A University of Michigan computer scientist and his team were not the only ones attempting to hack the Internet Vote scheme that Washington D.C. had planned to roll out for actual use with military and overseas voters in this November’s mid-term election.
According to testimony given to a D.C. City Council committee last Friday by J. Alex Halderman, asst. professor of electrical engineering and computer science at University of Michigan, hackers from Iran and China were also attempting to access the very same network infrastructure, even as his own team of students had successfully done so, taking over the entirety of the Internet Voting system which had been opened for a first-of-its-kind live test.
[See our report last week on details of what had already been disclosed about Halderman’s startling hack prior to last Friday’s hearing.]“While we were in control of these systems we observed other attack attempts originating from computers in Iran and China,” Halderman testified. “These attackers were attempting to guess the same master password that we did. And since it was only four letters long, they would likely have soon succeeded.”
In his stunning public testimony — before a single member of the D.C. Board of Ethics and Elections (BoEE), and a nearly empty chamber — Halderman explained how the team had, by the time they discovered their fellow intruders, already gained complete control of the system, it’s encryption key and its passwords. The system was developed as part of an Internet Voting pilot program with the Open Source Digital Voting Foundation.
As The BRAD BLOG reported last week, Halderman’s team was able to take over the system within 36 hours after it had gone live for testing. After having “found and exploited a vulnerability that gave [them] almost total control of the server software,” his team was able to steal the encryption key needed to decode “secret” ballots; overwrite every single ballot cast on the test system; change the votes on those ballots to write-in candidates; discover who had already been voted for and the identities of the voters; install a script that would automatically change all votes cast in the future on the same system; install a backdoor to allow them to come back later; and then leave a “calling card” — the University of Michigan fight song — which was programmed to play in the voter’s browser 15 seconds after each Internet ballot had been cast.
But the new disclosures offered before the committee on Friday, including the hack attempts by computers in China and Iran, may have been as explosive, if not more so, than the previous revelations. They certainly illustrate and underscore a grave national security threat present in electronic voting systems such as the one D.C. had planned to use, as Lawrence Livermore National Laboratories computer scientist and cyber-security expert Dr. David Jefferson told me during an interview last Friday night on the nationally syndicated Mike Malloy Show which I was guest hosting last week.
The hack of the system forced the D.C. election administrators to shut down their plans for the pilot program which was to have gone live in days, as encouraged and partially funded by the federal Military and Overseas Voter Empowerment (MOVE) Act, which allocated millions of dollars for such Internet Voting pilot programs.
The revelations of the intrusion attempts from China and Iran, however, would not be the only new, previously unreported bombshells Halderman offered during his Friday testimony…
Defending the network…
“We gained access to this equipment because the network administrators who set it up left a default master password unchanged,” Halderman explained to Councilwoman Mary Cheh. “This password we were able to look up in the owner’s manual for the piece of equipment. And once we did, we found it was only a four-letter password.”
The University of Michigan team made short order of hacking that simple password, aided in no small part by the team having also taken over the security camera apparatus inside the election board’s actual data center where the servers were located.
“Once we gained control of this equipment, we could watch in real time on my desktop in Michigan as the network operators configured and tested the equipment,” he told the committee. “We could also watch them on camera because we found a pair of security cameras in the data center were on the same network as the pilot system and were publicly accessible with no password at all.”
When they’d discovered the foreign intrusions from Iran and China, the “white hat” hackers from the U.S. actually took measures to protect the D.C. system.
“We decided to defend the network by blocking them out, by adding rules to the firewall, and by changing the password to a more secure one,” he explained during his testimony to a stunned Cheh.
“You changed the password of the BoEE system?” she interrupted him to ask.
“Of the pilot system, yes,” Halderman responded.
“You changed it?!” Cheh asked incredulously.
“We did, yeah, to something so that the Chinese and Iranian attackers wouldn’t get it,” he said.
As if that’s not all bad enough…
Halderman also made another dramatic disclosure during his testimony. As his team was looking through the BoEE Internet Voting server, they made another alarming discovery which he revealed rather dramatically by pulling out some 937 pages printed out from a file the team had found and downloaded from the system.
The team had discovered that the local election administrators appeared to have conducted their own tests at some point by sending files to the system that were either longer or shorter than the PDF-formatted ballots that the system would have been expecting, in order to see if those incorrect files were properly rejected in the event that a voter had sent the wrong file instead of their ballot.
Those rejected test files remained on the server, however, where the Michigan team of “hackers” were able to rifle through them.
“Some of the files were just a page with one sentence, ‘This is a blank ballot.’ Others were much bigger. … But one of the files, which I have here,” Halderman explained as he pulled out hundreds of pages to place on the table, “one of the files was a 937-page PDF document.”
“It appears to be the 937 invitation letters that BoEE sent to registered voters. Each page contains the name and voter ID number of a real voter along with the 16-character PIN that is the only password a voter needs in order to use the system in the real election.”
“We found the document on the test bed server, a system that BoEE invited the world to break into, and that we showed could be broken into very easily,” he continued. “We have no way of knowing who else has access to this. The PINs in this document are the most critical secret to protecting the whole voting system.”
Livermore Labs’ Jefferson, who has advised the last five CA Secretaries of State on voting system security and represents VerifiedVoting.org as one of their Internet Voting experts, explained the importance of this revelation during my interview with him on Friday night.
“This was stunning,” he told me. “This file is, in a sense, the holy grail of voter security in the general election if this system were to be used in the general election. Of course, it’s now not going to be. But had an adversary had a copy of that file, they would have been able to cast votes for the legitimate voters, and if they’d cast them ahead [of the actual voters], their votes would be accepted as legitimate and the actual legitimate voters, when they tried to vote, would be denied because of course you can’t vote twice.”
Halderman believes the use of that particular file as part of the BoEE’s testing procedures suggests that the administrators of the system are not up to the task of securing such an important system. That same concern has been expressed by critics of e-voting for years, given that local elections supervisors, many of them with no computer science or security experience at all, are often enabled with the task of keeping complicated, sensitive, easily manipulated computer systems secure from both outsider and insider attacks.
“I’m just deeply concerned that BoEE does not take security seriously and that it fails to appreciate the security challenges that are faced by any Internet voting system,” Halderman said at the conclusion of his prepared testimony.
