Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Data Storage Databases United States Politics

US Voting Server At Heart of Russian Hack Probe Mysteriously Wiped (theregister.co.uk) 431

A computer at the center of a lawsuit digging into Russian interference in the U.S. presidential election has been wiped. "The server in question is based in Georgia -- a state that narrowly backed Donald Trump, giving him 16 electoral votes -- and stored the results of the state's vote-management system," reports The Register. "The deletion of its filesystem data makes analysis of whether the system was compromised impossible to ascertain." From the report: There is good reason to believe that the computer may have been tampered with: it is 15 years old, and could be harboring all sorts of exploitable software and hardware vulnerabilities. No hard copies of the votes are kept, making the electronic copy the only official record. While investigating the Kennesaw State University's Center for Election Systems, which oversees Georgia's voting system, last year, security researcher Logan Lamb found its system was misconfigured, exposing the state's entire voter registration records, multiple PDFs with instructions and passwords for election workers, and the software systems used to tally votes cast. Despite Lamb letting the election center knows of his findings, the security holes were left unpatched for seven months. He later went public after the U.S. security services announced there had been a determined effort by the Russian government to sway the presidential elections, including looking at compromising electronic voting machines.

In an effort to force the state to scrap the system, a number of Georgia voters bandied together and sued. They asked for an independent security review of the server, expecting to find flaws that would lend weight to their argument for investment in a more modern and secure system. But emails released this week following a Freedom of Information Act request reveal that technicians at the election center deleted the server's data on July 7 -- just days after the lawsuit was filed. The memos reveal multiple references to the data wipe, including a message sent just last week from an assistant state attorney general to the plaintiffs in the case. That same email also notes that backups of the server data were also deleted more than a month after the initial wipe -- just as the lawsuit moved to a federal court. It is unclear who ordered the destruction of the data, and why, but they have raised yet more suspicions of collusion between the Trump campaign team, the Republican Party, and the Russian government.

This discussion has been archived. No new comments can be posted.

US Voting Server At Heart of Russian Hack Probe Mysteriously Wiped

Comments Filter:
  • by phantomfive ( 622387 ) on Thursday October 26, 2017 @07:47PM (#55441309) Journal
    Bet you'll find plenty of insecure voting machines around. There is absolutely no reason to have those things connected to the Internet.
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      There is no mystery about who wiped the machine or how it got wiped. The question is, why isn't someone being charged with evidence tampering?

      I'm sure the people who support Drumpf have already started their own noise to try to turn this into some kind of non-issue. And most people won't give a darn either way. This country is screwed.

      • by jwhyche ( 6192 )

        Honestly, I can say I'm about to stop giving a damn ether way and say we just toss all them out. Trump, Clinton, Ryan, the funny lady with the James Brown haircut, and etc etc etc. Clean house, remove all congress and both parties. Hell get rid of the parties. too. We can put the janitor in charge till we reelect new officials.

    • The voting machines themselves aren't connected to the Internet. However, the people designing the ballots are just ordinary designers working on ordinary desktop computers. They make their Indesign files or whatever, and eventually those make their way, usually by thumbdrive I believe, to the voting machines, presumably along with whatever malware was on the designer's machine.

    • by fahrbot-bot ( 874524 ) on Friday October 27, 2017 @12:35AM (#55442321)

      Bet you'll find plenty of insecure voting machines around.

      Tell them they're pretty or handsome and doing a really good job. That'll help their self-esteem.

    • by davide marney ( 231845 ) on Friday October 27, 2017 @06:42AM (#55443141) Journal

      I am a volunteer poll worker in Virginia. NO vote-tallying equipment is connected to the Internet, anywhere in the U.S. We are not idiots. We have about 230+ years' worth of experience with people trying to throw an election, and we understand -- and mitigate -- the risks.

      This server in Georgia did NOT hold vote counts. It held voter registration records, instructions, and voting equipment passwords.

      Each precinct tallying the votes keeps an independent record of their machines. There are paper backups of voting totals in the form of printed counts and hand-copied summary sheets.

      In my state, we have switched over to machine-counted paper ballots in all precincts. Those scanners do not even have wireless hardware in them, they can only be accessed via ethernet cable. Once a machine is tested and certified for voting, a cover is placed over the ethernet socket and it is sealed with a plastic band.

