back to article US senators get digging to find out the truth about FCC DDoS attack

Senate Democrats are pressing government officials to explain their claims on election tampering and cyberattacks. Senator Ron Wyden (D-OR) is heading up a pair of efforts to look into the FCC's claim that its comment system was hit by a DDoS attack in 2014 and 2017, and to examine whether the US Election Assistance Commission …

  1. Zarno
    Trollface

    What's the difference between...

    What's the difference between a DDoS Attack, and a fairly large portion of the country hitting a poorly designed sham-tastic comment system?

    In my opinion, not much, except a DDoS attack probably would have been less traffic.

    1. veti Silver badge

      Re: What's the difference between...

      Correct me if I'm wrong, but I don't believe there is any such thing as a rigorous definition of a DDoS attack.

      So it's basically an irregular verb: "I suffered a DDoS attack, you were unable to cope with a spike in traffic levels, they ran a poorly-designed shamtastic comment system."

      1. jake Silver badge

        Re: What's the difference between...

        A DDoS attack is defined as: An attempt to make an Internet available service unavailable by overwhelming it with traffic from multiple sources.

        To answer Zarno's question, the first is caused by a single entity with malicious intent abusing the resources of the system. The second is caused by many individuals using the system as intended.

        HTH

        1. veti Silver badge

          Re: What's the difference between...

          Right, so it's defined by "intent". Which is impossible to know, unless someone confesses to it.

          So from the victim's point of view, there is no meaningful definition.

          1. jake Silver badge

            Re: What's the difference between...

            Oh, bullshit. The intent of a DDoS is clearly to stifle the ability of the person targeted by the attack to run a service or services.

            1. veti Silver badge

              Re: What's the difference between...

              Yeah... I'm still not seeing anything in that definition that can be used to tell whether a given incident was a DDOS or not. Not unless someone actually says "yeah, we did that".

              1. jake Silver badge

                Re: What's the difference between...

                You don't use the definition to tell if it's a DDoS, you use the system logs. There is a huge difference between a mechanically generated flood and one that's driven by honest traffic. If you were a sysadmin you'd know this.

  2. elDog

    "McAfee as a 'cyber security expert"

    Maybe at some point in his random walks through reality he might have stumbled on a good model to make money off of dummies-are-us.

    I don't trust any of the commercial "security" companies any more since they are obviously in the game to foment fear and make money off it.

    This just seems like normal political skulduggery to achieve a hidden agenda and cloaked in some technical terminology to appease us semi-criticals.

    1. I. Aproveofitspendingonspecificprojects

      Re: "McAfee as a 'cyber security expert"

      You obviously don't mean you rely on Microsoft

  3. Kev99 Silver badge

    As far as the elections, there's a simple solution. Get elections the hell off the internet. US elections worked just fine for over 200 years without using the internet.

    1. Mark 85

      But then certain corporations and "advisors" wouldn't make some pretty big money off the elections.

  4. Pascal Monett Silver badge

    "maintain paper trails to help track ballots and guard against tampering"

    Here's a novel idea : put the name of the candidates each on a piece of paper. Have the voters go into a privacy stall to put the paper of their choice into an envelope. Then have them go to a box, controlled by a voting committee member, and under the watch of the controller, place their envelope in the box.

    They will have voted, the votes can be tallied, there is a paper trail, and fucking with the system is way, way harder than a stupid half-witted computer litterally made to be hacked.

    But why make it simple when you can complexify things ?

    1. Alphebatical

      Re: "maintain paper trails to help track ballots and guard against tampering"

      I don't know about other places, but my county uses electronic voting to let anybody vote anywhere, regardless of which precinct they live in. I don't see that being doable with paper ballets.

      1. Robert Helpmann??
        Childcatcher

        Re: "maintain paper trails to help track ballots and guard against tampering"

        I don't see that being doable with paper ballets.

        The US has had absentee (mail-in) ballots for years. It has proven to be more reliable than electronic voting has. In fact, many precincts are pushing people to avail themselves of early voting which may make use of the same (early voting may be done in person or via mail). I am not saying electronic voting cannot be made to work, but we do have plenty of data for the alternative.

      2. Mark 85

        Re: "maintain paper trails to help track ballots and guard against tampering"

        Where I live (Oregon) it's all done via mail. They send you the ballot, you mark it up and send it back. Seems to work very well compared to other States I've lived in.

  5. lglethal Silver badge
    Joke

    Wow an American senator with a grasp of the issues and the balls to actually start asking the hard questions?

    This will not stand! Dig out the dirt this instant! Hes endangering our profits/power grab/political machinations/illegal activities (delete as appropriate)!

    1. Anonymous Coward
      Anonymous Coward

      @Iglethal

      Good post, but your mouse slipped and selected the 'Joke' icon.

      Pity.

  6. Milton

    When it is a Net bad thing

    Sorry for the pun, but this is a classic case of a solution to a problem that never existed: in fact the solution is causing problems. It was a terrible mistake to implement electronic voting, especially if it's done with no backup paper trail. It is even more asinine to make these things accessible via the internet—we are talking about mighty temptation put before bad actors with the resources of a nation state. It's a recipe for catastrophe, and that catastrophe may even have happened already—look at how a few delicately chosen small majorities gave Trump the presidency despite a shortfall of <3m votes.

    Someone's already pointed out that a well-designed physical system can do the job securely and with admirable respectability, like that of Britain: with enough eyes seeing, literally watching what's happening, and people covering the chain of custody of ballot boxes, it is a traditional, old, antiquated and highly effective system. There is simply no good reason to add technology, especially when that clearly introduces a swarm of horrid vulnerabilities.

    That the world's foremost and wealthiest power, which claims to be a democracy, cannot simply fix this, beggars belief.

    1. veti Silver badge

      Re: When it is a Net bad thing

      On the one hand, I agree with you about e-voting. But it is a solution to a problem, namely "how can we make it possible for some companies to make money out of the election process, which we can then funnel from taxpayers to our supporters?"

      On the other hand, you are not thinking through the dependencies between online systems and offline, to which the British system is far from immune. Think about, for instance:

      • online maps and directions to polling stations - hackers can send voters to the wrong places
      • online voter registration - hackers could fraudulently register voters, or worse, deregister them before polling day
      • or, they can just DDOS the registration site for six hours before the deadline closes. There's always a last-minute rush
      • more subtly, change voter information - scramble names, addresses, dates of birth - so the records no longer match the voters. Voters could be transferred to the wrong rolls, so they're no longer on the list at their local polling station.
      • if they get really ambitious, they could invent whole new, completely fictitious polling stations. Then someone could turn up at the count with a box of ballots from there.

      Just because the voting itself is offline, doesn't mean it can't be hacked.

  7. Anonymous Coward
    Anonymous Coward

    Paper ballots

    I once did a local election count here in Blighty and the checks are quite interesting.

    First one team counts the ballots each in a box and the number has to tally with the total votes recorded at the voting station - the team isn't told what the 'right answer' is either. After three counts that don't agree with the 'right' answer the revised total is accepted but the difference noted.

    Then the ballot boxes are re-distiributed to different teams to actually count the votes. Again the totals have to match with the previously verified total - without knowing the right answer.

    Any paper that has odd/extraneous/no marks has to be shown to the candidates and/or their agents and agreed with the voting office as to how it will be classified.

    That was a local council election and those were the checks I saw. Surely POTUS should have no less?

  8. Anonymous Coward
    Anonymous Coward

    Voting is a joke in the US

    Anything above town level elections are all fraud and or financially manipulated, has been this way for over 30 years. (I'm much older than that and have that and have as many years of security related jobs in the US)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like