laboratory, describes the vulnerabilities of email, fax, and web voting and why its false to assume that since I can bank online, why can’t we vote online?

Asst. Prof. J. Alex Halderman, University of Michigan, describes his experiences creating a voting machine virus, testing Indian voting machines, and his recent attack on the Washington D.C. online voting system

Dr. Josh Benaloh, Microsoft Security, demonstrates that the central issues are verifiability and vulnerability, not limited to electronic voting. He outlines advanced methods for verifying elections, which leave most vulnerabilities in place.

Stay tuned for the Q&A at the end. It ended with a question from West Virginia officials incompletely answered.  Let me provide my response:

  • With online delivery of ballots and absentee ballot applications, the  soldier in the example could vote anytime after the ballots were available as long as he had access to an online computer with a printer.  This would solve the problem for the soldier without the risk and expense of online voting (which would also require an online computer).
  • There is an incorrect assumption in the question. It is true that we could allow a person to accept the risk that their vote would be compromised by online voting, but that is insufficient, since everyone’s vote is at risk if some votes can be compromised.

More online voting risks and opportunities for skulduggery

We have been warning of the risks of Internet voting and ignoring science since our founding. Yet, we have overlooked some of the risks, literally right in front of our nose.

Since our founding, we have been warning of the risks of Internet voting and ignoring science. We are currently amazed at our own legislators, risking military voters rights, dismissing the scientific facts and the practical evidence of the impossibility of internet voting. Yet, we have overlooked some of the risks, literally right in front of our nose.

More Risks Right In Front Of Our Nose

An ongoing story starting late last week highlights those dangers.  B. F. has a post describing intended or accidental suppression which brought those issues to my attention http://tinyurl.com/3fg2t36 (Note: We use the initials B.F. and a tinyurl intentionally and instructively, just in case you might want to bring this post to the attention of your friends through an email, post, or Facebook link.)

Here is a summary of what happened to B.F.:

If you use an AOL email address, AOL is doing you the favor of making sure you do not receive email containing any links to [B.F.’s site] in it.

Not email from a [B.F. site] address, mind you, as if I were a spammer or something (which, obviously, I’m not), but any email from anybody that has a link to this site, or to one of our news stories.

I learned this swell news early this week when someone was kind enough to let me know that their attempts at sending a link to this site to a friend bounced back to them with an error message. That error message was “HVU:B2”. What is that error?:

* 421 HVU:B2
o There is at least one URL or domain in your e-mail that is generating substantial complaints from AOL members. Resolution will require opening a support request.

That’s right, “substantial complaints” from someone, whatever that means, will result in no links to stories at [B.F.’s site] getting through to any of AOL’s millions of members. And they will never know about it.

Again, these are not even emails from [B.F’s site]. They are simply emails from anybody to any AOL email address which has my domain linked in the body of the email.

Neat, huh? I wonder what would happen if there were “substantial complaints from AOL members” about, say, FoxNews.com? Or MSNBC.com? Or NYTimes.com? Would that result in millions of members not being able to receive any email that links to anything at those sites? Sounds like a great way to [expletive verb] someone you don’t care for politically, doesn’t it?…

So far, I’ve spoken to at least 10 different AOL support people on the phone, since clicking the “support request” URL they offer in the error message seen above actually takes you to someplace on the “AOL Postmaster” that doesn’t actually give you the form you supposedly are to fill out to deal with this issue.

It took a day or two, and several more calls to more very nice AOL tech support people who told me they couldn’t help me in the slightest…

Most ironically, and so that you are open to the interpretation that these are not intended but simply the result of bureaucratic incompetence:

I finally looked up the AOL corporate website online, found the numbers for the “Corporate Media Inquiries” department, figuring I’d either get help or get an on the record comment about this mess and about the fact that AOL is censoring members emails for them, and spoke to another very nice person whom I told about the situation, explained that I was a journalist, not a spammer (and besides the notes being rejected didn’t even need to come from my address to get rejected), mentioned the irony that I even write news for Huffington Post from time to time,

But from personal experience I would call it unintentional arrogance. Over the years, I have put up with similar problems from both AOL and Google:

  • I am webmaster for a 501.c3 organization that runs annual tournaments for children.  Over the years AOL has, to my knowledge, blocked us at least twice. It took some time, each time, to realize this was happening. Both times, I did manage to get through the bureaucracy and get it fixed after some time.  Once was because a spammer used some of our email addresses.  Another time when a board member sent an email that had some key words in it that had AOL classify our site as a spammer.
  • A couple of years ago we had problems  when a couple of my WordPress sites fell victim to some WordPress vulnerabilities with  malware added from sources unknown. Malware with potential for spreading viruses.  The good news is that Google informed me and provided tools, so that it could be quickly corrected. But the bad news was that the sites were banned for several weeks from Google search results and provided users with messages that warned of the dangers of my sites.

Withing the last month, a popular news site was hacked and completely taken down such that it had to essentially be rebuilt.  And just this weekend another popular reader supported  news site sent this message to donors:

We learned that right in the middle of our spring campaign this past week that our secure credit card processor was offline for several hours on a few occasions. Donations were not processing. If you encountered this and gave up, please try again.

So what? What can we learn?

  • Incidents like these may be intentional, untended, or bureaucratic arrogance.
  • They point the way to intentional disruption.
  • They point the way to intentional disruption covered up as unintended, well meant policies. Who is against protection from spam and viruses? Asking users to report concerns?
  • In cases like AOL’s  policies, when users are able to nominate spammers, dangerous, or offensive sites, or email addresses. – these policies can be used by others to assist in their agendas. It would not take any computer expertise. Beyond the simple cases, expert unethical hackers could infect sites and use policies like Google’s to their advantage.
  • Each of these examples either went unnoticed for several days, took away capabilities for several days once they were discovered, often inadvertently.
  • No matter how noble the intention or accidental, the result can be disruption and in some cases defamation in what could be a critical time period.
  • Most of all recognize that these are common occurrences. Much more widespread than the samples that each of us is aware of or listed here.

What does this have to do with online voting and democracy?

  • Any of these problems , or similar problems, can occur to any web site, any email account, any time – including those associated with voting, campaigns, and news, all vital to democracy.
  • Voting vulnerabilities include: Online voting, online registration, campaign web sites, campaign emails etc.  The impact of such vulnerabilities varies.
  • Many solutions to speeding military and overseas voting include sending election notification and voting materials by email. These would likely come from a known url and email account, which could be blocked. Presumably any form of online voting would require notification and information be sent electronically, unless overseas voters are expected to find and keep checking the site for upcoming elections and availability of materials.
  • We all know email is unsafe, vulnerable to hacking and blocking. These vulnerabilities highlight the possibility of easier and unintentional methods of blocking email return of ballots, email used for voter registration, or email communications/questions between voters and election officials.
  • Voting itself and access by remote military and overseas voters is conducted in very short windows.  A site blocked or down for even a day can discourage/disenfranchise someone who has infrequent opportunities for internet access.

Despite the risks we remain in favor of email notification and web access to election materials for military and overseas voting, but the high risk of using the internet, email, or fax for the return of votes is unacceptable.

I agree with our current Secretary of the State, Denise Merrill in her testimony this year:

  • In the future, it is conceivable that we could move in the direction of online voting.
  • But the problem is, the technology to make sure no one can hack into an online voting system and distort the vote totals has not yet been developed.
  • We want to make voting more convenient, but not at the expense of the security or integrity of our elections…
  • …there is no on-line voting system secure enough to protect the integrity of the vote…

Virtual war a real threat…to water and democracy

LATimes reports on cyber threats to a Southern California water system. This is why we have been testifying against “online” voting and highlighting that even good size cities cannot protect their systems. Clearly each of Connecticut’s 169 towns could not afford even the expense of threat assessment of online voting systems. A good start would be vulnerability assessment of our existing paper ballot and voting machine security.

LATimes reports on cyber threats to a Southern California water system.  This is why we have been testifying against “online” voting and highlighting that even good size cities cannot protect their systems.  Clearly each of Connecticut’s 169 towns could not afford even the expense of threat assessment of online voting systems. A good start would be vulnerability assessment of our existing paper ballot and voting machine security. Virtual war a real threat <read>

When a large Southern California water system wanted to probe the vulnerabilities of its computer networks, it hired Los Angeles-based hacker Marc Maiffret to test them. His team seized control of the equipment that added chemical treatments to drinking water — in one day…

“There’s always a way in,” said Maiffret, who declined to identify the water system for its own protection.

