You are viewing an obsolete version of the DU website which is no longer supported by the Administrators. Visit The New DU.
Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

OK, so we're under attack. [View All]

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
This topic is archived.
Home » Discuss » Archives » General Discussion (Through 2005) Donate to DU
BevHarris Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Oct-31-04 03:49 AM
Original message
OK, so we're under attack.
Advertisements [?]
Edited on Sun Oct-31-04 03:55 AM by BevHarris
I've just spent the last 8 hours with computer security specialists.

The story we posted on Black Box Voting (.ORG) and the documents and videos that accompany it is apparently something you aren't wanted to see.

We've had some top people look at our Web site attack. If someone wants to take you out badly enough, there is very little you can do. In the past days we have had attacks on the database. Attacks on the file permissions. Attacks on the passwords. Attacks by DNS poisoning. Asia and Korea are blocked from even trying to access our web site. As soon as we fix one thing, something different is attacked.

This is disturbing enough, but here's something worse: We are seeing people in the Democratic Party almost run the other way rather than face the issue of a real problem with remote access into the central tabulator. I've had half a dozen conversations with lawyers for the election monitoring groups, and with observers, who do not have a clue what they are doing.

"But the party is sending observers," said one. when I described the attacks that may be launched. Another refused to even get on the phone with me. They have not a clue what they are doing when it comes to monitoring the counting of the vote.

Black Box Voting has developed a very precise list of what to do and watch for when monitoring the tabulator, but the Dems think they don't need it. Well, I met some of the Dem lawyers while observing the central tabulator during the Washington State primary, and all I can say is: clueless. Pitiful. Asking to be wounded.

This is alarming. There is more, and it is more disturbing still, but I haven't decided how we're going to approach it. It has to do with who knew the remote access hacks, and when.

Computer folks, listen carefully:

The Diebold central servers are installed on unpatched, unsecured Windows computers and use RAS to connect to the voting machines. Since RAS is not adequately protected, anyone in the world, even terrorists, who can figure out the server's phone number can change vote totals without these changes being detected by observers.

King County gave us the server's phone number in a public records request, because the elections director didn't know he shouldn't give it out to the poll workers, and the troubleshooters wrote the number on slips of paper, and the file clerk had no idea a phone number was sensitive information. Getting hold of these phone numbers, for someone with a little determination, is apparently not hard at all.

The only way to protect tomorrow's election is to disconnect the servers from the modems NOW.

It gets worse. You have to leave the security holes open because you are using a product called the DigiBoard, which can't be configured any other way. GEMS is wide open to VBA-script attacks because it is based on unsecured MS Access, and is run on Windows XP and 2000 machines, which can't be configured to disable VBA script attacks on the unprotected MS Access database.

A shot across the bow: It is very, very disturbing to see who knew this information, and when, and therefore this must be said: Anyone who thinks they are helping by exploiting these vulnerabilities to hack should be held accountable for the resulting chaos, and they are so far off base it's frightening.

If you think there isn't already a Patriot Act-like repressive bit of "corrective" election legislation written, just waiting for a receptive America -- an America in which people yearn for the return of order and a feeling that everything is under control -- well, think again.

This country has all the legal tools it needs, already, to address whatever comes our way on Tuesday, whether it be civil unrest, a litigation trap, or a misguided attempt to demonstrate hacking for all to see. We don't need another Patriot Act style order-restoring act of congress shoved down our throat. So let's not tempt fate, OK?

We recently found an erased and tampered audit log -- which appeared shortly after a GEMS crash, and was indicative of hacking in to tamper with votes, since the crash immediately followed a series of modems timing out. We reported it and then lost our Web site.

I need your help.

I need to be put in touch with someone upstream who will help us get the modems disconnected. First, so votes are not stolen that way. But second, to save us from the chaos that certain groups, potentially voting activists or people on the left side, may cause if they try the misguided action of demonstrating hacks.

This vulnerability can be prevented. All it requires is turning off the modems. In King County, when they stopped using the modems, it only took an hour longer to count the votes. This is the sixth biggest jurisdiction in the U.S.

If someone tries to make a hero of themselves through hacking, demand answers about when they knew about this, and why they didn't take it public in a timely manner. And I personally will assist in putting them in prison.

Bev Harris
Printer Friendly | Permalink |  | Top
 
 

Home » Discuss » Archives » General Discussion (Through 2005) Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators


Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC