Category: Internet Security Issues

Do Voters Deserve Same Protections As Small Businesses, Schools, and Non-Profits?

The American Bankers Association has issued guidelines that small businesses should use separate computers for banking transactions to avoid viruses that can steal funds.

The American Bankers Association has issued guidelines that small businesses should use separate computers for banking transactions to avoid viruses that can steal funds.

UPI: Businesses warned about online banking <read>

The FBI and the American Bankers Association have issued a warning to small business owners to use a separate computer for online banking.

Small businesses, as well as churches, non-profit organizations and local government agencies and school districts, are prime targets for cyber theft, USA Today reports. The criminals depend on “banking Trojans,” malicious software spread through the Internet that allows them to steal funds by manipulating electronic transfers.

It seems the risks are real, money has been lost.  In our view similar risks exist for internet voting, military, overseas, or otherwise.  As we have and others have said previously, officials need to prove the viability of internet voting before anyone uses it. <The MOVE Act and references>

We also can’t help but wonder about home banking as well.  What exempts us all from this risk?

President Appoints Cyber Czar

Our concern is with the disconnect that has otherwise intelligent people concerned with cyber security based on strong evidence, coupled with the almost simultaneous support for voting by Internet, email, and fax.

Several stories covering the President’s appointment of a Cyber Czar, officially a Cyber-Security Coordinator <read>

After months of delay, President Obama on Tuesday named a cyber-security coordinator to oversee the vast task of protecting the nation’s computer systems in the public and private sectors…

But the selection process ran into division and disarray that, critics said, affect the government’s cyber-security efforts. The administration has sparred with business interests over cyber-security policy and has grappled with bureaucratic infighting among the law enforcement and intelligence agencies involved…

In praising Tuesday’s appointment, the chairman of the Senate’s Homeland Security and Government Affairs committee called on the administration to move faster to safeguard cyber-networks nationwide. Experts have cited threats posed by international organized crime as well as hackers connected to the security forces and spy agencies of China and other nations. China denies it is trying to hack U.S. systems.

We have previously covered the President’s concernsOur concern is with the disconnect that has otherwise intelligent people concerned with cyber security based on strong evidence, coupled with the almost simultaneous support for voting by Internet, email, and fax.

Reference:

Technologists’ Statement On Internet Voting

CIA Agent: Electronic Voting Risky

Overseas And Military Voting Reform Approved By Senate – With Risky Provision

Washington State Secretary of the State proposes Militairy Internet voting

Low Tech, Computer Hack

Just a little reminder that we can have all the physical security, encryption, open source, and source disclosure in the world. Yet, there are still low tech ways to hack systems available to high school “D students”.

Update: Nationwide: Computers Increase Students’ Temptation To Cheat

Just a little reminder that we can have all the physical security, encryption, open source, and source disclosure in the world. Yet, there are still low tech ways to hack systems available to high school “D students”.  Courant story from Manchester. Connecticut <read>

Two Manchester High School students breached the school district’s computer system and altered grades and attendance records, police said Tuesday.

The incident remains under investigation.

Police said the students learned the user name and password to the system from watching a school administrator log in.

They changed grades and attendance records multiple times over the past two weeks, police said. One of the students changed a grade from a D to a C, police said. Another student discovered what they were doing and told a school official about it.

Update: 10/30/2009 Courant: Nationwide: Computers Increase Students’ Temptation To Cheat <read>

More evidenced that it does not take researcg at Princeton or UConn to cheat with computers.  Are registrars any more savvy than school administrators in preventing and detecting fraud?

Much of it is using computers for cheating, but some is hacking:

There’s nothing new about cheating, said Lt. James Wardwell, a computer forensics expert with the New Britain Police Department, “and the computer is just another tool to help someone accomplish a bad deed.”

What is new is that cheating in America’s high schools has become “rampant, and it’s getting worse,” according to a 2008 nationwide survey by the Josephson Institute, the California-based nonprofit organization that runs the Character Counts! youth ethics program in schools in Connecticut and throughout the country.

