Election News Roundup

Several instructive articles and events this week.

Last week, Secretary of the State and President of NASS (National Association of Secretaries of  State) held a press conference discussing Donald Trump’s allegations of 3 Million “Illegals” Voting.  Secretary Merrill Challenges President’s Reported Claims of Illegal Voting <press release> <video>

After the press conference, I discussed the issue  with Secretary Merrill:

  • I agree that it is unlikely there there were more than a few illegal in-person votes in the election (I doubt as more than a few undocumented are registered.  There may be some, especially felons, registered by their and official’s mistakes)
  • Any credible investigation should confirm that.
  • We would not be in this bind, if there were routine audits of all aspects of the election process, including voter lists and estimates of the number of illegal in-person voting.
  • We know the lists are a mess.
  • An audit of check-in lists could for a very low cost and effort show that there was nowhere near millions of illegal in-person votes.
  • Speaking of audits, Connecticut’s voting machine audits are better than average in a poor field, considering that half the states don’t do audits at all and perhaps one or two states do vote count audits that are quite good.

Meanwhile, at least, Connecticut is no Kansas: The Kansas Model for Voter-Fraud Bluffing <read>

Here an article I generally agree with from Forbes: What The Election Can Teach Us About Cybersecurity <read>

Lowering The Bar For Information Warfare: Three Methods Of Interference

In the past, regimes wishing to upend elections had to do things like engineer strikes or military uprisings. Today the game has changed: Anyone can use the internet to destabilize elections in ways that are easily deniable — and perhaps more effective.

Around the world, no two elections are conducted the same way. However, as more campaigns come under fire, we can now see common hallmarks of offensive interference.

Doxxing: Gathering sensitive, confidential data and maliciously disclosing information in a calculated fashion to inflict setbacks in political momentum and unity.

The best examples of this are the email leaks that plagued the offices of Hillary Clinton’s presidential campaign and its allies in the Democratic National Committee (DNC) and Democratic Congressional Campaign Committee (DCCC) in 2016…

Forget Watergate-style break-ins; today, doxxing is easy to accomplish with simple phishing e-mails introducing malicious software to email recipients…

Digital Propaganda: Inundating voters with misleading or inflammatory information masquerading as news and other trusted sources.

Today it’s easy to fabricate websites with seemingly innocuous domain names hosting digital propaganda and then use orchestrated, automated social bots and other methods to seed it across social media and other channels…

Hacking Election Machinery: The most volatile attack scenario is compromising voting machines, agencies and other polling infrastructure.

This is the hardest category to pull off, because remotely compromising a voting machine, for example, is more difficult than tricking election staffers into clicking on malicious email attachments (as stage one of a doxxing expedition). Yet, every newly-disclosed vulnerability rightfully worries election regulators. Even quick technical fixes applied after such disclosures may not reassure voters’ perceptions.

Training their sights on election machinery is a high-stakes game for nation-state attackers, because a country could consider such intrusions attacks on their critical infrastructure systems, an act meeting the threshold for military retaliation and other dire responses in the physical world. The risk and sheer complexity of these attacks is likely why productivity-minded election adversaries spend most of their time on propaganda and email hacking.

That last part, I disagree with.  Hacking is difficult, yet quite possible from the outside.  Its much simpler from the inside.  Its not just a cyber risk.

Speaking of attacks on voter databases here is a story from this fall: Hackers hit Henry County voter database <read>

Attempts by computer hackers to hold Henry County’s voter database for ransom had county and state officials scrambling just days before the Nov. 8 general election.

Voters were advised about the data breach in a letter sent by the Henry County commissioners earlier this month.

Commissioner Glenn Miller said the voter database was restored from backups at the county and state level, and no ransom was paid.

He said officials have no reason to believe the security breach compromised election results, or that voter registration information was extracted from the system.

The ransomware attack occurred on Oct. 31. Ransomware is a malicious software used to deny access to the owner’s data in an effort to extort money. Miller said hackers that use ransomware are typically after money, not stealing data.



Leave a Reply

You must be logged in to post a comment.