Connect with us

Cybersecurity

Can Electronic Voting Machines Be Hacked?

Published

on

With the election now in just weeks and the republican nominee, Donald Trump, stating numerous times that it will be rigged, electronic voting once more takes center stage with concerns raised that electronic voting machines could be hacked.

// -- Discuss and ask questions in our community on Workplace.

Unlike Britain, which uses only paper ballots, USA uses electronic voting. Although paper ballots still account for around 75% of all votes in USA, five states, Georgia, Delaware, Louisiana, South Carolina and New Jersey, use only electronic machines, and, more worryingly have no paper trail thus making it impossible to audit the results.

This is worrying as voting machines are made of computer code which can and has been hacked. A Princeton professor, for example, showed how one can be hacked in seven minutes. On Apr 14 2015, the Virginia State Board of Elections decertified AVS WinVote touchscreen Direct Recording Electronic (DRE) because they could be hacked through wireless access, not even requiring physical presence at the polling station.

Moreover, it’s not just hacking. Irregularities can occur unintentionally due to hardware or software malfunctioning. There have been cases of touchscreens switching votes, of ballots disappearing as in 2006 where 18,000 votes vanished in a contest decided by only 363 votes and the case of the Arkansas mayoral candidate who was surprised to see he received 0 votes while he confirmed he had certainly voted for himself. At least the results were not negative, like in Florida in 2000 where an electronic voting machine gave Al Gore a final vote count of minus 16,022 votes.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

This year’s electronic voting is further complicated by the fact that the machines are now very old, not having been replaced in a decade, with some not replaced in 15 years. Most run windows XP, which is no longer maintained, while some are on windows 2000. Some of the machine manufacturers are no longer in business, with replacement parts difficult to find. This year’s machines, therefore, may be more prone to crashing and, as old operating system vulnerabilities are unpatched, they may more easily be hacked.

According to Bruce Schneier, a renowned computer security expert, the solution is to mandate paper audit trails. Schneier states:

“DRE machines must have a voter-verifiable paper audit trails (sometimes called a voter-verified paper ballot). This is a paper ballot printed out by the voting machine, which the voter is allowed to look at and verify. He doesn’t take it home with him. Either he looks at it on the machine behind a glass screen, or he takes the paper and puts it into a ballot box. The point of this is twofold: it allows the voter to confirm that his vote was recorded in the manner he intended, and it provides the mechanism for a recount if there are problems with the machine.”

Another problem is systemic hacking or manipulation either by the manufacturer himself or others. As the code on which electronic machines run is not visible or examinable publicly, there is no way to verify results are not subtly tampered intentionally by the manufacturer who may change a few lines of code or by someone getting access to the manufacturer’s system. Considering that some states do not have paper trails at all, and others do not run paper trail audits unless the race is close and requires a recount, such systemic manipulation of electronic machines to tilt the balance a certain way could have a significant effect towards the end result.

The solution is to require the code is publicly released as open source so that all can look and see how it works. Why this has not been done already is not clear, save for perhaps lack of public pressure considering the rarity of elections and the argument of manufacturers that the code has trade secrets. However, except for who voted for what, elections require full transparency if they are to attract the confidence of the public. This applies more in this election than ever considering some clear and overt biased by the media and much of the establishment against Trump.

Nonetheless, if there are any irregularities they are likely to be limited in number, thus affecting perhaps a very close race, but probably not an election where one candidate is clearly the preferred choice.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is concidered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...



Feedback or Requests?

Click to comment

You must be logged in to post a comment Login

Leave a Reply

Breaches

The Lessons Of Meltdown And Spectre

Published

on

The discovery of the twin flaws Meltdown and Spectre and the events related to the information leak that followed carry a huge message: we all need to do something to regain control of our digital identity. Blockchain technology is the most compelling option.

// -- Discuss and ask questions in our community on Workplace.

A few days back we wrote about the computer chip flaws named Meltdown and Spectre found largely in Intel and AMD products. The discovery of these flaws leaked into public hands leading to a possible public relations mess if not disaster for the worlds largest chip fabricators as well as Microsoft.

The PR Template

The history of public relations has formulated a strategy that calls for the affected company CEO to issue an apology and offer the promise of a quick and reliable solution.