‘All the votes had disappeared…’
Jefferson found yet another very serious flaw in the D.C. Internet Voting system on his own — one that had not yet been publicly reported until my live interview with him on the Malloy Show Friday night.
He participated in the same open test the week before last, by casting his own vote using D.C.’s test-bed system and closely following the instructions he was given. After viewing and filling in the PDF version of the ballot he was offered during the voting process, he saved the file to his system, and sent it back in to the election server — cast his “vote” over the Internet — as directed by the system.
Later, however, he made a startling discovery:
“After submitting the vote back, the ballot was still on my desktop as a file so I opened it. And I discovered that all the votes had disappeared. I had a blank ballot. Which means that I had sent a blank ballot back to the District of Columbia, not the choices that I had made.”
“I investigated further and discovered that anyone who used certain combinations of browsers and what we call PDF plug-ins would have the same problem,” he told me on air. “In fact, unless you used a [stand-alone] Adobe Reader — which many people are familiar with and many people use, but many don’t — unless you used that [versus the web browser’s internal PDF plug-in], you were pretty much guaranteed that your votes would be erased the moment you saved them and you would be disenfranchised.”
“It was a very serious problem because I actually did follow directions. I did not do anything wrong, and many voters would have had this same problem,” Jefferson explained. “a large proportion of them would have cast, unknowingly cast, blank ballots. And once you do that there’s no recovery because you can’t vote twice and the election officials are not supposed to be able to find your ballot and fix it.”
Had the system actually gone live, under the circumstances, hundreds of ballots (the pilot program was to be done with the participation of some 900 overseas and military voters from D.C.) would likely have been returned over the Internet completely blank to the BoEE for this November’s mid-term election.
That is, of course, presuming the Iranians, Chinese, or anybody else who might have had an interest in the election, not changed all of the ballots to anything they wanted, or kept all of the voters from being able to cast their ballots at all by using the PIN numbers the BoEE had left on the server.
A matter of U.S. National Security…
“Many of us have been arguing that election security is a matter of U.S. national security,” Jefferson, who has worked for more than a decade on this issue, told me. He has done so as an adviser to both Republican and Democratic Secretaries of State in California, testified to countless official bodies about his concerns, and most recently worked on CA Sec. of State Debra Bowen’s landmark, 2007 “Top-to-Bottom Review” of all of the state’s electronic voting systems (all of which were found to have been easily penetrated and quickly manipulated during the first-of-its-kind public hack testing by an official state commission).
“Oftentimes the difference between one or another candidate for United States Senator, say, you know, is only a few hundred votes. So it’s really important that it not be possible for foreign governments or crazy self-aggrandizing hackers in other countries — or in our own — to be able to modify votes and get away with it.”
“But usually this warning that I have given many times, that this is a national security issue, goes, well, people are somewhat skeptical about it. It goes under-appreciated,” Jefferson explained diplomatically during our conversation.
“So here we have a case where not even a real election, just a test election, but announced as open to all comers to try to hack, Alex Halderman finds that not one but two teams from national rivals of the United States, Iran and China, are already trying to probe around inside it,” he warned.
During his testimony, Halderman explained that he didn’t “believe” the Iranian and Chinese “attackers were specifically targeting the D.C. voting system,” but, he added, “this is a large part of why Internet voting is so dangerous. The servers are going to face attacks from powerful adversaries anywhere in the world.”
A number of election and computer experts had warned the D.C. BoEE against going live with their Internet Voting scheme in the days just prior to the hack. The open tests proceeded nonetheless until administrators finally discovered the University of Michigan fight song was playing on web browsers after ballots had been cast.
Even though the system had been violated almost as soon as it had gone up, “the attack was not detected by the officials for several days, despite the fact that they were looking for such attacks (having invited all comers to try) and despite the fact that the attackers left a ‘signature’ by playing the Michigan Fight song after every vote was cast!” wrote Jefferson in a blog item at Verified Voting last week, just after Halderman publicly revealed in his own blog item that he and his team had been the “culprits.”
“Let there be no mistake about it,” Jefferson wrote, “this is a major achievement, and supports in every detail the warnings that the security community have been giving about Internet voting for over a decade now.”
“After this there can be no doubt that the burden of proof in the argument over the security of Internet voting systems has definitely shifted to those who claim that the systems can be made secure. … This successful demonstration of the danger of Internet voting is the real deal,” he said.
‘This isn’t a solvable problem’…
During his testimony last Friday, Halderman, and the others who testified with him, made the same point as Jefferson, very clearly arguing that existing computer technology and security safeguards simply do not allow Internet Voting to be carried out securely at this time. They testified that it could possibly be revisited in the future, but not for a decade’s time.
Unlike banking on the Internet or via ATM, they explained, a process which is open to oversight before, during, and after by all involved parties, the secret ballot system used in U.S. elections — where it’s impossible to verify the accuracy of the “transaction” after it’s been made and the identity of the voter must be kept forever a secret — cannot be done safely at this time on the Internet.
“The scientific consensus is that Internet Voting is just too dangerous today based on the limits of today’s security technology,” Halderman testified. “Indeed, it will probably be decades, if ever, before the technology is at a level where we can perform voting safely, purely over the Internet.”
Jeremy Epstein, a computer security and voting systems expert working with Verified Voting who also testified on the same panel with Halderman, said the history of computer security illustrates the problem faced in devising a system that is secure enough for the task of Internet Voting. He testified that he hopes the BoEE takes the right lesson from what happened during this landmark event.
“What we found in forty years of experience is you can penetrate and patch, and then you penetrate again and you patch again, and you penetrate again and you patch again and you penetrate again and you patch again and it never ends. If it ended, Microsoft would have succeeded. We wouldn’t all be having to reboot our computer and install patches once a month for the past ten years. This is not something that we can just say ‘Please, BoEE, fix the problems and then we can do it.’ This isn’t a solvable problem that way.”
Indeed, even local, precinct-based computerized voting and vote counting offers a storied history of disasters and meltdowns (scores of them documented in thousands of pages over the years here at The BRAD BLOG), including a number of infamous hacks of both paper-based and touch-screen e-voting systems, some of which were bullet-pointed in our initial article on the D.C. Internet Vote hack, in which we had speculated Halderman was likely behind it. Just weeks earlier, in late August of this year, Halderman succeeded in implanting Pac-Man onto a touch-screen voting system made by Sequoia without disturbing the machines “tamper-evident” seals. And even D.C. elections have had their own share of precinct-based e-voting disasters, such as their 2008 primary election when thousands of “phantom votes” for write-in candidates were produced on their paper-based optical-scan voting systems made by Sequoia Voting Systems.
Epstein lauded the D.C. BoEE for allowing this extraordinary test to happen. An open invitation of this type, inviting hackers to try and access an electronic voting system in the U.S., has never been done before. He “saluted” the Council on their “experiment.”
“For the first time, what computer scientists have been warning could happen in an election, we know that, in fact, it really could happen. It isn’t just a theoretical problem. It’s a practical problem. So nobody has ever assessed an Internet Voting election before this one. So that’s why it’s wonderful what you did. And now we’ve learned it. So let’s move on and come back in ten years.”
“Let me ask you this, from a legislative perspective,” Cheh asked of each of the panelists as the hearing was winding down, “should the Council, by legislation, just shut this down?”
The answer from each one of those testifying was an unambiguous “Yes.”
• Transcript of Alex Halderman’s complete BoEE testimony is posted here.
• Video of Halderman’s testimony, as captured and posted by Princeton Research Fellow Joseph Hall can be downloaded at the following links [Ed note: If time allows, we will try to edit the key portions of the testimony down to a size that can be uploaded to YouTube, as both of the files above are quite large.]…
High-res MOV(318mb) | Low-res MP4 (153mb)
• Brad’s Interview (audio and text transcript) with David Jefferson is posted here.
Secretly changing the “system” each election might help? Also, mybe new code systems can be devised that would thwart hacking. Codes based on colors and dimensional time space concepts and expressions as well as letters and numbers?
Any comment on the big journalism story?
And don’t deny the connection. I already grabbed a few screenshots.
Aaron – What Big Journalism story?
Braddy doesn’t allow knowing disinformation to be posted here, except the knowing disinformation he writes.
Aaron – Haven’t read it. But will try to and get back to ya!
Aaron – Went and read it. *That’s* Breitbart’s big story? That he figured out how Google works? That’s “the deep dark secret Brad Friedman doesn’t want you to know?” The one that’s been reported on publicly for years?! Thought I was going to learn that I was behind defrauding the U.S. Census. Oh, well.
Back to paying attention to what matters. Did ya hear that Iranian and Chinese hackers were infiltrating the D.C. Internet Voting system for military voters? Do ya care? You’ll pardon me if I do. I hope.
The farther we go the worse we get. I see no reason why we just dont send out votes to China and let them tally them up. True the odds are we might have a Congress where everyone is named Ho Chi min but so what? It wouldnt be any different than the one we have now.
Brad – This is huge. Surely one thing everyone should agree on is that we don’t want foreign governments manipulating our elections. Why isn’t this headline news at CNN?
We posted a story on this at our site. Our region, San Diego, has many military families and members who I’m sure will find the reasons for cancellation of online military voting of interest.
Keep up the solid reporting. For those not familiar with Brad’s work, he is one of the most highly credible sources on election integrity issues. As a national award-winning journalism myself for an election integrity topic, I appreciate Brad’s coverage of this important issue.
Nothing to see here folks, move along. Hey, did you hear about the Brett Favre scandal??
Hey Brad….do you think Kimberlin will ever pay DeLong the money ??
So, Brad, you don’t think we should find anything at all troubling about associating yourself with an unrepentant domestic terrorist?
And yeah, he is unrepentant. You cannot repent without confession and he pretends this was just about his first amendment rights, and not the drugs he dealt, the perjury he committed, or the bombs he set.
I mean, seriously. “Hey guys, this is my buddy Eric Rudolph. And this is my home-slice Osama bin Laden. Hey remember the time we all partied with Tim McVeigh? Man I miss that guy…” /sarcasm
Seriously, there was no one else able to found these organizations and hang out with you?
Hey Aaron, how much do you get paid to post your ad hominem attacks? Who pays you- somebody who wants to overthrow the US President, like the Koch brothers or that foreign agent Rupert Murdoch? Why don’t you refute the content of the article? You are validating what Brad says, because you would not be here posting your crap if it wasn’t so close to the truth. You know, when you use that same old tired tactic of attacking the messenger, all you do is make yourself look stupid. -er.
. . . so the SCoTUS won’t have anything to decide for us.
The system was intended to cancel the votes of military in DC elections. Military vote for Republicans and conservatives. The system was working as intended, cancel out military votes for DC elected offices.
This is the Chicago Way. Don’t need to be a resident be mayor. Don’t need a doctor signed hospital issued birth certificate to be president.
Bobby
> Hey Aaron, how much do you get paid to post your ad hominem attacks?
Wow, there is so much irony in that sentence, it is not funny. You are attacking my alleged ad hom… with an ad hom.
> Why don’t you refute the content of the article?
Why refute it? I am on record as agreeing with him. http://allergic2bull.blogspot.com/2010/10/when-hacking-is-act-of-patriotism.html
I just wanted to ask him publicly a question about his dubious associations with domestic terrorists and picked the most recent thread to do it in.
> you would not be here posting your crap if it wasn’t so close to the truth. You know, when you use that same old tired tactic of attacking the messenger, all you do is make yourself look stupid. -er.
Again, the irony is hilarious.
How is your buddy K!mber!in doing? Bomb anyone recently? Smuggle any drogas? Nice group of friends you have there, Brad.
Brad’s best buddy is a convicted terrorist, perjurer, drug smuggler, and the main suspect in the murder of a 65-year-old grandmother?
Nothing to see here, folks, time to move on.
Let me guess, it was or ?
Aaron Worthing @ 9 asked:
I have no opinion on what you should find troubling or not. I might suggest you think twice before relying on information from disinformative, oft-discredited partisan hack sites with a record of dishonest, out-of-context defamation such Breitbart’s (where blatant inaccuracies are simply ignored by the authors and editors, with no corrections or apologies issued) or psychotic Internet loons with well-documented records of violent and profane threats and years-long repeated (and baseless) assertions that I’m a neo-Nazi working as a CIA plant, or some other nonsense.
But I don’t tell anybody what they should or shouldn’t think. That much is up to you. Enjoy yourself. I’ll keep fighting for you and your nation despite what you may have to think about it or where you choose to get your (mis)information. You’re welcome! And have a great day!
