Researchers were horrified to discover 35 ES&S voting machines connected to the internet. As you might have guessed, this is not at all good security practice—and it directly contradicts statements by various election officials and the manufacturer.

When is an air gap not an air gap? When it’s only a firewall (and an unpatched one, at that).

Pretty horrifying. In today’s SB Blogwatch, we vote with our feet.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: MCU exoplanets.

Firewall ≠ Air Gap

What’s the craic? Kim Zetter plays the Exclusive card—“U.S. Election Systems Have Been Left Exposed Online Despite Official Denials”:

Election Systems & Software, the top voting machine company in the country … insists that its election systems are never connected to the internet. But researchers found 35 of the systems have been connected to the internet for months and possibly years.

…

These include systems in … states that are perennial battlegrounds in presidential elections. … Some of them disappeared from the internet after the researchers notified an information-sharing group for election officials last year. But at least 19 … were still connected to the internet this week. … Gaining access [to the] critical backend systems … could potentially allow a hacker to alter official election results, or subvert the election-management system to distribute malware to voting machines.

…

“At least some jurisdictions were not aware that their systems were online,” said Kevin Skoglund, an independent security consultant. … “Election officials were publicly saying that their systems were never connected to the internet because they didn’t know differently.”

…

ES&S has long insisted that election-management systems are air-gapped. … But Skoglund said this “misrepresents the facts. … The EMS is connected to the internet but is behind a firewall.” … And misconfigured firewalls [or] unpatched software vulnerabilities … are one of the most common ways hackers penetrate supposedly protected systems. The recent massive hack of sensitive Capital One customer data is a prime example.

…

While no one is suggesting that any of these systems have been manipulated or hacked, the findings highlight how little local and federal election officials understand how these critical election systems are really configured. [It also] highlights how new efforts … to warn election officials about known threats and vulnerabilities don’t work if the message doesn’t get to the [right people] or if local election officials simply don’t act on the information.

And David Z. Morris favors the brave—“Swing State Voting Systems Were Left Connected to the Internet for Months”:

The findings contradict longstanding claims by election officials and vendors. … ES&S denies its vote tabulators are ever connected to the Internet, and said its election management systems are secured, hardened, and not permitted online.

…

“If you’re connected to a firewall, even if your IP address isn’t visible, you are connected to the internet,” counters Dr. David Jefferson, a cybersecurity expert [who] sits on the board of Verified Voting, an election cybersecurity nonprofit. … “It’s a sad commentary on the security understanding of those who configure election systems. … Never, from the minute they are set up, should they be connected to the Internet, at all.”

…

Dr. Avi Rubin, a professor focusing on cybersecurity and elections at Johns Hopkins University … believes the new report shows one of the fundamental problems with electronic voting. … “Vendors may provide instructions such as, don’t turn these transmission systems on, … but the election workers might do something different.”

Oh. My. FSM. Derek Mead—@DerekTMead—is flabbergasted:

This is an incredible investigation. … The conclusion is stunningly bad. Every paragraph in this story is worse than the last.



Astounding negligence.

Are ES&S and the public officials lying or simply incompetent? Here’s danso:

It seems almost a given that these election software companies will have an access configuration snafu that leaves them compromised. … But the article makes the case that the software makers and county officials are confused as to the basic definition of “air gap.”

…

I mean, it may very well be that the firewall setup is secure. … But to insist that it represents an air-gapped system … is a whole other level of incompetence.

…

(The quoted VP may actually be maliciously deceptive, but I’d argue that for all intents and purposes, the difference between malice and gross ignorance is relatively negligible when it comes down to the county official.)

The timing is interesting. Iain Thomson is in Lost Wages—“You can easily secure America’s e-voting systems”:

Election security is a hot topic at the Black Hat and DEF CON hacking conferences this year, and a matter of increasing national concern. [And] according to infosec guru Bruce Schneier, there is only one tried-and-tested approach that should be considered: pen and paper.

…

“Paper ballots are almost 100 percent reliable and provide a voter-verifiable paper trail. … This isn’t hard or controversial. We use then all the time in Minnesota.”

…

It would be lovely if officials could get on top of their IT equipment, and take offline systems that are supposed to be offline, as America gears up for the crucial 2020 White House race.

Surely this is fixable without returning to paper? AmiMoJo moves:

Proper internet voting would actually be a lot more secure than these machines.

And grapesandwich agrees:

You can’t tell me the US government cannot afford a few measly servers and some programmers to maintain accuracy. If they can afford a war in the middle east, they can protect elections.

But what about paper ballots? G’day, Bubba von Braun:

Paper works. Having been an election official here in [Australia], I have been part of the process.

…

Slipping in extra ballots won’t work. The polling place has say 3000 ballots issued to it. We need to account for them this is done throughout the day. At close of voting the ballot boxes are opened in by voting officials, and counted in-front of scrutineers.

…

The results are phoned through and all the ballots and materials are packaged and sealed, delivered to the returning office for that district. These ballots are counted again at least twice in the following weeks to verify the counts.

…

It’s this accounting that picked up 1300 missing senate ballot papers in [Western Australia]. And to ensure integrity of the vote, a fresh senate election was held for that state.

Meanwhile, Dr_N explains why paper couldn’t possibly work:

Instant gratification: Paper or punch/mark cards don’t fill the need for on-the-night results to feed the 24/7 news cycle.

And Finally:

Which MCU Planets Could Really Exist?

(Simon Clark uses his PhD in atmospheric physics, and Hannah Wakeford uses her PhD in planetary science to dig into the Marvel Cinematic Universe’s fictional exoplanets.)

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hate mail may be directed to @RiCHi or sbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: Douglas W. Jones (cc:0)

— Richi Jennings