back to article US voting machine certification agency probes potential hack

The US government agency charged with ensuring that voting machines meet security standards may have been compromised, according to evidence uncovered by cyber security firm Recorded Future. In a statement, the Election Assistance Commission confirmed it was investigating a potential security breach: EAC has become aware of a …

  1. Your alien overlord - fear me

    Not state sponsered but

    we'll call him Rasputin - Russian AS in PUTIN

    Or Recorded Future just like Boney M?

    1. Destroy All Monsters Silver badge
      Big Brother

      Re: Not state sponsered but

      How we can we even know this is not fake news, or even a CIA operation to seed doubt and uncertainty? (The CIA is pretty good in these, running them on the national level? Yes we can!)

      During the Bush years, I remember unsecure voting machines being fielded and not much peep was raised (someone raised a peep, but he later commited suicide just across the border in Mexico after telling his family he would be home soon. The FBI then forgot to take photos of the scene, or so I rememebr...)

      1. seven of five
        Black Helicopters

        Re: Not state sponsered but

        Actually, I´d recommend not to remember this.

      2. Tom Paine

        Re: Not state sponsered but

        Point of order: if he died in Mexico, of course the FBI didn't take any pictures; it's out of their jurisdiction.

        1. John Brown (no body) Silver badge

          Re: Not state sponsered but

          "Point of order: if he died in Mexico, of course the FBI didn't take any pictures; it's out of their jurisdiction."

          Yeah, that's CIA jurisdiction and they really don't like photographic evidence!

    2. breakfast Silver badge
      Pint

      Re: Boney?

      Well, it was a shame how he carried on.

    3. breakfast Silver badge

      Re: Boney? ( Part 2 )

      He finally finished the upgrade from a wired to wireless home network.

      There was a cat 5 that really was gone.

    4. a_yank_lurker

      Re: Not state sponsered but

      According to local Atlanta, GA news reports it is state sponsored (http://www.wsbtv.com/news/local/more-states-confirm-cyber-attacks-sourced-to-dhs/476227320). However, it is the feral Department of Homeland (In)Security behind the attacks. I did not realize Putin was moonlighting as DHS official.

    5. Sonstar

      Re: Not state sponsered but

      Yes,i am

  2. dalethorn

    Bad enough that el Reg publishes so much liberal anti-people propaganda, but now with this article they've gone to the loony bin.

    1. Destroy All Monsters Silver badge

      Not yet!

    2. Voland's right hand Silver badge

      Not really

      Not really

      A USA government agency having a vulnerable website. News at 10.

      Now if said news at 10 contain provable info on successful break in all the way to the testing and certification network and ability to upload alternative firmware, USA can frankly kiss the last election results bye-bye.

      1. Tom Paine

        Re: Not really

        Suppose you were running a nuclear weapons storage facility (and pretend for a minute that nukes are made or serviced or painted or something by SME; I imagine this org is an ME.) Oh and public sector, which ad you know in the US means less than gold standard of security clue. Their public website gets hacked. You wouldn't worry, because of COURSE they wouldn't be mad enough to have the publicly accessible web servers on the same network as the "test this bomb exploded properly? (Y/N)" internal systems - right? Right. Because no-one ever messes that up, or has people doing generic web, mail and office docs on a network from where you can reach prod... Right? I mean, the chances of that mistake being made must be, oh, 50/1...

        Would you get on a plane that had a 2% chance of crashing on its next flight? Or trust the nukes? Well, then, what odds are acceptable when it comes to hackers being able to get to this org's prod systems? Would you bet you life on it? How about 400 millipn lives?

        You see my point I hope, though I've out it clumsily... (It's Friday night! *) )

    3. DasWezel

      "...el Reg publishes so much liberal anti-people propaganda"

      Priceless.

    4. Paul Crawford Silver badge

      "liberal anti-people propaganda"

      Now boy, keep taking them there dried frog pills...

      1. Owain 1

        Re: "liberal anti-people propaganda"

        They come in pill form?

        1. Kane

          Re: "liberal anti-people propaganda"

          "They come in pill form?"

          Why, I'll have a little of the roast weasel, if you would be so good!

    5. Hollerithevo

      Those pesky liberal anti-peoples!