The survey of 30,000 high school students found that 64 percent said they had cheated on a test during the past year, up from 60 percent in 2006. The survey did not address school computer hacking, but 36 percent of respondents said they had used the Internet to plagiarize an assignment, an increase from 33 percent in 2006.

Some students have been lured into cyber-cheating by the apparent cloak that computers and personal communication devices provide, Michael Josephson, president of the ethics institute, said. Armed with stolen information, kids can enter school record systems from their bedrooms, or they can photograph copies of tests with their cellphones and send them to others who have to take the same test…

Newspaper reports from throughout the country show that the methods students use to crack school computer programs range from simply watching a school staff member entering a password — the method used in Manchester, according to police — to sneaking spyware onto school computers. “Key-logger” programs, for instance, record all strokes on a computer keyboard and send a record to another computer.

In some cases, cyber-cheating students have lifted user names and passwords from hard copy lists left in school offices. Some school staff members use their own names, or slightly altered variations, as passwords, enabling a student to enter a grading or attendance site after a few guesses.

That was the case in Naples, Fla., recently, where police say a 16-year-old boy slipped into school district computers by guessing an employee’s password. The boy was then able to change the grades of five or six students, according to Florida news reports.

Nationwide: Computers Increase Students’ Temptation To Cheat

Electronic Medical Records vs. Electronic Voting

“There are many wrong ways to make this transition. If history is any indicator, unless a concerted effort is made to require proper protection, the new medical systems will be no better than the insecure voting machines that many states have purchased.”

CTVotersCount has addressed the reasons why our trust in ATM’s cannot be translated into trusting electronic voting <read>.  We have also compared evoting to supermaket scanning, gambling machines, and eletric meters.

In a recent blog post Avi Rubin compares the security risks of electronic medical records vs. electronic voting: A vote in favor of electronic medical records (with caution) <read>

We should be concerned:

amid this rush toward new technology, some doctors and several organizations such as Patient Privacy Rights have raised a yellow flag of caution. In this age of Internet hackers and lost laptops, just how secure, they ask, will these computerized medical records be? After all, it’s a lot easier for someone to waltz out of a hospital with a USB stick in their pocket containing 5,000 patient records, than with many boxes containing the equivalent paper records. Moving electronic records online can make them particularly vulnerable.

To some extent, these fears are justified.

But there is a difference.  The challenges and risks of electronic voting and electronic medical records are different:

Yet what is true for voting systems is not necessarily true for electronic medical records. The adversarial model in these two applications is completely different. In a voting system, all parties should be viewed as adversarial. Everyone has a stake in the outcome, and there is no reason to believe every software developer, election official, poll worker or voter will refrain from tampering with the process. That doesn’t mean these people are malicious. It just means that we need voting systems that can be trusted, even when the people associated with the process are corrupt.

Contrast that with the medical records scenario. Computerized system designers and builders have every reason to want their technology to be secure, and little or no incentive to undercut this. Vendors will sell more systems if their technology is highly secure. Hospital administrators will seek the safest systems to protect patient privacy and keep their institutions off the front pages and out of the courtroom. For patients, the benefits are obvious.

There are many benefits yet the history of government programs such as the Help America Vote Act provide instructive cautions.  We are concerned that money will be thrown at untested software, hardware, and procedures under the cover of a jobs stimulus program, yet provide few U.S. jobs and large profits.  We need to look and evaluate cautiously before we leap.  As Prof. Rubin says:

Still, we need to be careful. There are many wrong ways to make this transition. If history is any indicator, unless a concerted effort is made to require proper protection, the new medical systems will be no better than the insecure voting machines that many states have purchased. When money flows from Washington, vendors tend to spring up out of nowhere. The ones who gain traction are the ones with the best sales teams, the glossiest brochures and the best connections, but not necessarily the most secure systems. This has happened over and over again in every industry.

We need to make sure that security standards, including evaluation and testing procedures, are established before the billions are spent. Computer security experts in academia, government and industry should all be engaged to establish criteria and evaluation methodologies. We need support from all of the relevant stakeholders, including privacy advocates, the medical establishment, vendors and the technical security community.

