[ISN] FBI investigates hack at e-voting software company

From: InfoSec News (isn@private)
Date: Wed Dec 31 2003 - 01:10:58 PST

  • Next message: InfoSec News: "[ISN] Mitnick offers cash for hacking tales"

    http://news.com.com/2100-7349_3-5134106.html
    
    By Paul Festa 
    Staff Writer
    CNET News.com
    December 30, 2003
    
    update: Local and federal authorities including the FBI are
    investigating an intrusion into a computer network at an e-vote
    software company, which suspects the hack was politically motivated.
    
    VoteHere, a 7-year-old company in Bellevue, Wash., on Tuesday
    confirmed reports that its network had been breached in October. The
    company identified a suspect and said it turned the case over to the
    FBI, the Secret Service and the U.S. Attorney's office for an
    investigation that is ongoing.
    
    "This is a crime," said VoteHere Chief Executive Jim Adler. "This is
    about breaking and entering and stealing."
    
    It's also, e-voting critics would say, about security.
    
    The story of VoteHere's network breach, reported Monday by MSNBC and
    the Associated Press, is likely to play into a lively debate over the
    security and reliability of electronic voting systems. That debate has
    risen in pitch as federal deadlines loom for states to upgrade their
    voting systems, and e-voting systems provider Diebold has become a
    lightning rod for criticism for its own series of woes relating to
    security, partisan comments by its CEO and other issues.
    
    Still, Adler sought to portray the intrusion as evidence the system is
    working, because the break-in was quickly detected and investigated.
    
    "What this demonstrates is that you cannot protect a system from
    outside attack," said Adler. "People draw the wrong conclusion, that
    because there was this intrusion, therefore you can't have confidence
    in e-voting. But the confidence comes from understanding and believing
    that nothing was compromised. And if it was, you want to make sure it
    was detected."
    
    Citing the criminal investigation, Adler declined to say what the
    intruder might have taken before being caught. He also called that
    aspect of the incident immaterial.
    
    "We don't really care what this guy got," said Adler. "Security
    doesn't rely on the secrecy of the algorithms. We're all a bunch of
    cryptos (cryptographers) over here, so we know there's no security
    through obscurity."
    
    VoteHere has tentatively linked the suspect to a number of advocacy
    groups critical of electronic voting systems. The company declined to
    identify the suspect or the groups, again citing the investigation.
    
    The FBI said the case was being handled by a federal and local
    multi-agency group called the Northwest Cybercrime Task Force. No
    suspects have been charged yet in the case.
    
    VoteHere, which has posted some of its technical documents to the Web
    at VerifiedVoting.org, and has pledged to reveal the source code to
    its software when it completes an internal review within months, said
    no elections were compromised in the intrusion.
    
    The company's verification software works on top of other voting
    systems. So far only Sequoia Systems has licensed the technology, but
    has not yet implemented it.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Dec 31 2003 - 03:04:32 PST