      Yes, I certainly wish liberals would get back in their box and make sure the People who are pro-people make sure social security is reduced and Medicare is stopped!

    6. Dabooka
      WTF?

      We had FoTW

      How about Twat of The Week?

      That post surely deserves some kind of official accolade from El Reg?

  3. Schultz

    Probably ...

    this is just squeezing some last bit of value from said vulnerability. The real value surely was to be had before the election.

    Maybe?

  4. Doctor_Wibble
    Paris Hilton

    So they are self-re-certifying?

    I've probably misunderstood how it works and/or failed to read TFA properly but am I right in thinking this means the agency that certified the machines as secure now given the task of certifying that their certification was correct and the machinese were in fact properly certified nothing to see move along?

    I have no reason to suspect the agency of anything dodgy but even if/when they find nothing wrong, there's still going to be a lot of people who really won't take their word for it because it's them darn Russkies (etc).

    1. theblackhand

      Re: So they are self-re-certifying?

      From various articles over the last 10+ years, I thought it was widely accepted within the IT community that the US electronic voting machines are at best about 10 years out of date regarding security practices and at worst are the Adobe of the election software industry - i.e. it looks OK, but underneath is a first gen product struggling to cope with the demands of the modern world and securing the product was done by capitalising the first letter of the admin password...

      Having been involved in local body elections in a past life, I have some trust in the inherent checks and balances in at least some countries election processes. If you are relying on a start-to-finish electronic process with no ability to verify actual votes, you probably get the result you deserve....

      1. The little voice inside my head

        Re: So they are self-re-certifying?

        Like Detroit, blaming technology 10 years old, 87 OCR machines broke on election day.

        http://www.detroitnews.com/story/news/politics/2016/12/05/recount-unrecountable/95007392/

  5. Anonymous Coward
    Anonymous Coward

    Them dammed russki's!!!

    ... said Obama, as he began packing his stuff away in readiness for the big move in January 2017

  6. Anonymous Coward
    Anonymous Coward

    They just don't learn

    How many hack attacks does it take before all entities understand the vulnerabilities and employ the necessary roadblocks? When script kiddies can hack into government and enterprise servers with little effort, security officials and senior management are not performing their responsibilities.

  7. John Smith 19 Gold badge
    Unhappy

    Still not that big a deal. It only lets someone in the backdoor to decide who runs the US

    And that's only every 4 years.

    Plenty of time to fix this.

    Right?

    SQL injection --> failure to validate any input field --> lame ass attack vector.

  8. Anonymous Coward
    Anonymous Coward

    Back To Paper Ballots

    I'm skeptical.

    This Administration and the CIA say the "election hacking" information came from Russian hackers.

    The supplier of that info, WikiLeaks, says it didn't.

    I find Mr Assange more credible.

    This new "controversy" seems like another action in a coordinated effort by our government to discredit the results of the past election.

    Too bad the article didn't point out that each state and each of its districts have their own differing processes/systems/machines/ballots, etc.

  9. Crazy Operations Guy

    Why do we even need special voting machines anyway?

    Why wouldn't it be possible to just use a standard secured website for voting? Set up some Computer-vision software so that people can hold up their ID cards next to their faces on a webcam to verify they are who they say they are.

    It'd probably be much more effective than the 60-year-old woman with severe glaucoma that checked my ID at the polling place the last time I voted in person. And it'd be a lot more secure than the mail-in ballots I typically use.

    This way, they would have much better accounting with none of this voter intimidation stuff and would allow people in areas far away from polling places to actually vote. Plus, being fully digitized, the count would be instantaneous.

  10. Pete4000uk

    I'm always glad to...

    Put an X next to whoever I don't want elected and put the piece of paper into a black box.

  11. Potemkine Silver badge

    Paper ballots are harder to hack

    Democracy is a too serious matter to entrust voting machines.

  12. Anonymous Coward
    Anonymous Coward

    Technology isn't always better

    I've never seen anyone hack into a piece of paper from a computer and change the writing on it - paper will always be secure from digital manipulation.

    technology for the sake of it is usually a waste of time and almost always presents opportunities for malicious intent.... hence I'm avoiding the move to a smart home. I like manual valves and hand operated controls.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like