phands
Veteran Member
- Joined
- Jan 31, 2013
- Messages
- 1,976
- Location
- New York, Manhattan, Upper West Side
- Basic Beliefs
- Hardcore Atheist
Unbelievable in this day and age. Disk erase/destruction is mandatory in any company I've worked at this century.
My bold.
I'm shocked that this isn't a huge scandal.
https://www.wired.com/story/i-bought-used-voting-machines-on-ebay/
IN 2016, I bought two voting machines online for less than $100 apiece. I didn't even have to search the dark web. I found them on eBay.
Surely, I thought, these machines would have strict guidelines for lifecycle control like other sensitive equipment, like medical devices. I was wrong. I was able to purchase a pair of direct-recording electronic voting machines and have them delivered to my home in just a few days. I did this again just a few months ago. Alarmingly, they are still available to buy online.
If getting voting machines delivered to my door was shockingly easy, getting inside them proved to be simpler still.
The tamper-proof screws didn’t work, all the computing equipment was still intact, and the hard drives had not been wiped.
The information I found on the drives, including candidates, precincts, and the number of votes cast on the machine, were not encrypted.
Worse, the “Property Of” government labels were still attached, meaning someone had sold government property filled with voter information and location data online, at a low cost, with no consequences. It would be the equivalent of buying a surplus police car with the logos still on it.
My aim in purchasing voting machines was not to undermine our democracy. I'm a security researcher at Symantec who started buying the machines as part of an ongoing effort to identify their vulnerabilities and strengthen election security.
In 2016, I was conducting preliminary research for our annual CyberWar Games, a company-wide competition where I design simulations for our employees to hack into. Since it was an election year, I decided to create a scenario incorporating the components of a modern election system. But if I were a malicious actor seeking to disrupt an election, this would be akin to a bank selling its old vault to an aspiring burglar.
I reverse-engineered the machines to understand how they could be manipulated. After removing the internal hard drive, I was able to access the file structure and operating system.
Since the machines were not wiped after they were used in the 2012 presidential election, I got a great deal of insight into how the machines store the votes that were cast on them.
Within hours, I was able to change the candidates' names to be that of anyone I wanted. When the machine printed out the official record for the votes that were cast, it showed that the candidate's name I invented had received the most votes on that particular machine.
My bold.
I'm shocked that this isn't a huge scandal.
https://www.wired.com/story/i-bought-used-voting-machines-on-ebay/