Prof. Rubin’s conclusion:

We are facing a golden opportunity to improve the lives of millions of Americans by providing computerized storage and access for medical records. We can reduce or eliminate redundancy, waste, unnecessary exams and procedures, and medical errors. And, we can do it without inordinate risks to individual privacy. Nevertheless, while electronic records appear to be our destiny, the privacy of those records will only be preserved if we are careful and do this right. There will be no second chances.

We would go further outlining the necessary cautionw.  In addition to “the privacy of those records will only be preserved if we are careful and do this right.”  We  can also only “reduce or eliminate redundancy, waste, unnecessary exams and procedures, and medical errors”  if we are “careful and do this right”,  evaluating the total system.  We must be careful that the system actually reduces medical errors.  We could have a system that is costly, insecure, useless, and perhaps deadly.  Yet, with caution and care we could have a system that is efficient, effective, secure, and life enhancing.

This is out of CTVotersCount’s realm to take a position.  Perhaps nobody should be for or against a national program for electronic medial records.  Instead either “conditionally for” the concept, yet witholding complete endorsement awaiting a comprehensive, thorougly evaluated plan.  Or “conditionally against”, skeptical of past rushed plans, yet open to the possiblity of an effective plan being proposed.  In any case, there are significant analogies between electrion medical records and electronic voting, yet also critical differences.

Barbara Simons: The Internet and Voting: Worth Doing Right

Recently we were dissapointed when the Huffington Post ran a PR piece from Everyone Counts touting their risky election technology used in a Honolulu election. Now, Huffington Post has provided a platform for an expert technologist’s view.

Recently we were dissapointed when the Huffington Post ran a PR piece from Everyone Counts touting their risky election technology used in a Honolulu election: Did Hawaii and Honolulu Defy Own Laws, Science, and Common Sense?.   Now, Huffington Post has provided a platform for an expert technologist’s view.

Barbara  Simons is the only technologist on the Board of Advisors of  the U.S. Election Assistance Commission.  She is a recognized expert on voting integrity and security.  She was also President of the Association for Computing Machinery.

She refutes the contention that technologists are intimidated by technology:

In response to multiple efforts to allow voting over the Internet in major elections, many of our nation’s prominent technology experts have signed a statement cautioning against adopting Internet-based voting systems without first understanding and guarding against the numerous and well-documented dangers. This is not because, as Mr. Contorer suggests, those opposing Internet voting find “[t]he introduction of technology to any process … scary”. The signatories to this statement are not at all intimidated by technology; in fact many are established experts in voting systems who are most certainly aware of the major risks associated with Internet voting.

Simons then explains that ATM Banking and voting are different:

The article asserts that since we are able to conduct banking and commerce over the Internet, we should also be able to vote over the Internet. This is a common misconception (or misrepresentation) that is often made when attempting to support Internet-based voting. Banks spend considerable time and money to ensure the security of our assets, yet there are still risks. Identity theft and fraud affect millions of Americans and cost billions of dollars each year. When we can detect such fraud it is because we are able to track our money through each transaction from start to finish, including the people associated with those transactions.

However, elections by their very definition disallow this type of explicit end-to-end auditing. Voters must cast their ballot in secret and not be able to prove to others how they voted. Election officials must not be able to tie votes to citizens except in very narrow circumstances as carved out by law. The lack of these basic protections make Internet-based voting a dangerous idea and place it so far from the realm of Internet banking or commerce as to make the author’s point moot.

There are significant security issues that any vendor must address before declaring such a system fit for public elections. Yet the author glosses over these security issues raised by Internet voting, referring several times to “military-grade encryption.” It is a well-known marketing technique of voting system vendors to tout the strength of their encryption because it sounds impressive. But the fact is that encryption is only a secondary part of any electronic security.

Technology can help in elections:

Americans deserve the best electoral system available. There are many options for making elections more accessible, secure, and efficient, and the Internet will have a role to play. Current possibilities that show promise include the easier maintenance of voter registration records and the distribution of blank absentee ballots. But we should not subject our democracy to the costs or risks of current Internet-based voting schemes.

We recommend reading the entire post <read>

Internet Voting: One of the Most Serious Threats to Democracy in the 21st Century

Now, President Obama has formally recognized the risks and insecurity of the internet. Given that recognition, the incidents we see reported almost daily, and those viruses that occasionally hit our computers, on what basis can anyone support internet voting?

