—
From the dates on these earlier reports (cited next), it is clear the Dept of Homeland Security has known about this US security breach for quite some time now — so WHY did it take them until last night, to inform the hacked States that they ‘might have a problem’?
Don’t they want to give the effected States enough time to fix their defenses or what?
And why all the secrecy? Did Donald Trump order these results to be “delayed”?
by Sam Thielman, talkingpointsmemo.com — June 30, 2017
[...]
Voting machines, especially the electronic machines still used in several states, are so insecure that an attack on them is likely to be successful, according to a report from NYU’s Brennan Center for Justice out Thursday morning. David Dill, a voting systems expert and professor of computer science at Stanford University quoted in the report, said hackers can easily breach election systems regardless of whether they’re able to coordinate widely enough to alter a general election result.
“I don’t know why they wouldn’t try to hack voting machines and I don’t know what would stop them,” Dill told TPM. “Any statement that says ‘We haven’t see evidence of X’ also means ‘We haven’t lifted a finger to investigate.’”
[...]
While forensic examinations would answer many questions vital to researchers trying to improve voting systems, the potential for eroded confidence in those systems may help to explain DHS’ reluctance to seek out hard evidence. The department said most attacks were simple scanning, rather than attempts to alter tallies or poll books.
Here’s a question I like to ask the DHS “Stalling Committee” Task force, in charge of investigating this Voting System Hack in at least nearly HALF the States:
Question: Did the Russian Hackers who got into the DNC Emails, did they “Just Look, and Leave” — or did they DO something nefarious with those Emails — like release them to Wikileaks? Why in the world are you giving malicious Hackers the benefit of the doubt, in the case of their Voting System intrusion?
Without systematic and regular Audits, after every stage of Voting tallying — you can not prove, or disprove if Votes were changed, or not. Not without going back in interviewing every voter.
When a hacker changes a Number in a spreadsheet, or a Summary Value in a Database column — on the night of an Election — and then saves those changes, the original values are gone. Only an previously conducted Audit, would detect such “unauthorized edits”. And Hackers, by definition are “unauthorized” users — just one step away from Editing what they find.
Hackers by definition, give themselves “Super-user” rights, not “Read only” rights, whenever they possibly can.
This could be WHY the Brennan Center for Justice has such a keen interest in “Audit Control” ...
Securing Elections From Foreign Interference
NYU's Brennan Center for Justice
Amid ongoing investigations into Russia’s unprecedented cyberattacks around the 2016 election, this report outlines specific actions Congress and local election officials can quickly take to insulate voting technology from continued foreign interference. The authors focus on assessing and securing two of the most vulnerable points in the system: voting machines, which could be hacked to cast doubt on or change vote totals; and voter registration databases, which could be manipulated in an attempt to block voters, cause disruption, and undermine confidence when citizens vote.
Among the most important security recommendations detailed in this report are the following:
• Replace Antiquated Voting Machines with New, Auditable Systems.
Our election infrastructure is aging. It is time for Congress, states, and local governments to assist election officials in replacing antiquated equipment that is costly and difficult to maintain, has an increased risk of failure and crashes, and remains a significant security risk. Perhaps most importantly, Congress should act to help states and counties replace the old, paperless Direct Recording Electronic machines that are still used in 14 states, with more secure, accessible systems.
• Conduct Audits of Paper Ballots or the Voter Verified Paper Record.
Paper records of votes have limited value against a cyberattack if they are never used to check that the software-generated total has not been hacked. Today, only 26 states require that election officials conduct post-election audits of paper records. Even in states where they are conducted, they are often insufficiently robust to ensure an election-changing software error would be found.
• Complete a Full Assessment of Threats to Our Voter Registration Systems.
State and local governments must fully identify potential avenues for attacking voter registration systems, mapping out all of the entities that interact with that system, and implementing mitigation strategies where weaknesses are identified. The consensus among experts interviewed by the Brennan Center is that this should be done on a regular basis, but that many states are unlikely to have completed this kind of comprehensive risk assessment in the last few years, despite the fact that both registration systems and cyber threats have evolved enormously over that time.
[...]
Cyber-security expert J. Alex Halderman recently testified to the Senate, that only 2 States have robust enough “Audit Controls” to actually detect if and when Votes have been changed:
• Second, we need to use the paper to make sure the computer results are right. This is a common sense quality control. It should be routine. Using what’s known as a risk-limiting audit, officials can check a small random sample of the ballots, to quickly and affordably provide high assurance that the election outcome was correct. Only two states, Colorado and New Mexico, currently conduct audits that are robust enough, to reliably detect cyber attacks.
So why is the DHS so matter-of-the-fact about their “nothing to see here” pronouncements?
… the U.S. Department of Homeland Security informed the office Friday that the while the system was scanned by agents of the Russian government, it was not breached.
Where is the DHS evidence of THAT? Did they conduct the “before and after” Audit checks, in each state? Can we see those Audits, please?
Question: Imagine some cunning thief in you area, somehow how managed to get “the keys” to your home or apartment (some locksmith, or contractor, or associate of the realtor). And then imagine that instead of barging in and wrecking the joint — they quietly slip in while everyone is asleep, and take a Twenty here, a bit of Jewelry there. And they keep doing this every few weeks.
How would you know you’ve been Robbed?
You wouldn’t — unless you had a detailed inventory of your valuables, and you regularly re-counted it.
Well, those “Look and See” Russian hackers, are the “Robbers” in this scenario.
They have “the Keys” to the democracy kingdom — and the DHS bureaucrats are blissfully saying to the American people: “They’re just scanning the place — they’re not going to actually take anything.”
“Just Trust them.”
And WHY is that again? If their actual actions with the DNC emails, are any indicator of the nefarious intentions — then lackadaisical trust is the last thing they deserve!
We should be changing out all the locks, installing redundant security systems, and regularly taking inventory of all “our valuables” — that is if we still consider, a People-driven democracy, something “valuable" and worth protecting?
Someone should ask the DHS that.
Added by request:
Verified Voting .org has a Donate button on their home page.
Brennan Center for Justice .org has a Donate button on their home page.
P.S. The DHS doesn't need a “Donate Button”,
they already have their 'captive' audience, that ensures their ongoing missions.