OldAtlantic @ 12 misinformed:
Uh, no. The system was encouraged and funded by the bi-partisan federal “Military and Overseas Voters Empowerment (MOVE) Act” which lays out money to jurisdictions across the country to carry out such Internet Voting pilot projects. Such a program has been carried out in Okaloosa, FL for the last two elections in a row (without a public test as we, thankfully, saw in D.C.). And similar programs are being developed all over the country.
But thanks for putting your whacked-out partisan conspiracy theories before your country and everyone’s right to have their ballot cast and counted accurately, securely and transparently! You’re a great patriot!
Brad
Are you saying they are lying in their article?
And if so, would you care to correct the record?
Let me guess, it was “vote” or “Vote”
(Used a
@Brad #19…
Even IF the system were designed to cancel the allegedly republican vote of overseas service members, that’s still the exact same reason to vehemently object to this type of system (As Brad has repeatedly done).
The desired result from any election is transparent, verifiable, and auditable/recountable ballots.
You just can not achieve that result with ANY form of electronic voting.
I had that argument with Brad a little while ago, where, in my Computer Science trained and experienced mind, I wanted to trust the specialist (Me in this case). With 3 decades of real CS/Networking and security experience, I really did believe a verifiable system could be built using PDF documents stored in an SQL database and digitally counted.
I was wrong.
Nothing electronic is secure enough to safe guard the very foundation of our republic. The vote. I say this (Attention you trolls) as a Ron Paul supporter this past election cycle.
PS…Aaron, you’re doing a very shitty job of trying to discredit the messenger. A tactic that is ALWAYS employed when someone decides they don’t want that message disseminated.
“But thanks for putting your whacked-out partisan conspiracy theories before your country and everyone’s right to have their ballot cast and counted accurately, securely and transparently! You’re a great patriot! ”
That’s a disturbing way of putting the issue, Brad.
Time magazine claimed your organization had some kind of $500,000 prize you were waiting to award. Where’d you get that money? People donating to Br*** Kim+(capital of Germany)?
The New Yorker’s Singer said your partner is a “top flight con artist.” He’s taking tons of cash, and no one knows what he spent it on.
You say to discuss this issue is unpatriotic? I care deeply about voter fraud. I have dedicated a bit of work to the issue, actually.
I care enough about the issue that I know Brad Friedman and the con artist he is covering for should not be associated with the issue.
Anyone doubt Brad’s covering for his partner? Find out that guy’s name and try to make a comment with that in it. Your comments won’t be allowed, because Brad wants to hide the truth.
That Diebold machine that was easily hacked? Guess who had control of it, behind closed doors, before it was tested? What’s so sad is that I think electronic voting machines are a terrible idea. I know hundreds of thousands of money in donations, to fight for better elections, will not be used for that purpose because they wound up in the pocket of a “top flight con artist”. And just to dispel Brad’s lie that this is a partisan issue: the guy who coined that term was trying to write an article bashing Dan Quayle during the 1992 election cycle… he is a hardened partisan democrat.
Brad’s probably making up his claims about Iranian computers hacking DC voting systems, too. It’s cute how he twists facts with current events to make sexy stories like that. Just be very, very careful before you send a penny to his charity.
And I can’t name his charity because this blog automatically deletes any mention of that charity or Brad’s partner.
You have to look into this yourself to some extent. Come back, and tell me if you think I’m wrong, but be sure to name the people and organization you’re trying to defend. See for yourself Brad’s hatred of democratic discussion.
Why do you care Dustin/Socrates? Right now you think you have the upper hand while your lunacy spreads across the intertubes. But soon enough your day will be done. Brad and Brett and company will still be here, and you will still be low man on the totem pole with your two bit 5 visitors per week blog sprouting conspiracy theories et al (chemmie trails) at anyone who will listen to you.
I dare anyone who wants to know who Socrates is to visit the John Boyd Reynolds discussions on past forums.
http://www.chemtrailcentral.com/forum/thread10492.html&highlight=tracker
http://www.chemtrailcentral.com/forum/thread12093.html&highlight=jay+reynolds
This is now Socrates and his methods have never changed. He is a brilliant albeit sick and twisted personality that lives to hate on people, start arguments on forums where none should exist, and divide and conquer which is a federal effort design much like the Hal Tuner federal informant story. Socrates screams the loudest about misdeeds he himself is probably a part of ala paid info sleuth and cyberstalker of the grandest order. So many people have been taken in by him.
The funny thing about him is he tells people he is a lefty, and yet runs to the extremist right wingers to get his fake stories out. So, he shows his true colors now, no longer a left winger or debunker, but a right wing extremist who relies on Brietbart and Drudge to get his stories told. Hilarious Jay Reynolds Dustin, Socrates.. Just hilarious. Now we know who you are, and what you are.
Remember, the guy who screams scammer the loudest is probably guilty himself of the same thing.
I know how to use Google, Dustin the smear master has nothing, he should go away.
It is really scary when you stop and consider how arrogant we can be as a country. This story will be one that continues because we refuse to admit others are smarter and more advanced than us.
PWow, this really brought the loons out.
Just wanted to add that Ron Rivest, of RSA encryption fame, was also adding to the congressional testimony that internet voting cannot be secured. That’s about all I need to hear on the matter.
LOL, Big Jim — they have such a great track record of vetting their sources, doncha know!
I find this particularly hilarious: “Brad’s probably making up his claims about Iranian computers hacking DC voting systems, too”… Probably? Guess the videotaped sworn testimony before the D.C. Board of Elections by the U of Mich prof who actually conducted the hack is really just an elaborate CGI animation funded by the CIA. Clever trolls!
For people who profess to care deeply about election integrity, infiltration of the D.C. elections internet voting system by Iranian and Chinese hackers is apparently not a big deal.
Strange days, indeed.
Dan in PA,
I’m glad you can use google. Sometimes a little help is good.
Brad Friedman is listed as “director” on the Form 990 for an organization that, if I name, gets the comment deleted. Who censors mention of an organization they are running? If Brad has a reason to do that, it must be pretty interesting. Brad, write up a post on this. If you have, someone could just link it for me, please.
Also, the Form 990 says most of your expenses went to a contractor. Who? It doesn’t specify, though I noticed the organization’s address as the same as the person whose name I cannot mention (or the filter automatically deletes). this person is not even listed on the 990 as an officer. How much money has this person, BK, received from VR? $250,000? That’s a reasonable guess, based on the tax forms.
BK was called a “top flight con man” by Mark Singer (A reporter for the New Yorker)? Is he part of the right wing too? He was working with BK because he wanted to prove Dan Quayle was using drugs (he wasn’t, I guess).
I care about having honest elections we can count on. I believe in a paper ballot and throwing electronic voting machines away. I resent that people giving money to this cause are just enriching the person running the charity. I believe that’s what’s happening. If I’m mistaken, I’d like someone to explain exactly who got how much from the VR’s funds.
I’m not Socrates. As best as I can tell, he and I are not similar.
“For people who profess to care deeply about election integrity, infiltration of the D.C. elections internet voting system by Iranian and Chinese hackers is apparently not a big deal. ”
Well, we shouldn’t have an internet voting system at all, regardless. This is one of many examples of problems with our elections. Many precincts in new york have failed to send absentee ballots to the troops, too. This is a more proven example of denying a fair election, but it probably benefits democrats (as so many of these problems do).
I would take it seriously if Iran was hacking our election computers. I hope someone more reputable looks into that. Email your evidence to a real news organization. As best as I can tell, the problems in your video (which is a ridiculously large download, a 300 mb file… I guess you never heard of youtube) ascribed to Iran and China amount to normal hacking attempts on all major computer systems, guessing default passwords and probing firewalls. This isn’t OK, and it’s disturbing if the election system is vulnerable (oh wait, it isn’t in this case!? OMG Brad was wrong about a salient detail!)
In short, the person in the video was very clear that there was no targeted attempt by Iran and China to hack the election system. He also made clear they didn’t actually hack anything and that the system isn’t vulnerable because default passwords are changed.
So you’re wrong. On this specific issue, anyway, you’re relying on Brad’s inaccurate and hysterical summary. You might as well be a 9/11 truther, or a birther, or think Sarah Palin isn’t Trig’s mother.
But I took your claim seriously enough to download a 300 mb file and see if Brad’s claims are wrong (and they are). I wonder… how many people did that?
It’s amusing that I, a person who has worked very hard to attempt for the cause of fair elections is attacked because I didn’t take this claim seriously, even when the claim is crap. Apparently it’s not legitimate for anyone to discuss fair elections from the right.
ACORN? Not a problem for you, right? They have dozens of “Election Fraud” convictions. Actual votes case, thousands of fraudulent registrations. In several races, democrats win while more votes are cast than there are voters, or thousands of ineligible votes are cast by felons.
All these problems are denied, though.
Why? Because they don’t benefit democrats? Is that really all that matters?
Yes you are. You cant change your machine ID numbnuts lol. This is your great winter romance isn’t it Socrates?
Why don’t you talk about the real reason you have been after Brad eh? You once worked for him, then when you pulled your take over his blog shtick he dumped you over the side, and when that happened, well, you got mad. Then Mr Lou Aubuchont got in your face calling you a homosexual, which got your blood pumping for his hide. Ever since then Lou Aubuchont http://www.rense.com/general15/chemUSmilitarycontinues.htm has been on your radar screen, and as a matter of fact, you still stalk him to this day.
Well one day when your stalking went too far, Brad may have slipped up and gave your info to him and others probing your fakery, and it was at this point you decided to go after Brad with a vengeance. And it was because he gave your so called private info which he had on you to Lou, and Lou then called the police on you and possibly they visited you and forced you back on your medication, thus clearing it up that you needed to stay away from Lou or else face arrest.
It was at this very critical point in your life that you claimed to others that Brad was going to pay, and pay well for his giving your private info up as Jay Reynolds to Lou. (This is documented)
Ever since then you have been acting like a rejected lover who goes after his ex lover until he kills him. This is why Lou called you a homosexual, because in fact you were coming on to him as one, and he took it personally and told you to back off. Now, I don’t really have anything to say about you being gay or not being gay or whatever, because this is not about gayness. What it is about is the reality that you went after Brad because he leaked your personal info which he had on you to Lou, and ever since then you have been after Brad, and when they stopped you from going after Lou because Lou was going to have you arrested, you started going after the weakest link in the chain, and that was Brad. And it was because you felt that Brad was a weak sister, and one to pound day after day just like a rejected lover would do knowing that Brad would probably never respond to you in kind. At any rate, I think you are in fact gay, but not a nice gay, but a guy who threatens people or destroys them when he is rejected by those he loves and or respects.
You have given many people indications that you fall in love with them when you see them. This is your special kindred bond you have with various people on the net, and when it goes further and people wake up and see it for what it is and reject you, you strike out like a spoiled child, looking to destroy that which refuses to love you back. That is about what is is right Socrates? It is about rejection right? Same happened with Donkytake your best friend. Once he called you out on your gayness he also became another enemy of yours, now you even call him a pedo just to cover up that donkytale knew all about you and how you were in real life.
Anyway, as I said, this isn’t about your gayness or your mental issues. This is about who you are and what you are, and we know who you are, and also now we know what you are. Remember Socrates, the right wing will eat their children if it will suit them and one day you will find that out. Until then, enjoy looking for love in all the wrong places….
Tracker
Of course it does, as most in the military today are right wingers.
This is a common tactic of the right wing. They hype the security problems, claiming that hacks are happening because they see Chinese IP’s, when in reality its just hackers using compromised Chinese boxes for hacking. They just don’t want people tracking them down which is why they use Chinese and Iranian proxies, and as it is much easier to get an IP off a proxy in areas in which the USA government controls, this is why they use places such as China to hack from.. The government uses this as a prelude to scare mongering over the need to get more money or bigger budgets claiming that the Chinese or Iranians are after us, which is just not that true.
What fair elections are you talking about? There are no fair elections anywhere. Never have been either. Even LBJ paid to get elected. It has always been a scam, always has been always will be. Why not talk about that for a change? It has never been fair, and it has always been corrupt.
And the right has done the very same thing. Its always to keep people polarized while they in turn do the most damage. Left is just as bad as the right. The way to get rid of all this anarchy is to just throw them all out and start over with self government county by county or community by community.
“Yes you are. You cant change your machine ID numbnuts lol. This is your great winter romance isn’t it Socrates?”
LOL, I’ve never commented under that name, and if someone has claimed I have, they are lying to you.
“:Anyway, as I said, this isn’t about your gayness or your mental issues. This is about who you are and what you are, and we know who you are, and also now we know what you are. Remember Socrates, the right wing will eat their children if it will suit them and one day you will find that out. Until then, enjoy looking for love in all the wrong places….”
Can I ask: what is it about leftists and homophobia? You’d think the last place you’d find so much of it is on the left. I’ve heard conservatives say this kind of thing (and they are jerks too), but it’s always particularly amusing to hear it from someone bashing the right.
My name isn’t Jay Reynolds. I’ve never worked for anyone named Brad or the name I can’t post because of the filter. You are hysterically paranoid as to who I am. My Machine ID could not possibly be associated with anyone other than me and family members (none of whom are Socrates either, I assure you).
You’re really ranting and raving here. I’ve seen sycophants in my day, but I have to award you the E for effort award on this one.
But you know… its just an ad hom anyway. Maybe Plato would point that out if he were here. So assume I’m Socrates and the rest of your claims are true. So what?
It’s in moderation because I linked Mark Singer’s book, Citizen K. The URL had part of so and so’s name.
“This is a common tactic of the right wing. They hype the security problems, claiming that hacks are happening because they see Chinese IP’s, when in reality its just hackers using compromised Chinese boxes for hacking.”
That’s a good point. No reason to claim this was from China and not merely unprotected Chinese windows boxes, since many of them can’t get the latest security update.
I was just noting that the video meant to bolster this headline actually *directly* refuted it. Iran and China did not hack or attempt to hack the DC internet voting operation.
And bob, you’re correct that left and right both have people who selectively view any scandalous issue for partisan benefit.
I don’t, but I think those who do are terrible. I believe in as fair an election as is possible. Internet voting is not compatible with that goal. Elections people trust to obtain the right result are essential to social order, but also good for the more obvious purpose of the people getting what the want (to some extent). The main reason I care about the organization I can’t name, but of which Brad is listed as a director on their tax forms, is that I believe people are giving hundreds of thousands of dollars to this great cause, and essentially being conned.
Right or left doesn’t enter this equation. One reason voter fraud benefits the left in many cases is simply because it’s so much more pervasive in urban areas. I know there are GOP politicians out there who would happily steal elections too, sadly. But I also know that Sen Murray, Franken, and many like them who benefit from illegal votes, and ACORN, which has so many members convicted of Federal Election Fraud and state election fraud, shows a severe tilt to the left.
I’ve looked for similar cases among the right. There are some cases, but they tend to be minor. Does this matter? Not really. It’s a good cause, and electronic voting is a bad idea. A lot of democrats and republicans simply don’t trust elections from Diebold. That’s a good enough reason to not use Diebold (yeah, I know, they have a different name).
Dude, you might want to take some remedial reading comprehension courses. Either that or you get off on purposely misrepresenting others’ words, court cases, etc.
Whatever. Don’t care enough about you to bother with a line by line correction of where you’re, um, let’s be polite and call it “mistaken”. Done with ya.
Big Jim McBob – While I have no dispute with what you said about notorious “Socrates” (also know as “Prepostericity”), Dustin is not him. Moreover, our few rules for commenting here at The BRAD BLOG very clearly bar personal attacks on other commenters. Personal attacks on me are fine, as noted in the rules, but not on other commenters. So please do not so. And please consider this a friendly warning towards that end (as all folks get in cases like this).
For those who wonder who the hell “Socrates/Prepostericity” is, he is an Internet loon who has been stalking me and many others for years, posting all manner of violent screeds and libelous information on these pages and you can thank him for not being able to post some words here without pinging the moderation filter, so that I can avoid my blog being used to libel people in comments. We have no interest in “censoring” legitimate conversation, hopefully on topic, which follows both the law (doesn’t libel people) and our rules for commenting here, whether I agree with any particular comment or not.
And no, neither myself or the moderators have the time to baby sit or read every comment, and sometimes moderated comments take time before they are rejected or approved. Thanks to those of you who can help us keep this NOT like a kindergarten class by posting repsonsibly.
Dustin – You said:
We also have rules about posting knowing disinformation. Given the websites you generally traffic at, I suspect you have no idea that you just posted completely bogus disinformation. So, since you don’t know any better, it’s not a moderatable or bannable offense. That said, unless you can offer evidence to prove the claim you just made (hint: you can’t, but feel free to spend lots of time trying), you now know that that is disinformation.
The fact is, ACORN does not “have dozens of ‘Election Fraud’ convictions”, they have none.
A small number of their registration workers — almost all whom have been turned in to officials by ACORN themselves — have been convicted of voter registration fraud. Those were workers found guilty (based on evidence from ACORN themselves), not the ACORN organization who was the one being defrauded by those workers.
Since it’s clear that you’ve been hoaxed by Fox and Andy and O’Keefe et al on all of this, I’m giving you the benefit of the doubt that you are clueless here. So pardon me if I explain it to you like a first grader. If someone steals money from the cash register at McDonalds, and McDonalds turns them into the police and ask that they be arrested and charged with a crime, and they are arrested and charged with a crime, you wouldn’t go out and call McDonalds a criminal organization. If it happened a dozen times, you wouldn’t charge that McDonalds had dozens of burglury convictions. That is the case about which you have been scammed by Fox, Breitbart, O’Keefe et al in regard to ACORN.
You are welcome to disagree, but you’ll need to offer evidence to back up your claim at this point, or it will be considered knowing disinformation, because now I’ve taken the time to explain it to you.
If you are looking for an organization who actually DID commit voter registration fraud, I’d recommend, as just one example, the one whose head was actually arrested and plead guilty to it. That would be Mark Anthony Jacoby of Young Political Majors, hired to do voter registration in the state of CA by the California Republican Party. The story is documented here. If you’d like more such examples, just let me know.
And now that this thread has become entirely off topic and hijacked, I’d ask that commenters respect others here and try to get the conversation back on topic of the original thread as soon as possible. It’s pretty appalling, and disrespectful (though hardly unexpected at this point) that folks feel it appropriate to hijack threads — particularly on important topics — to dish their partisan, political nonsense. Please don’t, if you’d be so kind. Thank you.
Brad’s quite right that the myriad convictions I referred to were of people, and not ACORN. I’m not even sure if ACORN could be convicted of federal election fraud. I know many of their members have been, for a variety of things. I fail to see how this helps ACORN any more than it helped Nixon that it was his employee breaking into rooms at Watergate.
End of the the line for me is that the organization’s membership makes our elections less reliable (Same for Mark Jacoby, Republican and POS!), and not in an isolated way. If someone wants to distinguish an organization from its membership, that’s fine, but the problem is not limited to the well publicized fraudulent registrations. See Pajamas Media, which has a very good discussion of the issue.
I think it’s fair to note this is (only somewhat) off-topic. No problem.
I’m not here to drive threads off topic, and I realize it probably comes across differently.
The topic here is Iran and China discovered to have been hacking DC’s internet voting system. As I explained, these were not successful, these can not be successful (since default passwords have been changed) and they were not directed.
Nontheless, the internet makes hacking easier. Internet voting is inherently a bad way to handle the issue. I think it’s a good idea to make this case without this type of headline because, while it’s probably true a computer located in China pinged these servers… it’s really a let down to realize the common nature of the problem.
I notice Brad’s just ignoring the other issue I’m mentioned, where if I even name the principle entity or person the comment goes to moderation automatically (while he notes people don’t have time to babysit each comment, I do know for sure that a person rejected my comments in a different thread simply asking if a relationship was correct).
If I’m wrong about Brad and ___ _____ I actually am sorry and want to set the record straight. I wouldn’t sit idle as Brad is smeared, and I have an open mind. I’m an honest person. If there’s some reason Brad can’t let this other person be named, and he’s talked about it, just link that post. If Brad wants to email me some kind of short explanation, that would be great, too (my email on the form is accurate).
If this is just some attempt to filter out a particular troll, I think that’s mistaken. I mean, you’re the director of a charitable organization claiming devotion to issues just like the DC Internet Voting System being vulnerable to hackers. The name of this organization, and the folks running it, ought to be discussable.
If Brad were simply out to destroy any discussion of this problem, I realize he could just delete all my comments. I don’t mind getting the ‘first grader’ level explanation for this disparity… I do find it confusing and suspicious.
Here’s one possibility I’d just like to throw out there.
Brad is more like Mark Singer than he is like … that guy I can’t name. Maybe Brad was conned and has some reason to not want to expose … that unnamed guy, instead of doing what this media outlet ought to do and tell the tale.
Like I said, his own organization is devoted to problems like the DC Internet Voting System being vulnerable to hackers. The entire enterprise Brad would seem to be undertaking with this entire blog is integrity with those processes and people involved with elections. I think that … org and guy I can’t name is such a person and process.
Pajamas Media as a source for the defrauding of Acorn by hired contractors who were then turned in by Acorn for prosecution?
Wow…no wonder he’s gotten it so wrong.
Once again, Brad, are you claiming that there are any untruths in that article about your connection to he-who-cannot-be-named?
I know the terrorist himself has tried threatening Patterico with a defamation suit, but when he was asked to name any falsehoods in the article, he declined to do so.
And while insinuating that the article is false in some way, you have failed to even allege–let alone prove–a single inaccuracy. Hmm.
And i want to say this has nothing to do with the focus of this post, it was just the most recent post on the day the story broke. As a point of fact, i have called on us giving this U. of Mich. guy a medal, before i knew who he was.
I do confess, however, i doubt that china and iran would hack the server when they were doing the test run. I mean, these are our enemies. why would they help us keep our elections secure? My guess is they were american hackers who somehow made it look like that to make it look extra scary. Which if true, then good job, guys. more power to ya.
Nice little homophobic screed you let remain in that prior thread there, Brad. The secprogg left seems to have no problem calling others homophobes, while at the same time, using insults and words that they would decry as homophobic and hateful were it to come from someone else. Hypocrital does not begin to describe you.
Br3tt K!mber!lin is your partner and buddy, no? Care to comment? You have claimed, in a generic way, that there are insinuations and falsehoods in regards to that story that you have so studiously avoided commenting on. You chose to try to divert, distract, and deflect, dealing with none of the underlying issues. What, specifically, do you claim is false in that story. Dustin asked you a bunch of specific questions in the prior thread that you refused to answer as well. Grow a pair, Brad.
Probably the same reason Chinese and Iranian (and Korean and Hungarian and Russian and Brazilian and other) hosts are constantly trying to breach our mail system and our customer hosted websites.
Because they’re public facing. No other reason.
You know nothing of hacking Aaron, so, don’t go there.
Dan
i know about motives. why would the chinese or iranians hack us when it is good for us to be hacked?
It’s bad enough our elections have been hijacked presumably by corporate interests via electronic voting/tabulating, and now have even more influence thanks to Citizens United. Now we gotta worry about foreign countries and their corporate interests hijacking our elections via electronic/internet voting AND Citizens United.
And it’s too bad such an important story’s thread has been 90% hijacked by the BigDummies and Paterriblow trolls and the who is/isn’t socrates thing.
I had the terrible displeasure of visiting those sites to see what A.W. and daleyschlep were talking about… oh man those people are absolute GIDDY over the ‘revelations’ concerning Brad and B.K…. maybe when they’re done jerking off to that nontroversy they can cast a critical eye to the real and awful problems detailed by the actual journalism here. I won’t hold my breath, though.
Reading the comments on those sites- whoa! The hate eminating from those people was palpable. Brad, you are THE enemy of America apparently. I was sickened by the articles and some of the comments I read- actually, make that ALL of them.
From what I gathered, you’re a terrorist, a wacko conspiracy-theorist, a George Soros puppet, funded by shady leftist foundations (and getting rich in the process) working to get Democrats elected… all at the expense of those real patriots, paragons of all things true and noble and fiscally responsible… Republicans and Teapublicans, of course.
dusten @ 37
so in shelby county,tennesee whr the minorities out number the whites 2 to 1 and yet almost every county office went to a republican and bbv has documented 619 votes in one heavily repub precinct WHEN THEY ONLY HAVE 30 VOTERS is this something you consider minor? bev has 10 other documented precincts same county,all benefitting the repubs,,,is that minor?
my fav trolls are the ones that pretend they are on the side of right(freedom and fairness) when they are actually saying heyyyyyyyyyyyyyy there is a prob..look what they victims are doing..franken lost the machine count but when it was hand counted he won so dusten accuses franken of fraud when the fraud was done to him
i didnt want to waste any time in this who is brad working with arguement but i gotta say..if ole patty and his lil buddies are worried about criminal associations(and i believe the gentleman in question has served his time so its past criminal) they should check out bbvs reports about the guys running the counting in washington states,or most the east coast,or the soe software that delivers and will probably steal illinois this year,lotta details in the comments in the cartoon section but heck patty and friends probably go to the owl boy meetings with them
It has nothing to do with motives Aaron, again, you know nothing of network security, don’t go there.
Unsecured windows PC on public internet connection, average time to infection: 4 minutes.
http://blogs.chron.com/techblog/archives/2008/07/average_time_to_infection_4_minutes_1.html
Again, you know nothing of network security, do not go there.
Small wonder the thing was easily hacked. The guys who built it are openly opposed to Internet voting, and have been for years. See their blog Trust the Vote.
Why did DC hire them, and not a company with successful experience? West Virgina has had great success with their secure website voting.
Brad, of course, embelishes the story a bit. Read what Halderman says: the Chinese and Iranians couldn’t get in. Also, it was just a test run. And eight nations in Europe + Canada have used Internet voting for years without trouble.
Conclusion: Internet voting can be done successfully, if competently built.
William J. Kelleher, Ph.D.
Internetvoting@gmail.com
let me guess, the pw was admin, pretty standard for lots of hardware. Hope that didn’t take them 36 hours to figure out
We do NOT use Internet voting for our Federal Election. There is talk of maybe trying it out in 2013 but I hope not. We’ll have to kid nap Brad to help us out.
Municipal voting is done via internet in some places but not many.
Personally I feel if people are too lazy to get of their a$$es and go out to vote I would rather not have their input. We have almost two weeks of advanced voting so there is NO excuse not to vote. (The exception being those who are not able to go out of course, the disabled and elderly etc.)
@ #50 We-Canada that is-do NOT use Internet voting for our Federal Election.Never have. Paper ballots, marked with pencil and hand counted out in the open.
Dr. Kelleher @ 50 is an unapologetic Internet Voting supporter, despite years of the top computer scientists and cyber-security experts desperately warning against it. And here, as usual, he’s willing to obfuscate the truth in order to push his horrible and misinforming agenda.
To hit a few of his points…
Really? Where’s the evidence for that? Where’s the evidence that even one voters vote was recorded accurately via that system? Where is the public test akin to the one we saw in D.C. Demonstrating e security of the system? (I won’t ask where the transparency is or ability for citizen oversight required for self-governance, because I know that it doesn’t and cannot exist with ANY Internet voting scheme in the U.S.)
No. I absolutely did not “embellish” what Halderman said. In fact, I quoted it directly. You, however, embellished it. Halderman did not say they where unable to get in. He said he changed the password in order to try and defend the system. In fact, we have no idea whether they were able to get at sone of the files that Halderman’s team did or not. For all we know they, like Halderman, may have downloaded the 947 page document listing every PIN number for every voter in the REAL, planned Internet Vote scheme election.
No. It was to have been a live election until the white hat hackers completely compromised the system within ours of it being made open for testing.
“Without trouble”? How about ‘without transparency’? Since that’s what you actually mean. And, of course, without public testing as we saw in D.C. Also, don’t forget to mention that some of those countries (and I’m not familiar with “eight”) do NOT have secret ballots. That’s a whole different ball game, as you know, but failed to mention.
I’m also unaware of any Internet Voting in Canada, as GWN also notes.
Tell the truth please, Dr. Kelleher. And please go sell your anti-democracy somewhere else, perhaps somewhere that tyou can find uneducated rubes who are willing to buy it.
Brad tells me to “go sell your anti-democracy somewhere else.†Well, first, I am not “selling†anything. Second, you would not know “democracy†if it bit you on your butt.
Internet voting, properly organized, offers the US an opportunity for the progressive reform of our election system equal to the 15th , 19th , 24th, and 26th, Amendments combined. Internet voting can equalize rich and poor in US elections, for the first time in our history.
Picture yourself watching prospective candidates in a real debate online or on TV. At the end of the hour, you log on to your county’s secure voting website. Based on your personal assessment of the performance of each candidate, you cast your vote.
All the tens of millions of dollars spend by special interests to condition your brain to remember one guy’s name when you vote suddenly becomes irrelevant and ineffective. Your vote is not based on mere name recognition, but on your judgment of which debater is the best person for the office at stake.
Let Citizens United be the rule. With Internet voting, Big Money will no longer give any advantage to the superrich.
Repeated trials in Europe and Canada prove that, when done professionally (unlike the goofs who built the DC system), security can be managed as well or better than any paper-based system.
If you really care about having a democratic election process in the US, Brad, then give me a chance to make my case in a guest blog.
William J. Kelleher, Ph.D.
Political Scientist, author, speaker,
CEO for The Internet Voting Research and Education Fund, a CA Nonprofit Foundation
Email: InternetVoting@gmail.com
Blog: http://internetvotingforall.blogspot.com/
Book in progress: All chapter drafts for my new book can be read/downloaded
(for free) at http://ssrn.com/author=1053589
William Kelleher @ 55 said:
On the judgement of your abusive spouse. Or on the requirements of your employer who promises to fire you should you not vote in front of him the “right way”.
Then, of course, there is the fact that even if the vote is done securely (mind you, that’s an enormous “if”) there is no way for those who voted (or didn’t) to know that it was secure.
Repeated trials in Europe and Canada prove that, when done professionally (unlike the goofs who built the DC system), security can be managed as well or better than any paper-based system.
Yes. I’ve spoken to those who have worked on the European systems and, they have admitted to me, that a) they could hack the system if they wanted to, and b) there is no way for citizens to know if the vote was counted accurately/transparently (at least not in those locales where there is no secret ballot requirement as we have here in the U.S.)
I have seen your disinformation posted year in and year out, William. I have no problem with “opposing viewpoints”. I do have a problem with misleading the public as you routinely do, and as you have in these two previous comments.
Of course, since I “would not know ‘democracy’ if it bit [me] on [my] butt,” I’m sure the last thing you’d want is to be seen associating with such a character vis a vis a guest blog. I know I’d not like to be side-by-side with someone who opposed democracy. Thus, I see no reason for my name to be used to promote your anti-democracy schemes here either.
As is, I find it rather gracious of me that you’re allowed to promote your anti-democracy disinformation by linking to it at the bottom of each of your comments above anyway. So, you’re welcome.