Our headline parapharases and logically extends the concerns expressed yesterday by President Obama as quoted in a Hartford Courant article:

Calling the protection of government and private information and communications networks “one of the most serious … security challenges of the 21st century,” President Barack Obama plans to appoint a new adviser to oversee an effort at improving “cybersecurity” throughout the United States.

Private companies with revenue to gain, state legislators, and Federal committees have been touting the benefits of internet, fax, email, and even voting by phone.  We along with other voting integrity advocates, security experts, CIA experts, and computer scientists have been warning of the risks to democracy.

Now, President Obama has formally recognized the risks and insecurity of the internet.  Given that recognition, the incidents we see reported  almost daily, and those viruses that occasionally hit our computers, on what basis can anyone support internet voting?

A second piece of  postitive news is that the military internet voting bill in Connecticut, if it passes, will likely be in a version that precludes votes being returned electronically.  In that form we support it along with other cost effective and secure methods which have been proposed in the U.S. Senate and House to help our soldiers vote.

Update 10/27/2009: Northrop Grumman report on the Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation <read>

This strategy, which relies on a simultaneous application of electronic warfare and computer network operations against an adversary’s command, control, communications, computers, intelligence, surveillance, and reconnaissance (C4ISR) networks and other essential information systems, appears to be the foundation for Chinese offensive IW. Analysis of this strategy suggests that CNO tools will be widely employed in the earliest phases of a conflict, and possibly preemptively against an enemy’s information systems and C4ISR systems.

The PLA is training and equipping its force to use a variety of IW tools for intelligence gathering and to establish information dominance over its adversaries during a conflict. PLA campaign doctrine identifies the early establishment of information dominance over an enemy as one of the highest operational priorities in a conflict; INEW appears designed to support this objective.

Its not just China that could do this, and its not just warfare.  Similar attacks could change election results and disclose votes.  This is why internet, email, and fax voting should be a concern.

Another Take On ATM’s vs. Voting Machines

Security firm Sophos reported this week that it received three samples of a trojan that was customized to run on Diebold-manufactured cash machines in Russia…

CTVotersCount.org Myth #8 – If we can trust our money to ATMs we can trust our votes to computers. <10 myths> <also>

Perhaps ATM’s are not as safe as we sometimes think.

Today a story shows that ATM’s are vulnerable.  SCMagazineUS has the story: ATM malware appears, Diebold issues security update <read>

Security firm Sophos reported this week that it received three samples of a trojan that was customized to run on Diebold-manufactured cash machines in Russia, said Graham Cluley, Sophos’ senior security consultant. The malware was able to read card numbers and PINs — then when the attacker returned to the ATM, he inserted a specially crafted card that told the machine to issue him a receipt containing the stolen information.

“Basically [the malware] would be spewing out the identity information,” Cluley told SCMagazineUS.com on Wednesday. “It’s a really cunning scheme. You need to know how to talk to the ATM. It was working with the Diebold DLL (dynamic-linked library). It knew what API (application programming interface) calls to make, which is information, I suspect, not normally in the public domain.”

Diebold this week disclosed that it issued a security update in January for its ATMs running a Windows-based operating system to address the problem. Diebold told its customers in a letter that a number of its machines in Russia were infected — but the company did not reveal specifics on the attacks.

The somewhat comforting part of this story is that Diebold issued a fix in short order for the problem – while problems in their voting machines go unaddressed for years through multiple software versions.

However, it is a reminder of the vulnerability of any computer system to which somone gains access, including voting systems.

WSJ Article: Thwarting an Internal Hacker – Not Quite

In the end, systems will always have trusted people who can subvert them.

