On the other side, my boss just came back from a county election office in
our region who's 486 Netware 3.1 server crashed in their first "dress
rehearsal" due to a powerfailure corrupting files. Even before this, they
are having trouble printing the list of eligible voters as the 20mb free on
the antique hard drive wasn't sufficient for the Btrieve database to
perform the appropriate queries and print to the spooler both at the same
time. Thus, they are living with an inaccessible server as they print 1
precinct at a time and the server, with no space left, allows no outside
connections.
Everyday, it's something new and scary...
__________________________________________
JOHN MCGUIRE CISSP, MCSE2k, MCSE+I, MCT
Network Security Specialist
888.529.0401
jmcguire@private
Strictly Business
www.sbcs.com
brvarin@private
om To: cisspforum@private
cc: crime@private
10/24/2002 02:54 Subject: [cisspforum] Hacking the Vote
AM
Please respond to
cisspforum
Looks like the major news is finally getting the clue that maybe those new
fangled computerized voting machines are a tad vulnerable.... I'll be
accepting donations for my campaign shortly;)
http://www.foxnews.com/story/0,2933,66562,00.html
SEATTLE ? As Election Day approaches, the prospect of hackers stealing an
election is capturing the attention of some observers
Election reform in the past two years has centered on modernizing
supposedly antiquated systems, most commonly by replacing punch cards with
computers.
But some say they are concerned that those newer systems could result in a
new array of snafus in the next presidential election.
From software glitches to operator error, the new machines have been more
problematic than the old-school butterfly ballot at times. But now experts
are concerned that hackers may use the updated technology to steal an
election.
"It is a matter of when, not if. Systems will always be compromised if
there is enough incentive, motive to do so." said Patrice Rapalus, director
of the Computer Security Institute.
When the 2000 presidential election produced confusion in Florida, many
counties rushed to overhaul the way voters cast their ballots.
"We have, I think, a world-class elections law that will be implemented in
2002 so people will have full confidence that their vote will matter,"
Florida Gov. Jeb Bush predicted in May 2001.
But already this year, problems arose over faulty voting booth machines
during the Democratic primary in Florida, and attorneys for both parties
have begun preparing legal strategies for post-Nov. 5 battles.
What lawyers may not be able to argue their way through is technological
manipulation unless a culprit can be found.
"Any technology that's created, no matter how good you make it, as soon as
you have somebody on the inside working against you, it renders most of the
protections we can take advantage of useless," said Jeff Jonas, a computer
security expert.
Jonas specializes in consulting for casino security. Most gambling halls
have computerized slot machines and keno games. He said that despite
safeguards, no machine is invulnerable.
"People on the inside have reprogrammed chips. They put new chips in the
machines," he said.
Casino computer cheats reportedly steal $40 million every year. One
programmer caught rigging electronic bingo killed himself last month.
Another man stole $50,000 by loading a virus into gambling machines.
"It's the age-old problem with technology. The human element is the weakest
link," Rapalus said.
Many techies, including Jonas, insist computer voting is safe. In Snohomish
County, Wash., for instance, the machines are put through a battery of
tests then are secured to make sure the votes cast are the votes counted.
"That test is run sometimes immediately before the election. It's sealed
up, then opened up on the day of the election and it is run again to
initialize the programming to make sure nothing has inadvertently
happened," said Snohomish County Auditor Bob Terwilliger.
Of course, hackers have been able to get through firewalls at Microsoft and
the Pentagon to name a few of the most secure computer systems, so getting
past the county registrars may not be so tough, especially when the prize
is public office.
If problems are discovered, critics are most worried that there will be no
paper trail to let poll workers go back and count ballots by hand.
===========================================================================
IMPORTANT NOTICE: This communication, including any attachment, contains
information that may be confidential or privileged, and is intended solely
for the entity or individual to whom it is addressed. If you are not the
intended recipient, you should delete this message and are hereby notified
that any disclosure, copying, or distribution of this message is strictly
prohibited. Nothing in this email, including any attachment, is intended
to be a legally binding signature.
*****************************************************
Please remember to maintain your certification status
current. Submit required CPEs and pay your Annual
Maintenance Fees.
To UNSUBSCRIBE, go to the CISSP Services Page. Do not
send unsubscribe messages to the CISSP Forum!
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2b30 : Thu Oct 24 2002 - 17:17:26 PDT