this post was submitted on 14 Aug 2024

40 points (97.6% liked)

Cybersecurity

5379 readers

160 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

The nation’s best hackers found vulnerabilities in voting machines — but no time to fix them (www.politico.com)

submitted 4 weeks ago by BrikoX@lemmy.zip to c/cybersecurity@sh.itjust.works

9 comments fedilink hide all child comments

Organizers and participants at the DEF CON Voting Village found cyber vulnerabilities in everything from voting machines to e-poll books, but there is no time before the November elections to fully implement their findings.

top 9 comments

sorted by: hot top controversial new old

[–] notaviking@lemmy.world 5 points 4 weeks ago (5 children)

Electronic voting will never be safe. A combination of electronic and physical systems might be the best. Like putting in your vote on a screen but also have a punched card that can be physically verified by the voter before submitting the card as well. Thus there is an easy electronic count and a physical card that cannot be easily hacked if there is a need for a recount.

But there are many ways to skin a cat, and even physical votes like in Venezuela can still be overturned if you have the corrupt men and men with weapons if you argue.

[–] WolfLink@sh.itjust.works 2 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

A piece of paper isn’t exactly perfectly secure either. Most hacking ends up being manipulating people rather than machines.

[–] notaviking@lemmy.world 1 points 3 weeks ago (1 children)

Well manipulation of people is my example with Venezuela with guns and corruption. but it is a small country. What about a 150 million or more country, what would be easier, manipulation of paper votes across the country involving a lot, and I mean a lot, of people using ballot stuffing and count rigging or getting a small hacking group years in advance to plan and execute a voting machine manipulation without anyone noticing

[–] WolfLink@sh.itjust.works 1 points 3 weeks ago* (last edited 3 weeks ago)

a small hacking group years in advance to plan and execute a voting machine manipulation without anyone noticing

This is actually incredibly difficult. Finding vulnerabilities isn’t easy, and exploiting them often isn’t easy either. Sometimes a vulnerability requires the user of the device to do something specific, and sometimes it requires direct access to the device. This comes back to social engineering, as a hacker may have to trick a poll worker into triggering the vulnerability. Also some vulnerabilities might be less impactful than others, e.g. leaking some information rather than allowing a hacker to manipulate votes. Finally, vulnerabilities are discovered and patched all the time. The problems discovered at this year’s DefCon, maybe not all of them will be patched before the election. But planning an attack years in advance? That’s not happening.

What about a 150 million or more country, what would be easier, manipulation of paper votes across the country involving a lot, and I mean a lot, of people using ballot stuffing and count rigging

So here’s a list of actual vote manipulation techniques that are commonly used in this country:

gerrymandering
laws that make it harder for certain people to vote (e.g. laws where your huge city is only allowed one polling booth and you have to take a day off work to vote and there’s strict time requirements and you aren’t allowed water while in the long line)
people intimidating people they don’t think will “vote correctly” to stay away from polls

Here’s a list of vote manipulation techniques that were attempted but failed:

bringing a fake set of electors to declare votes that didn’t match with what the people voted for
interrupting the official counting and certification of the voting process
potentially the killing of government officials in charge of the vote certification process (this didn’t happen, but the mob raiding the capital had constructed a gallows…)

I really, deeply think that some unspecified electronic vulnerabilities are the least of our concerns for this upcoming election.

[–] BrikoX@lemmy.zip 2 points 4 weeks ago

Are there countries that have e-voting on a national level apart from Estonia? They had it since 2005 without any major issues.

[–] sugar_in_your_tea@sh.itjust.works 1 points 4 weeks ago

You mean, like, mail ballots? You mark a card, then they scan it in for a digital count. It's a pretty good system, and I like not having to wait in line at a voting booth.

[–] corsicanguppy@lemmy.ca 0 points 4 weeks ago

35 million people spread out in the second biggest country globally and our voting is done in a day with folding tables, paper, pens and volunteers counting.

I hope we don't get the machines. They seem slow and inaccurate. :-p

[–] haui_lemmy@lemmy.giftedmc.com 0 points 4 weeks ago

The issue with electronic voting is changeability of electronic data. You‘d need to employ the bad word (blockchain) to make sure you can backtrace every single vote to the booth it was taken from. Someone with more experience in blockchain or voting might disagree but you do get a real ledger which is a good start.

[–] Openopenopenopen@lemmy.world 5 points 4 weeks ago

Just a slight Correction to the title.

The nations best *ethical hackers found these issues.

No doubt these guys are amazing, but they only represent the good guys, or the folks trying to fix this. The bad guys didn’t report any of their findings at defcon.

It’s kinda like calling the World Series the World Series when only a couple of nations compete.