Excellent article on the difficulties of preventing insider fraud in the Wall Street Journal, except that the title, Thwarting an Internal Hacker, may be a bit optimistic, compared to the details in the article:  <read>

In the end, systems will always have trusted people who can subvert them. It’s important to keep in mind that incidents like this don’t happen very often; that most people are honest and honorable. Security is very much designed to protect against the dishonest minority

In the online article there is a very good list of articles and past problems with electronic voting systems.  Each word points to a separate article:

Replacing trusted people with computers doesn’t make the problem go away; it just moves it around and makes it even more complex. The computer, software, and network designers, implementers, coders, installers, maintainers, etc. are all trusted people. See any analysis of the security of electronic voting machines, or some of the frauds perpetrated against computerized gambling machines, for some graphic examples of the risks inherent in replacing people with computers.

The heart of the article is a list:

There are five basic techniques to deal with trusted people:

1. Limit the number of trusted people…

2. Ensure that trusted people are also trustworthy…

3. Limit the amount of trust each person has…

4. Give people overlapping spheres of trust. This is compartmentalization; the idea here is to limit the amount of damage a person can do if he ends up not being trustworthy. This is the concept behind giving people keys that only unlock their office or passwords that only unlock their account, as well as “need to know” and other levels of security clearance…

5. Detect breaches of trust after the fact and prosecute the guilty… This is why audit is so vital.

Our challenge in Connecticut is to protect our optical scanners  in 169 towns where expertise is scarce, most officials are very part time,  and separation with overlap of duties is challenging and expensive.  As the Coalition reports have shown, even protecting ballots with a credible chain-of-custody is yet to be accomplished.

Less challenging to overcome, yet still in place, is our dependence on our vendor LHS for programming of all our memory cards before each election – just the type of vulnerablity that provides an opening for insider fraud.

Internet Voting — Not Ready For Democracy

Verified Voting Founder, Professor David Dill, and computer experts from around the country released the: Computer Technologists’ Statement on Internet Voting. I fully endorse the statement and thank David Dill for producing and gaining support for the statement. The concluding paragraph: The internet has the potential to transform democracy in many ways, but permitting it … Continue reading “Internet Voting — Not Ready For Democracy”

Verified Voting Founder, Professor David Dill, and computer experts from around the country released the: Computer Technologists’ Statement on Internet Voting.

I fully endorse the statement and thank David Dill for producing and gaining support for the statement.

The concluding paragraph:

The internet has the potential to transform democracy in many ways, but permitting it to be used for public elections without assurance that the results are verifiably accurate is an extraordinary and unnecessary risk to democracy.

Continue reading “Internet Voting — Not Ready For Democracy”

The Perils Of Online Voting – PA Voter Reg System Vulnerable

Pennsylvania has taken down its voter registration system. It seems that a hacker can easily change voter registration information for other people. <read>

Online voter registration PDFs are left unsecured on the server for anyone to access. Simply change the request ID at the end of the URL. Valid IDs appear to be working from 50000 and up to 58500+ This was discovered after filling out a registration myself. Being a security conscious programmer, I decided to test. Very bad PA…very very bad!

The entire application has since been replaced with a message that says the site is temporarily offline, but the basis of the flaw was that an attacker could force the application to retrieve arbitrary PDF voter registration files of other voters by simply modifying a request parameter sent in a request to the PrintVoterApplication.aspx page.

Brad Friedman sums up the bipartisan problems with dangerous voting ideas and lack of technical knowlege: <read>

We can’t even do online registration securely, and yet Democrats have been talking about actually voting by Internet?! There is, apparently, no bad voting idea (touch-screen voting machines, “paper-trails,” vote-by-mail, now Internet voting) that Democrats aren’t all too willing to leap at before bothering to look.

Of course, where Democrats fail with often the best of intentions, Republicans often aim to “fail” in the first place with such systems. We’re still not sure exactly which of those is worse. Either way, there seems to be plenty of failure to go around these days. Luckily, there’s nothing important coming up for voters in Pennsylvania anytime soon.

I have been disturbed by the Democratic Party’s use of internet voting for the selection of eleven convention delegates to represent expats. Also by the suggestions of vote by mail primaries and also that the selection of our president is partially determined by states with vote by mail. If we believe in a secret ballot that cannot be bought or intimidated then we cannot tolerate Internet and mail-in voting.

Nothing to worry about in Connecticut. We can be assured that at least on the day before an election our voter registration system is almost impossible to access by anyone, including hackers and registrars <read>.