      I do advocate the use of paper ballots, but not because then humans could do a hand-count of them. Humans are lousy at repetitive tasks. A hand-count of millions of votes would have a margin of error 10x the size of the margin of error of machine-counted votes. In Virginia, when there is a recount, we bring in a completely different set of scanners than were used to originally count the votes, and run the same paper ballots through them. That is a excellent independent count.

      • by hey! ( 33014 ) on Friday October 27, 2017 @09:02AM (#55443719) Homepage Journal

        Manipulating voter registration records can also affect the outcome of an election, particularly in a situation where you are performing mass voter roll purges -- which I believe Georgia did. Tweaking the purge in the partisan way is one of the things that could be hidden by this.

        Many voters who are denied a ballot may not choose to cast a provisional ballot, or come out to vote next time. Although this may seem like they get what they deserve if they're not sufficiently dedicated, voting can be more of a sacrifice for some people, particularly those with limited time to vote and where the polling stations are located inconveniently. If you're risking late for work you might choose just to leave. There have been documented attempts to manipulate turnout by inconveniently locating polling places.

        As far as paper ballots, the obvious choice is optically scanned paper ballots. That said, I have never seen any evidence that human recounters don't perform acceptably. They are not perfect, but neither are machines -- for that matter how could you possibly know if a machine is perfect? In any case human limitations can be dealt with using statistics, to any desirable level of confidence.

    • Comment removed based on user account deletion
  • by ejtttje ( 673126 ) on Thursday October 26, 2017 @07:56PM (#55441361) Homepage
    Black box voting machines make it easy for election officials to throw the results however they pleased. Let's skip the Russian conspiracy theories when good ol' domestic corruption is more than enough to explain suspiciously wiped servers.
    • Re: (Score:2, Insightful)

      by skam240 ( 789197 )

      Maybe let's not ignore that a very significant geopolitical adversary of the US was trying to change our election outcomes (for which there is ample evidence) and like a rational person consider them as a possibility in things like this.

      • by king neckbeard ( 1801738 ) on Thursday October 26, 2017 @09:12PM (#55441717)
        Clinton lost to a fucking game show host. The problem isn't Russian hackers, it's the power structure in major western nations is isolated from reality, and thus they get their asses kicked by populists. Populist left easily beats populist right, but populist right beats establishment left. Establishment left sabotages populist left, and gets beaten by populist right. The Clintons and the Blairs are responsible for votes being close enough that foreign interference could even possibly affect results. The Dems could have nominated a ham sandwich and received 300 electoral votes against Trump.
    • Diebold's CEO promised to deliver Ohio to Bush, and in contradiction to the exit polls, the Diebold machines made good on the promise. Not proof (polls are tricky), but there was a "magic" card that could set the machine to deliver and specified result. Might have been a test card to check the the central server correctly tallied the remote machines, but production code should never have had it.

    • by CapOblivious2010 ( 1731402 ) on Thursday October 26, 2017 @10:47PM (#55442045)
      See, this is why electronic vote counting is such an abysmal idea. It's not just that the vote totals can theoretically be hacked (though that's bad enough), it's that there's simply NO WAY to prove the totals WEREN'T hacked. If a group of people decides that the election was hacked, there's no real evidence one way or the other. This undermines faith in the system REGARDLESS of whether the election was or was not hacked!

      So we're putting the foundations of our system of consensual government at risk just to save 1 sheet of paper every 4 years? Look, I'm all for saving the environment, but is this really the best way to do it? Maybe the newspapers can agree to sell ONE LESS PAGE of advertising on ONE DAY out of every 1,461 days instead? Or maybe we can all agree to buy one less book in our lifetimes? Or maybe we just agree that this is one situation that really IS worth "killing trees" for!

      But however we justify it to ourselves, can we PLEASE go back to paper ballots?
      • There are ways to prove voting machines weren't hacked, it's just that none of the voting machine manufacturers have implemented such measures.
    • Re: (Score:2, Insightful)

      by HiThere ( 15173 )

      Despite the accuracy of your assertions about domestic corruption, I think there is reasonable evidence that this time there was also a lot of Russian participation.