The weaknesses that he found in California exist in crucial facilities nationwide, U.S. officials and private experts say.

The same industrial control systems Maiffret’s team was able to commandeer also run electrical grids, pipelines, chemical plants and other infrastructure. Those systems, many designed without security in mind, are vulnerable to cyber attacks that have the potential to blow up city blocks, erase bank data, crash planes and cut power to large sections of the country.

Update: New York Times post reviews several recent attacks on businesses by individuals. Clearly no reason to be assured by the by the above article’s assertion that “Terrorist groups such as Al Qaeda don’t yet have the capability to mount such attacks”. The Asymmetrical Online War <read>

“It’s a completely surreal realization that nation states can be seriously confronted by teenagers, but that’s where we’re at,” said John Perry Barlow, the Grateful Dead lyricist who co-founded the Electronic Frontier Foundation in 1990 to help defend young computer hackers. “One very smart person can take on an entire nation state.”

One can take on the security apparatus of the Web as well. In the space of a little more than a month, two computer security firms have been publicly humiliated, one by an anonymous computer hacker who claimed in an e-mail interview with a Forbes columnist to be a 16-year-old girl and a second by someone who is apparently a 21-year-old Iranian…

Hardly a week passes when there isn’t some new incident underscoring the fundamental imbalance of power in cyberspace between attacker and defender, where a highly motivated and reasonably skilled intruder, operating in secrecy from almost anywhere in the world, can with apparent ease unravel digital fortifications intended to offer banking-grade security.

In February, an executive at HBGary, a Sacramento, Calif., security software and consulting firm, made the mistake of publicly boasting that he had unmasked the identities of the members of Anonymous, a secretive collection of cyber-vigilantes who had attracted attention by launching Internet denial-of-service attacks in defense of Wikileaks. The security company, which was engaged in a series dubious business propositions, soon found that the details of its business were exposed to the world. Anonymous, whose ringleader was possibly a teenager, tricked one of the company’s systems administrators into giving them password information, making it possible to steal more than 50,000 of HBGary’s e-mail messages and placing them on a Russian web site.

Update: Man hacks Federal Reserve and other financial institutions <read>

According to court documents, Poo found a security vulnerability in the Federal Reserve’s network in June 2010, resulting in thousands of dollars worth of damages. However, it is believed that he stole the huge booty of credit card numbers and other account information from other financial institutions.

The American government claims to have also obtained extensive evidence of how Poo’s alleged criminal hacking activity targeted the US’s national security, military and financial sectors.

Efforts to make Internet secure are ineffective

Could Connecticut or any or our 169 municipalities accomplish what the U.S. Government and the Defense Department has not?

“cyber crime and cyber espionage are daily occurrences in the United States and are doing long-term damage to the nation’s economy and global competitiveness. What’s more, they set the stage for cyber attacks. ‘Some of our opponents use cyber criminals as mercenaries,'”

Last week we testified against a bill <page 9> which would have authorized online voting in Connecticut.  We have been asking:

  • Would each of Connecticut’s 169 municipalities be able to afford such systems and accomplish what Washington D.C. has not?
  • Could Connecticut accomplish centrally what Washington D.C. has not?

An article in Government Security News reminds us to ask:

  • Could any State or any City accomplish what the U.S. Government and the Defense Department has not?
  • Could Connecticut or any or our 169 municipalities accomplish what the U.S. Government and the Defense Department has not?

“What we are doing now to secure cyberspace is not working,” a House subcommittee was told March 16 by James Lewis, director and a senior fellow in the Technology and Public Policy program at the Center for Strategic and International Studies in Washington, DC…

Military establishments in some countries have the capability to launch a cyber attack on the United States…

He declared that cyber crime and cyber espionage are daily occurrences in the United States and are doing long-term damage to the nation’s economy and global competitiveness. What’s more, they set the stage for cyber attacks. “Some of our opponents use cyber criminals as mercenaries,” he said.

