InfoWorld is reporting that Sequoia Voting System's website was hacked last Thursday. Web site hacks and defacements are nothing new; there have now been so many that the folks at Zone-H (which maintains one of the largest archives of such sites) have publicly raised the question of whether it's still worth the effort to catalog them.
So it would be easy to dismiss this as just one more incident in a very long line of incidents encompassing sites of every description from all over the planet. But that would be a mistake -- a serious mistake. This incident speaks volumes about the core competency of Sequoia Voting Systems, and what it says is very disturbing.
Here's the salient part of the InfoWorld reporting:
A company whose e-voting machines have come under fire from election officials in New Jersey confirmed that its site had been hacked Thursday.
A section of Sequoia's Web site was hacked overnight, and when the company realized what had happened it took the site down and removed the "intrusive content," Sequoia spokeswoman Michelle Shafer said.
Sequoia made "security enhancements" to protect the site from further hacking, and it was back online Thursday afternoon, Shafer said. The company is investigating the origin of the attack.
This -- plus other material I haven't quoted here -- makes it clear that the site was hacked, that Sequoia knows it was hacked, and that they've publicly admitted it. But there's a key phrase here that sets off alarm bells in the heads of experienced security analysts:
"security enhancements"
The reason this is alarming is that it tells us something about the mindset of the people working at Sequoia. It tells us that they believe it's possible to "enhance security" after-the-fact by making minor changes or stuffing in add-ons. But this is almost never the case: adding more cruft onto something that's inherently insecure might assuage some people by providing the comfortable illusion that there's been a substantive improvement, but it usually just means that an still-insecure system has been wallpapered over and the problem declared "solved" so that everyone will agree to stop talking about it.
You can't turn a screen door into an armored bank vault door by adding a fancy lock. You have to start over.
To put another way: insecure systems don't magically become secure because someone adds a firewall, or a layer of auditing, or changes passwords, or anything like that. Insecure systems NEVER become secure. The only way to actually solve the problem they present is to (a) understand why they're insecure and (b) replace them with new systems that (at least) don't have that particular set of problems. This is time-consuming, expensive, annoying, embarrassing, and often a career-limiting move, which is why it so rarely happens. This in turn explains why many security problems keep coming up over and over and over again.
If this attitude was coming from the owner of the website of the University of Southern North Dakota at Hoople, then this wouldn't be such a big deal. But this is coming from Sequoia Voting Systems, and they make voting machines. And as we see in Sequoia Voting Systems threatens Princeton researchers, Sequoia Voting Systems SUCCESSFULLY threatens Princeton researchers and Sequoia Voting Systems vs. Princeton, Round 3, they're desperately trying to prevent independent experts from getting a look inside them.
Why? Well, because it's already been pointed out that these systems have serious problems: see Sequoia’s Explanation, and Why It’s Not the Whole Story. and that's just based on their output. Imagine how brittle, how insecure a voting system built by people that think mere "security enhancements" can fix a serious problem might be. Imagine how devastating the results of a fully-independent, unconstrained review of them might be. And "might" is the operative word: we don't know. It's remotely possible, against all available evidence to date, that these machines are rock-solid and will withstand determined, clueful attack by the world's best hackers. It's also possible -- and vastly more likely given that evidence as well as Sequoia's attitude -- that they're laughably insecure.
But nobody's laughing, because these systems are being used to implement one of the fundamental mechanisms underpinning our democratic republic. They are the instrument by which one of our fundamental Constitutional rights is exercised. And their vendor has just publicly advertised that it is profoundly clueless about basic security philosophy.