On Monday January 7 Intel CEO Brian Krzanich announced an update all of Intel’s products within a week covering 90% or more with the balance available by month end. This sounds reassuring until you get a closer look. After that everything quickly breaks down.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Limited Coverage

The updates only cover products introduced in the past five years. What about the rest of the user base? There are uncountable data centers in existence with equipment dating back to 2013 and before. My still totally awesome iMac was build in 2011.Five years is not all that long.

The Meltdown and Sprectre flaws affect every computer, server and mobile devices since the dawn of the digital age. Since there is no known fix for Spectre, we must assume the update only covers Meltdown.

Opening The Door

Krzanich stuck to the company line that the updates would not drastically affect computer performance for the average user. The operative word here is “average user”. But even this claim contradicts Microsoft CEO Satya Nadella who warned their Meltdown fix would result in processing speeds 20%-30% slower than normal.

Before updates and security fixes are in place, bad actors have some valuable time to do their deeds. The Intel release insures that every hacker will have his or her very own guide to both Meltdown and Spectre.

Intel even attached the security researchers released documentation of critical vulnerabilities of Meltdown and Spectre. Only GPS could have been better.

Protecting Your Digital Identity

Just for fun, I opened the Apple Store and into the search window I typed “Passwords”. Immediately I was presented with 10 different categories so I picked “Password Manager”. There were no fewer than 75 apps to hide your passwords.

In addition there is Apples own Keychain and Google Passwords so we are getting closer to 80 in total. Conclusion: if anyone was all that good there would hardly be a need for this many.

Can All 80 Apps Be Wrong?

It didn’t take long to realize the “raison d’ etre” for so many password managers offered nothing to do with superior performance. They just created another layer of usernames and passwords. These days when we forget a password it sets in motion a whole chain reaction that includes changing and manually resetting everything in the password manager.

We have all been through this massively frustrating process that never seems to change. Is our personal data safer with almost 80 password managers to choose from? Obviously not just look at the data breech at Equifax or Target Corp.

The answer as to why nothing has basically changed since the days of the dialup Internet is that the possession and control has shifted from over 315 million Americans and billions more elsewhere to a handful of corporate controllers.

Frequent and well-publicized breeches prove that the controllers of our identity never really protected our privacy. They simply did a good job convincing us they had our backs.

Guarded By The Phantom

This phantom layer of security was breaking down long ago when data storage companies began popping up across the country. But in many cases they kept data spread over several different locations.

This is until the birth of cloud storage when two things changed. The entirety of corporate data could be centralized making it rich bounty for hackers. Then for server efficiency multiple corporate client data was loaded onto a single server. Yum, this is like a Thanksgiving feast.

Weaknesses from centralization of data go beyond cloud storage. Look no further than the security vulnerabilities in Meltdown and Spectre.

Regaining Control

If ever there was a good reason for government to protect its citizens, this is one of them. Unfortunately the problem is too big for a mere regulation or two to do the full job.

Using blockchain technology for digital identity holds the power to regain ownership of our data. It has the power to create a new model of online data management. The fact that it frees companies from the liability of data ownership should make for a receptive audience. And of course the cost savings is an added bonus.

The Benefits of Ownership

When the ownership of our digital identity returns to the hands of individuals, you will have the power to decide who has access, under what conditions and for how long. Proponents of this idea believe it creates an incorruptible digital record and can be used for virtually any peer-to-peer transfer of any asset.

Pronouncing anything incorruptible or totally secure is foolish especially given overwhelming evidence to the contrary. Security has always and will always be a comparative state. There are no absolutes. It is true however that the decentralized architecture of blockchains make for much less interesting prey for hackers compared to those big cloud storage facilities.

Featured image courtesy of Shutterstock. 

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is concidered a failure either way.
6 votes, average: 4.00 out of 56 votes, average: 4.00 out of 56 votes, average: 4.00 out of 56 votes, average: 4.00 out of 56 votes, average: 4.00 out of 5 (6 votes, average: 4.00 out of 5)
You need to be a registered member to rate this.
Loading...



Feedback or Requests?