“Our most advanced opponents in cyber crime and cyber espionage can overpower even the most technologically sophisticated U.S. company,” he maintained.

It might take a lot to attack a highly secure military system, but it only took an accomplished professor and some graduate students a couple of days to attack the Washington D.C. voting system in a public test.

Update: 3/20/2011: For doubters, we learn today of a successful attack on a company that provides Internet encryption technology, RSA Security <read>

If we can bank by ATM, why not vote by the Internet?

The usual explanation of why its not a good idea to vote by Internet, even thought we bank by ATM is that they are different applications. However, banking is not all that safe. Today in Connecticut we have a report of the vulnerabilities of credit cards and ATM transactions in the Hartford Courant.

The usual explanation of why its not a good idea to vote by Internet, even thought we bank by ATM is that they are different applications. It we got money from ATMs like we vote then:

  • We would not get a receipt
  • The bank would send us a monthly statement saying we had transactions, but no record of amounts or distinction between deposits and withdrawals (updated)
  • And the bank would only do single entry bookkeeping – showing only transactions to their accounts, without the customer name or account identified

We would probably call that faith based banking and quickly revert to cash and mattresses.

However, banking is not all that safe. Today in Connecticut we have a report of the vulnerabilities of credit cards and ATM transactions in the Hartford Courant <read>

Thieves installed “‘fake'” card readers at the cash registers, Det. Dane Semper of the West Hartford Police Department wrote in an e-mail. The devices allowed thieves to capture bank card data, authorization codes and PIN numbers…

Last week, a Romanian citizen, Ion Preda, 22, pleaded guilty to conspiracy to commit bank fraud in U.S. District Court in Bridgeport. Preda admitted that he and others installed skimming devices and pinhole cameras at ATMs in several states, including a People’s United Bank ATM in Madison. With the account information and PIN numbers they obtained, those involved used the information to create counterfeit bank cards. The combined loss to all the banks victimized was more than $200,000, authorities said.

In a similar vein criminals could place phony voting kiosks or attack individual personal computers.  Worse still is the danger of insider fraud attacking Internet routers or servers.  In fact, the fraud in the Courant article could most easily be accomplished by credit card equipment or ATM service technicians or retail employees and managers.

Then again we could vote the way we gambol with slot machines.

Video-Cure for Internet voting – WARNING: Viewing may cause severe, permanent eInSecurity

For better and for worse the seriousness of the vulnerability goes well beyond what was reported two days ago; goes well beyond Internet voting in D.C; serious issues going well beyond voting.

Testimony earlier today by Prof. Alex Haldeman to Washington D.C. Council.  As reported two days ago Alex and his team hacked, changed votes, and played the U. Michigan Fight Song on public test of D.C.’s proposed Internet voting system.  Without their testing, the system might well have been used and possibly abused in the actual November election.

For better and for worse (*) the seriousness of the vulnerability goes well beyond what was reported two days ago; goes well beyond Internet voting in D.C; serious issues going well beyond voting.

I highly recommend taking the time to watch the video at least Alex’s testimony. which is the 1st 20min or so of the hearing.  It it is also worth taking the time to listen to the questions and answers by the other experts testifying as well. WARNING: Viewing will likely raise severe, permanent distrust in any Internet system. <Video, courtesy Joe Hall>

I challenge any election official, legislator, or any voter, to listen to the entire video, then to support Internet voting and explain why these experts are wrong.

You can also read Joe Hall’s summary of the “new key insights” <here>.  However, I strongly recommend taking them time for the video.

Update: Brad Friedman interviews Dr. David Jefferson <about 14 min in 1st hour>

Update: CNN demos and interview of Alex Haldeman <view>

Update: Washington Post editorial:  Flaws in D.C.’s online voting system should serve as a warning to all states <read>

(*) Better because there was much more demonstrated than the hacking of a single voting system. The large, apparently common risks of many government and private networks. Worse because it demonstrates really serious vulnerabilities to the infrastructure we trust for  much more than voting.

Prof. Ron Rivest, MIT: Military/Overseas Internet Voting Risks and Rewards

Yesterday, MIT Professor Ronald L. Rivest provided his analysis of Internet voting for military and overseas voters.The talk centered on the balance between risks and rewards of using Internet voting vs. paper ballots for military and overseas voting. You will find many of Ron’s slides entertaining, some a bit technical, yet all serious. The conclusions are straight-forward and convincing:

“The risks of “internet voting” more than negate any possible benefits from an increase in franchise.”

Yesterday, MIT Professor Ronald L. Rivest provided his analysis of Internet voting for military and overseas voters in an entertaining and occasionally technical slide presentation at the UOCAVA Workshop on Remove Voting Systems, in Washington, D.C  <View>

Professor Rivest is a security expert, the ‘R’ in RSA Security, and 2002 winner of the Turing Award, the highest honor in computing.  When Ron talks security, everyone including legislators and election officials should listen carefully.

The talk centered on the balance between risks and rewards of using Internet voting vs. paper ballots for military and overseas voting.  You will find many of Ron’s slides entertaining, some a bit technical, yet all serious. The conclusions are straight-forward and convincing.  Some of the highlights below, view the presentation for the details and graphics:

Evaluation Criteria:

  • Availability and usability
  • Cost
  • Staffing requirements
  • Security and auditability

Rivest points out that paper based absentee voting and mail-in voting is already risky and recommends such voting be limited –  in order to limit the overall election risk:

  • Unsupervised remote voting vulnerable to
    vote-selling, bribery, and coercion.
  • Communication with voter, and transmission
    of ballots, may be unreliable/manipulable.
  • believe remote voting should be allowed:
    • only as needed
    • for at most 5% of voters
  • UOCAVA voting meets these criteria.

The risks to democracy:

If adversary determines election outcome,
all voters are disenfranchised!

We no longer have a democracy in action…

What is “loss” when election is stolen?
Just the 100% loss of franchise?

Let’s add an additional Hall of Shame Factor (HOSF), for stolen elections. (Not only shame, but if elections are (or could be) stolen, voters may get cynical and not vote again!)

Will Adversary attack voting system?

  • Is the Pope Catholic?
  • Will someone pick up $20 left on sidewalk?
  • There is nothing to deter attacker – Adv can attack anonymously over the Internet until he succeeds.
  • Do you know of any computer systems that have never been attacked?
  • Prob(Adv will attack voting system) = 100%

Internet voting has additional security problems

  • Platform insecurity (both client and server)
  • Network insecurity
  • Set of attackers enlarged from:
    • just those who can touch paper ballots, to
    • anyone on the planet with a computer
  • Attacks can be automated, executed on a massive scale, and done so anonymously

Will they succeed?

  • Large institutions (banks, Google) are successfully attacked all the time. They have much better staff and budgets!
  • Bob Morris (NSA) said: “You will always underestimate the effort the enemy will make to break your system.”…

Who has more IT capability – your local election IT staff or the Chinese?…

  • We do not currently have the technology to make internet voting secure (and may never).
  • We can’t make such technology appear by wishful thinking, just trying hard, making analogies with other fields, or running pilots.
  • It is imprudent (irresponsible?) to assume that determined effort by adversaries can’t defeat security objectives of internet voting.

Risk Assessment Conclusion:

  • Based on this risk assessment, we expect Internet voting for UOCAVA voter to disenfranchise many more voters than it would franchise.
  • The apparent gains in franchise for internet voting are misleading and illusory—the apparent gains are more than cancelled by the risks.
  • Argument is robust — conclusion remains the same even if numbers are varied significantly. In addition, there may be a DDOS attack with probability near 100%.

Summary:

  • Remote voting is trade-off between franchise and risk.
  • The risks of “internet voting” more than negate any possible benefits from an increase in franchise.

Internet Voting Called Unfair, Not Observable, and Not Transparent

“Voting methods that utilize web-based technologies and telephone-based balloting do not allow the necessary levels of observability and transparency that exist within the current election process.”

While states prepare to risk military and overseas votes on Internet, email and FAX, the National Association of Manufacturers calls it unsafe for union elections.  Their concern is union members being intimidated in remote, unobserved locations. They are  correct.  Intimidation or the selling of votes is just one of the risks of Internet voting.  <read>

Recently the National Labor Relations Board (NLRB) published a request for information regarding industry solutions for procuring and implementing “secure electronic voting services for both remote and on-site elections.” The National Association of Manufacturers (NAM) is concerned with the Board’s intention to pursue the use of electronic systems to allow union representation elections to take place off-site and outside the supervision of the NLRB. The NAM firmly believes the current practice of NLRB-supervised elections that take place on employees’ worksites protects the integrity of the union election process and safeguards employees from intimidation and coercion from third parties…

Voting methods that utilize web-based technologies and telephone-based balloting do not allow the necessary levels of observability and transparency that exist within the current election process. Currently, union organizers are entitled to receive employees’ personal contact information from employers for the purposes of union organizing efforts. Introducingmethods of remote-access elections combined with this access to information exposes workers
to potential unwanted intimidation and harassment…

Such changes to the election process would be a drastic deviation from current practice
and run counter to the principles of fairness and balance inherent in our labor laws. We strongly
urge the Board to maintain the integrity of the current NLRB-supervised union representation
process and refrain from introducing new technologies that remove the necessary protections
currently afforded to employees.

GOOGLE: Internet Attacked; Activists Targeted; Freedom To Be Restored

Google disclosed significant attacks on their servers and GMail, along with attacks on other corporations. They will change their policy limiting the freedom of Chinese citizens. Another demonstration that the risk to democracy posed by Internet voting is not just a possibility voiced by computer scientists and security experts.

Google disclosed significant attacks on their servers and GMail, along with attacks on other corporations.  They will change their policy limiting the freedom of Chinese citizens.  Another demonstration that the risk to democracy posed by Internet voting is not just a possibility voiced by computer scientists and security experts.

Google announcement: A new approach to China <read>

Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.

First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.

Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.

Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users’ computers…

These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the web–have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

Our earlier coverage of the risks of the Internet and Internet voting. <Obama/Government Concerns> <Bankers Concerned>

Update: NPR Fresh Air: Fighting Cybercrime, One Digital Thug At A Time <Read or Listen>

Attacking corporate Web sites and stealing personal financial information is no longer just the work of hackers. These days the mob is also taking an interest…

They’ve argued for years that increasingly organized bands of hackers are a threat to everyone who uses the Internet, from individual consumers to banks and credit card companies, to the U.S. government.

Joseph Menn is a journalist who covers cyber-security and other technology issues for the Financial Times. His new book, “Fatal System Error,” is a look at the hacker underworld where cyber-criminals in the former Soviet bloc and elsewhere commit extortion, fraud, identity theft and even politically motivated attacks on the Web sites of governments and dissidents…

DAVIES: Right. Now, of course, the critical question there is how does one of these miscreants, these cyber-criminals, get control of thousands of computers to simultaneously try to log onto your Web site and thus overload it?

Mr.?LYON: It’s there’s unlimited ways to do it. These guys have these very sophisticated, amazing softwares that basically can hunt down computers on the Internet that have real common holes in them and then remotely install software that allows them to control those computers.

DAVIES: Right, and the term for someone whose computer has been a computer that’s been taken over by an external operator is a bot, as in robot, right?

Mr.?LYON: Yeah, they’re basically a bot. They’re kind of a tool for your, you know, your whims.

DAVIES: Right, and just to make this clear, we’re talking about this could be many listeners in our audience, for example, who might have been happily using their computers for months, not knowing that somebody somewhere, maybe in Ukraine, has had some program, has gotten into their computer and is actually, without them knowing it, using their computer to flood some Internet site somewhere as part as part of an extortion effort.

Mr.?LYON: Yeah, I mean, that’s exactly how it works, and it’s not necessarily like the person in Estonia is logged in to your computer and running it physically. Their your computer has a little piece of software that links into another location that kind of aggregates them all together so you can send commands in a mob or in a mass and say, basically broadcast a message saying, okay, all you computers go and attack this.

Are  you sure your computer is safe?  If you are a Military or Overseas voter are you sure your computer or the one you are using has not been hacked to change your vote or throw it out if it is for the “wrong” candidate?

Failing that perhaps the Russians help attack candidate web sites and Chinese will just continue to steal our business and military web sites (covered in the NPR story).

The [security] industry is paranoid…the Internet was not built for this purpose [security].