A number of mainstream news outlets (for a pleasant change) followed up on our report yesterday (full version here, quick summary here) on the SQL Slammer Worm virus which hit Sarasota County’s database network on the first day of Early Voting last year, wreaking havoc which disallowed voting for two hours in the now-contest FL-13 U.S. House election between Christine Jennings (D) and Vern Buchanan (R). No telling what got into the MSM’ers, but perhaps it’s because we ran the story at Computerworld first instead of here at the “dreaded” and “unreliable” blog.
Either way, of the several outlets we found who picked up the story (with more on the way, we’re told, and local TV news coverage which we haven’t been able to find online), the Brandenton Herald’s coverage led the pack in advancing the story which they said “caused a stir Wednesday”.
Their report includes a quote from Jennings — who was named the loser in the race by just 369 votes, despite 18,000 reported undervotes on the county’s ES&S iVotronic touch-screen voting machines — saying “I read the story on the Internet and I was surprised…I need to know more about it. It does bring up some security issues that I think need to be looked at.”
Her campaign spokesperson, David Kochman adds, “It makes you wonder what else is there that they haven’t done to take care of the machines and protect them.”
But Kochman does help answer one very important question we asked in our piece yesterday, about whether or not the county had notified the plaintiff’s attorneys about this incident via the discovery process…
“We got tens of thousands of pages of documents and one of those things that we received literally had 32,000 e-mails on it. It was in one of those e-mails,” Kochman told the paper.
Before we ran our original story, Kochman told us he was trying to comb through documents to determine whether the incident report describing the successful viral attack had been included in what had been turned over to Jennings. Apparently it was.
We’re still trying to determine if the voter plaintiffs, who filed a separate suit in the case, were informed as well.
Either way, details of the incident were specifically not mentioned in the county’s state-mandated “Conduct of Elections Report”, signed by Election Supervisor Kathy Dent on November 18th. As we reported yesterday, an email to Dent reveals that she was notified about the October 23rd incident on November 9th. As well, she refused to return requests for comment on the matter placed by the Brandenton Herald — just as she did when we twice tried to contact her for same — so there is still no explanation for why the incident was more fully disclosed.
The Register in the UK also covered our report, adding that the incident highlights the dangers of secret e-voting systems.
“The lack of transparency is breathtaking,” they said, before concluding with: “Free and open elections, without which democracy isn’t possible, demand a fearless pursuit of the truth, something that appears to be in short supply in Sarasota.”
And finally, for now, Allan Holmes’ “Tech Insider” coverage for Government Executive, a print and online ‘zine which bills itself as “the authoritative voice on the business of government” and “the premier vehicle to connect businesses and federal decision-makers,” reports that the incident demonstrates fears by e-voting critics of viruses striking election machinery is no longer just a theory. “Now it seems theory has become reality,” Holmes writes.
“The delay could have played a big part in the outcome of the election,” he adds, noting that Buchanan’s 369 vote “win” might have been affected by the confirmed two hour system outage in all Early Voting locations in the the Democratic-leaning Sarasota County — Jennings strongest county.
“Did the wait dissuade some from voting?,” Holmes wonders, before summing up with a particular cogent point:
Indeed, while the folks who oversaw the system which was attacked, including one of the county’s security experts, Hal Logan, who we quoted in the article, seem to take their job quite seriously, even the best of IT system experts are frequently bested by hackers trying to defeat the system. And what higher target could their be, then our electoral system on which trillions of dollars hang in the balance.
And yet, we’ve allowed small, underfunded governmental entities — such as the thousands of county election offices around the country — to build the precious and precarious machinery of democracy on top of extremely sensitive, virus prone, high-tech, mission-critical IT hardware and software which even well-funded, highly-trained experts in the private sector have enough trouble keeping secure and online.
What must America be thinking to believe that these types of incredibly complicated systems can be properly maintained and secured by small time, local governmental officials who have absolutely no idea how these systems even work — or don’t — in the first place?