Continue Reading

Cryptocurrencies

Spectre And Meltdown Madness: What It Means For Ethereum

Published

on

To anyone who talks in terms of a cryptocurrency bubble, consider the following fun facts. In the short period of a few days following the bombshell announcement of Meltdown and Spectre, crypto prices responded in the following manner:

// -- Discuss and ask questions in our community on Workplace.

Bitcoin +18%

ETH +41%

Litecoin +30%

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

In my view, this is clear evidence of a market that is responding rationally to information coming from responsible sources. To appreciate what all the noise is about you must appreciate what Meltdown and Spectre are and why they present a danger to the big companies providing cloud storage for the corporate world.

Once this is clear, then you will better appreciate why Ether’s 41%+ short-term price spike left the others in the dust. But first lets dig into the Meltdown and Spectre situation.

The Secret Got Out

 On January 3 the secret about a new class of security vulnerabilities leaked out to the public. Not only was this seriously bad news but the leak also gave hackers advanced notice before anyone could begin to fix the twin problems.

The degree of seriousness is in the fact that almost all major microprocessor chips are vulnerable. This opens the door to hackers stealing information from personal as well as cloud services.

Researchers claim that Meltdown can be fixed with a patch. Shortly thereafter about every major player announced their patch. But there are two issues here. Will the patches fully solve they problem?

Casting A Cloud Over The Cloud

When a corporation becomes a cloud customer, even the largest share machines with other customers. This is the basic flaw in the centralized structure of cloud storage. Contrast this with the decentralized structure of blockchain technology and you begin to appreciate the force behind the sudden price spike in cryptocurrencies that we highlighted above.

Even though security tools and protocols are designed to separate customers date, the recently discovered Meltdown and Spectre flaws still leave serious vulnerabilities.

Meltdown, hackers could rent space on a cloud service, just like any other business customer. Once they were on the service, the flaw would allow them to grab information like passwords from other customers.

Secondly, reports on cloud services like Amazon, Google and Microsoft claim that it creates as much as 30% slower computation speeds. That clearly won’t make for happy customers.

Jerky NetFlix

Virtually everyone reviewing the situation believes individual computer users are the least vulnerable. That may be true. Hackers are in the hunt for the biggest prize and that would be the big three cloud companies. But how do you think families are going to react if their Netflix stalls and buffers every few minutes?

In the final analysis, the Meltdown flaw affects virtually every computer chip fabricated by Intel in use today. You are talking about 90% of the Internet and business world. But Meltdown is just one flaw.

Spectre is the other flaw and this one is the more insidious of the two. There is no known fix. Intel, AMD and others have claimed how complex a project it would be for hackers to breech the Spectre vulnerability. That is pretty hollow comfort. After all, hasn’t the FBI security been breeched. Those guys were supposed to be airtight.

Boom Days For Blockchain

In so many ways, last year marked a tipping point in the spread and acceptance of blockchain technology. The uses for Bitcoin are probably best gauged by its record $20,000 price in December. For Ethereum, it may have been marked by the formation of the Enterprise Ethereum Alliance (EEA) in February and rise to over 300 members at year-end.

No sooner has 2018 begun that the Meltdown and Spectre flaws created unexpected excitement for investors in cryptocurrencies. If I were a software salesman out of work, I would be sending my resume to every crypto company offering to peddle their blockchain. It could be the easiest job since selling web design services in 1995.

The Ethereum platform with its smart contracts is not the only crypto capable of addressing this newly uncovered opportunity created by Meltdown and Spectre. You can safely bet this will attract many players and for good reason, today’s blockchain technology is a long way from fast enough for mass adoption. Blockchain security may be a step or two better in it present form than cloud storage, but it has its security issues as well.

Building the Ethereum Moat

 EEA founder Jeremy Millar is clearly a brand ambassador for Ethereum. He believes that CEOs hear the chatter about blockchain and are pre sold not having a clear picture what can be accomplished or the money saved using this technology. The important thing is for IT departments to have a respected brand to attach to their recommendations.

The EEA seeks to connect and inform and through this pioneering process spread the gospel of Ethereum. So far this is beginning to build a brand franchise for Ethereum.

The EEA is the largest blockchain body and is committed to using open-source Ethereum technology for enterprise blockchain solutions. EEA expects to see great advances in these areas in 2018 with Ethereum technologies.