  • Obligatory (Score:5, Funny)

    by spaceman375 ( 780812 ) on Thursday October 26, 2017 @07:59PM (#55441373)

    Voting Machines: https://xkcd.com/463/ [xkcd.com]

  • Nothing to see here (Score:4, Interesting)

    by quonset ( 4839537 ) on Thursday October 26, 2017 @08:02PM (#55441397)

    Move along. Ignore the man behind the curtain. Electronic voting systems are perfectly safe. There's no need to keep any paper records because the machines never make mistakes and are secure from intrusion.

    There's never been a case where voting machines have been compromised. How do we know? Because we say so.

  • than deleting backups.

    Just sayin.

  • Windex? (Score:2, Funny)

    by Tolvor ( 579446 )

    By "wiped" do you mean with Windex? Was Hillary anywhere around?

  • Russian Squirrel! (Score:2, Interesting)

    by Uberbah ( 647458 )

    The state was being sued for having a shit electronic voting system with no verifiability, and now the primary evidence was mysteriously erased! Must be the Ruskies (who haven't been shown to have done jack or shit last year), not someone looking to cover for corrupt election officials in the state.

    • I'd love to think this would mean the lawsuit would be "confirmed" because the machine couldn't (now) be verified, even though well within the require data retention period. Knowing how these things work though, it'll get thrown out for lack of evidence instead.

  • by SlaveToTheGrind ( 546262 ) on Thursday October 26, 2017 @11:18PM (#55442131)

    The non-clickbaity side of the story (a statement from Center for Elections Systems at Kennesaw State University, who had possession of the server) is here [arstechnica.com]:

    "In March 2017, a Center for Election Systems’ server involved in an alleged data breach was turned over to the FBI. While the server was in the possession of the Bureau, a forensic image or copy of all the data on the server was made and held by the agency. Following the notification from the FBI that no data was compromised and the investigation was closed, the server was returned to the University’s Information Technology Services group and securely stored. In accordance with standard operating procedures, an after-action report was prepared. This report outlined hardware improvements for the Center, including repurposing the impacted server and surplusing servers that had exceeded end of life. As part of the report, the original server that had been investigated by the FBI was designated to be repurposed, and the drives on the server were erased and the server made available for alternative uses."

    "As noted by the subpoena filed today by the Attorney General’s Office, the data and information that was on the server in question has been and is still in the possession of the FBI and will remain available to the parties in the event it is determined to be relevant in the pending litigation."

    So (a) the feds already investigated and found no evidence the server was compromised, and (b) they still have their forensic image of the server. This seems a lot more like litigants and journalists huffing and puffing than it does a real issue.

    • by Anonymous Coward on Friday October 27, 2017 @02:38AM (#55442579)

      You don't find it odd that the server was wiped after a lawsuit was filed? You don't find it odd they degaused the backups three times when the lawsuit moved to federal court? Are you for real here? I mean the first wipe could have been morons being morons. But the destruction of the backups? And hey isn't preservation of records in the face of litigation a thing? Even armchair lawyers know that's a thing. Somebody really doesn't want those records examined.

      • You don't find it odd that the server was wiped after a lawsuit was filed?

        No one who understands technology finds it odd, or even cares.

        A server is the data the server contains, not the physical hardware.

        The FBI still has "the server", with a legally admissible chain of custody, so it doesn't matter if the hardware itself was repurposed as material in an art exhibit, or whatever.

  • Throw all these electronic voting machines in the trash! Use paper ballots and a pen, stuff those in sealed envelopes, have voters drop those into sealed and transparent ballot boxes, seal the slot when voting is over, then bring all ballot boxes to the counting place and have the count be open to the public. Once counted compare votes cast with the number of people signing in at polling stations. Both numbers have to match. Keep the sign in lists and the ballots at least until the next election and put a s
  • Conclude that it was compromised and proceed from that standpoint.

  • A computer at the center of a lawsuit digging into Russian interference in the U.S. presidential election has been wiped.

    "What, like with a cloth or something??" [go.com] - That never gets old...

  • ...it was Democrats who INSISTED that electronic voting was the key to the future, since their voters were too stupid to operate a paper ballot in the Florida 2000 presidential election.

You are always doing something marginal when the boss drops by your desk.

Working...