What in God’s name must we be thinking?…
Understand, this was not a random incident.
This incident began with a machine spoofing an address in the 172.16.x.x address range, which, while not an active in production network, was still live and configured within the checkpoint firewall.
This required knowledge of the network topology of the firewall, as well as knowledge of the checkpoint firewalls shortcomings. (the disabling of firewall functions for the port that network is configured on)
2 servers on the 10.240 network were communicated with, this included password changes.
Now, 10.240 network, while allowed to reach the internet, is NOT reachable at THAT address from the internet, this indicates to me that the hacked database server was specifically targeted, FROM INSIDE the FIREWALL…specifically BECAUSE it’s allowed to communicate to the outside world. This is the machine their contractor is allowed remote access to, as provided in the contract.
The incident report shows this is not a random incident.
If not a random incident, then this is an intended incident.
These 2 servers, that were touched, will have event viewer logs that “should” provide additional details, so far, based upon what the PDF’s have provided, we’re only seeing firewall logs. However, even the incident report falls a bit short, in that it DOES indicate the MS_SQL Server communicating with the public internet, the PDF does NOT divulge….WHOM the SQL server was communicating with.
The Checkpoint NAT tables from that period…WILL show this information.
All in all, I am convinced this was an intentional incident, from an individual who KNEW the network topology, KNEW the Checkpoint firewall, and KNEW that that SQL server was vulnerable (probably left that way on purpose), again, there is no other reason for a route table entry between the 10.240.x.x network and the 172.16.11.x network, especially knowing the 172.16.11.x network was NOT in production.
The logs could tell a whole LOT more than this incident report does, and they should be subpoenaed.
And I really think their IT Contractor has some answers they should provide. Publicly.
Brad,
I had to chuckle at “for a pleasant change”.
One reason is that this blog really is for a pleasant change.
Because change is needed to get back to sanity. Not only election sanity, but other forms of sanity too.
And blogs are needed because change of the type that is needed is not MSM material. Naturally, then, they come here.
And “pleasant” because we are not off anywhere killing our enemies, as the regime (supported by the MSM) is. We are simply here making the truth fun again. Pleasant.
The bottom line is that we can be pleasant and do our work even though they really can’t.
It’s probably the blood splatter that ruins it for them … and all that marching in step to make sure everything, including elections, falls in line one after the other.
Quien Sabe? Probably someone that speaks Gonzales?
The thing that Dan above is talking about, firewall security, is a constantly moving target as the hackers find new ways to breach the systems, inside or outside the wall. Just fishing for the open ports will allow access. (just think how easy it is if they already know the way in)
Without eliminating the machines, this could just repeat itself forever, with whoever is doing it just having to stay one step ahead of the programmers as the breaches are not usually found until after the fact in most of the cases.
With these machines going on line every once in a while without updates, they will perpetually fall into the hackers trap.
Network security is too sloppy to be used in this way IMO.
Fitrakis and Wasserman have another good piece about the spread of this disease worldwide without mentioning the IRI and the IFES, the two (above the board) responsible parties in this whole mess. Link to article
To quote: Her campaign spokesperson, David Kochman adds, “It makes you wonder what else is there that they haven’t done to take care of the machines and protect them.”
What makes you wonder is why on Earth an embedded system (the voting machine) is runnning Windows. The only time you specify Windows on a PC these days is when you want users to run Office or other Windows-only apps. Clearly, that’s not what these machines are for. Any software engineer worth his salt would therefore specify an operating system with a small footprint and a proven track record of reliability. There are many on the market, none of them made by Microsoft.
I question the competence of the guys who architected that voting machine. Oh, wait, it’s a Diebold, isn’t it? Never mind.
One really has to wonder how many firewalls are breached every day at the 1000’s of election offices around the country (and at the companies that sell them their election software). Maybe some Secretary Of State will begin asking for reports of any events from offices in their state.