It also helps when Wall Street banks uncover the potential for billions in savings on the trading desks through the applications of the Ethereum platform.

So, if you though the last year held plenty of excitement, the Meltdown and Spectre flaws promise to make this year every bit as much fun.

Featured image courtesy of Shutterstock.

 

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is concidered a failure either way.
14 votes, average: 4.14 out of 514 votes, average: 4.14 out of 514 votes, average: 4.14 out of 514 votes, average: 4.14 out of 514 votes, average: 4.14 out of 5 (14 votes, average: 4.14 out of 5)
You need to be a registered member to rate this.
Loading...



Feedback or Requests?

Continue Reading

Cybersecurity

Criminal Underground Disavowing Bitcoin for Other Cryptocurrencies

Published

on

The criminal underworld is disavowing bitcoin in favor of a new breed of cryptocurrencies that can better conceal illicit activity, a phenomenon that can partly explain the rapid rise of altcoins over the past three months.

// -- Discuss and ask questions in our community on Workplace.

The Rise of Privacy Coins

So-called ‘privacy coins’ like Monero, which are designed to avoid tracking, have quickly climbed the cryptocurrency market’s ranks. According to Bloomberg, these crypto alternatives have gained prominence at a time when law enforcement is increasing its surveillance of bitcoin users. Analytics firms are also getting better at spotting illicit behavior and alerting crypto exchanges before funds are exchanged into fiat money.

Europol has flagged several privacy coins as being more conducive for the criminal black market. In a recently published report, the European Union’s law enforcement agency said “other cryptocurrencies such as Monero, Ethereum and Zcash are gaining popularity within the digital underground.”

An analyst interviewed by Bloomberg said Monero is one of the most popular coins for ransomware attacks. Monero’s popularity among cyber criminals stems from its advanced encryption techniques, which generate fake addresses to hide the real sender’s identity. This technique also obscures the transaction amount issued. Bitcoin, on the other hand, records all addresses and transactions on an immutable digital ledger.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Experts say Zcash offers even better privacy protection because it obscures the actual address of the sender rather than generate fake addresses. This method makes it impossible for surveillance technology to draw correlations in addresses used in multiple transactions.

Monero and Zcash have both grown to become multi-billion-dollar cryptocurrencies. By market cap alone, Monero is ranked 12th, with an overall value of $6.3 billion. Zcash is down at 29th with an overall market cap of $1.7 billion. Both cryptocurrencies have daily turnover well into the hundreds of millions.

The developers behind Monero said they specifically designed the cryptocurrency to safeguard privacy. Naturally, this would be of benefit to criminals looking to evade detection.

“As a community, we certainly don’t advocate for Monero’s use by criminals,” core developer Riccardo Spagni told Bloomberg. “At the same time if you have a decentralized currency, it’s not like you can prevent someone from using it. I imagine that Monero provides massive advantages for criminals over bitcoin, so they would use Monero.”

Governments Make a U-Turn on Cryptos

Although bitcoin catapulted into the mainstream last year as one of the world’s fastest-growing alternative assets, its history is tainted with criminal activity tied to money laundering and the dark web. This partly explains why so many governments were eager to disavow the cryptocurrency. Many policymakers quickly realized that prohibition is not the answer given the inherent benefits of blockchain technology.

Russia is one of the more notable examples of a government that quickly changed its tune on bitcoin. It was not even two years ago that Russia’s Finance Ministry was proposing seven-year jail sentences for bitcoin users and adopters. Last week, the government said it would take decisive steps to developing a national cryptocurrency backed by fiat money.

Today, the cryptocurrency market enjoys favorable conditions in many parts of the world, including Japan, South Korea and Switzerland. Buying and selling crypto assets is also supported across many Western nations. However, the evolving nature of the market has put authorities on high alert, with South Korea recently announcing it would take decisive steps to rein in speculation.

2018 is expected to be a pivotal year for crypto regulation, as legislators attempt to define the burgeoning market. Cryptocurrency exchanges, initial coin offerings and mining could all be subject to federal oversight in the near future.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock. 

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is concidered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...



Feedback or Requests?

Continue Reading

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending