Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hacker Exposes Florida's Voting Database — Again

timothy posted more than 3 years ago | from the florida-is-always-good-for-news dept.

Government 76

Dangerous_Minds writes "A hacker that goes by the name of Abhaxas exposed parts of the Florida voting database. That apparently didn't sit well with election officials. Reportedly, officials said that authorities were contacted and that their databases are now more secure than ever. In turn, Abhaxas decided to hack the database again and reveal a file directory. Said Abhaxas in the posting, 'Glad you cleaned things up, pretty secure now guys.'"

cancel ×

76 comments

Sorry! There are no comments related to the filter you selected.

pen and paper (5, Interesting)

Anonymous Coward | more than 3 years ago | (#36692218)

nothing beats it.get back to the way things were done , by hand , and say goodbye to cracked databases.
i lived in FL and it's the worst place for voting.We should all pressure FL to go back to good old hand counting and manual
voter list generation
We do it in Canuckia without trouble , dont tell me FL can't do it.

like your questions (-1, Offtopic)

genreal (2354716) | more than 3 years ago | (#36692412)

we please inform to you Delhi Project [delhi2gurgaon.com]

Re:pen and paper (2)

Gideon Wells (1412675) | more than 3 years ago | (#36692510)

Pen and Paper is not anymore secure. Just a false sense of security and nostalgia. There have been reports in some states of boxs of voting slips just appearing after an election.

I'm still a fan of the dual system. Computerized voting with a paper printout for auditing purposes. The voter can double check this. Possibly have a random X% of precincts have a mandatory paper printout manual count to check against the computer for possible errors.

Re:pen and paper (0)

Anonymous Coward | more than 3 years ago | (#36692632)

Scantron voting! I've seen this before, over 10 years ago. Best of both worlds!

Re:pen and paper (0)

Anonymous Coward | more than 3 years ago | (#36692748)

Nah, would never work. We'd be seeing people filling in A all the way down thinking they would be getting the A quality candidate.

Re:pen and paper (0)

Anonymous Coward | more than 3 years ago | (#36693334)

Nah, would never work. We'd be seeing people filling in A all the way down thinking they would be getting the A quality candidate.

Republicans is as republicans does, sir.

Re:pen and paper (5, Informative)

LurkerXXX (667952) | more than 3 years ago | (#36692950)

Certainly it's more secure. You need to move around big boxes full of paper, and you need to do that at a lot of locations to affect a state or national election. Lots of people involved. Lots of not so subtle activity. Lots and lots of chances to get caught.

With electronic voting, you need at most one person per state, and at the most obvious, carrying a tiny device in their pocket going into a voting booth. That's if they can't do it all remotely from the comfort of their office chair. Many many less people involved, and with a heck of a lot less obvious activity. Very little chance of getting caught compared to paper changing.

The result of insecure voting is less problematic (0)

Anonymous Coward | more than 3 years ago | (#36693186)

The result of insecure voting is less problematic if you're using pen and paper. That's got NOTHING to do with nostalgia.

If your electronic voting is insecure, a script can add 10 million votes in a few seconds.

If your paper voting is insecure, someone can stuff a few hundred votes in a day.

And if you're spending millions on electroinic voting because it's secure and it isn't, then how about saving money and going with the cheap option: paper.

Re:pen and paper (0)

Moryath (553296) | more than 3 years ago | (#36693254)

There have been reports in some states of boxs of voting slips just appearing after an election.

The Republicans have raised it to an art form in Wisconsin. What, you didn't think Scott Walker actually won the election fairly, did you? Far easier for the Kochs to simply buy him off and rig the election.

Re:pen and paper (1)

AngryDeuce (2205124) | more than 3 years ago | (#36693724)

Don't worry, I'm sure the WI Republicans are working on a way to ensure that we never have to deal with these stupid elections again anyway. They're already hard at work trying to turn the WI Supreme Court from an elected position to an appointed one. Actually, I think it's more accurate to say a "bought" one, in light of recent evidence that Walker's illegal campaign contributors were given jobs in exchange for their donations, and that's ignoring Brian Deschane, the DUI wonder, and Hopper's 22 year old girlfriend, who magically beat out an entire field of qualified applicants for a position that she was paid $10,000 more a year for then her predecessor, for no justifiable reason whatsoever.

Forward, WI! Right back to Tamany Hall!

Re:pen and paper (0)

Archangel Michael (180766) | more than 3 years ago | (#36695158)

It is funny, but all the recent "election" problems I can recall were all (D) precincts. I don't know anything about WI or who is having voting issues there, but blaming the (R) as you do while ignoring or neglecting to mention the problems with (D) voting is ... stupid and childish.

Don't take this to mean that the (R) are innocent, I'm sure they are not. Perhaps it is much more common in (D) circles that it fails even mentioning when it happens there ;)

Re:pen and paper (1)

AngryDeuce (2205124) | more than 3 years ago | (#36695422)

Waukesha is a (D) precinct? Since when?

Why do you think they picked that county to be the place where they 'found' those votes? The head of the [quote]non-partisan[/quote] election board for that area is an ex-GOP aide and there's little oversight. This is the county that 'had' 96.7% turnout in 2004. Yeah, right. Australia has compulsory voting and can't crack 95%.

Re:pen and paper (1)

Archangel Michael (180766) | more than 3 years ago | (#36696000)

Wooosh.

Obviously you missed where I said ... "I don't know anything about WI or who is having voting issues"

Which kind of makes my point, that political ideologues like yourself can't seen the beam in your own eye.

Re:pen and paper (1)

AngryDeuce (2205124) | more than 3 years ago | (#36696386)

If you don't know, then why do you comment on it? The voter irregularities in WI are well documented, a simple Google search would return any answers you need.

Easy (1)

publiclurker (952615) | more than 3 years ago | (#36696792)

He was hoping that he could get away with his spewing without being called on it.

Re:pen and paper (1)

Steauengeglase (512315) | more than 3 years ago | (#36698214)

When I was a kid, my aunt bought a bunch of ballot boxes when our country made the switch (she was the antique type and figured she could sell them for something). We were completely shocked when they showed up on her doorstep, locked, sealed and filled with uncounted ballots from an election 5 years earlier.

Between dead people voting and that, I'm still not sure why I even bother voting.

Re:pen and paper (1)

WorBlux (1751716) | more than 3 years ago | (#36701238)

That's why you should hand-count the ballots and publicly announce the count for each polling place, and the meanwhile the boxes should never leave public view.

Re:pen and paper (2)

WaywardGeek (1480513) | more than 3 years ago | (#36692688)

No! Those of us who don't live in Florida love all the comedy. You would ruin it for the rest of us.

Re:pen and paper (1)

jayme0227 (1558821) | more than 3 years ago | (#36697192)

In the meantime, they'll just select their presidential candidate at random. Again.

Re:pen and paper (1)

K'tohg (115837) | more than 3 years ago | (#36692858)

This will never happen. The whole idea behind having such wacky computer based systems is to provide a sense of out of control to voters while giving control to to who has the big bucks. Remember government is not made for or from us. we just think it does. If a voting machine "borks" then there is plausible deniability. A chance for a recount, a way to skew the numbers to the benefit of those in charge. Simply put attempting to make a better system only pushes those who can manipulate that system out. So those who can manipulate a system will never allow something that makes it better. You know the old adage: "What's in it for me?" Ask a politician to make a fairer and more robust voting system and he/she will ask you "What's in it for me?"

Re:pen and paper (1)

Synerg1y (2169962) | more than 3 years ago | (#36695888)

Worst place is an understatement, FL was the unproven decider in an election because of which we are still at war.

Re:pen and paper (1)

Synerg1y (2169962) | more than 3 years ago | (#36695938)

Nah, we just need competent people to implement a system that doesn't involve a www facing database.

no no no (1)

Kamiza Ikioi (893310) | more than 3 years ago | (#36698224)

The only reason pen and paper are "secure" is that they aren't online. Take the f#$%ing database offline, Florida!

Re:pen and paper (0)

Anonymous Coward | more than 3 years ago | (#36707102)

If people in Florida knew how to read and write, then perhaps that would be a possibility. Right now their voting system is computerized with a RED button and a BLUE button, and they have to press that once to vote for whoever they want, red or blue.

secure? oh really? (5, Funny)

spokenoise (2140056) | more than 3 years ago | (#36692236)

all your votes are belong to us!

Re:secure? oh really? (0)

Anonymous Coward | more than 3 years ago | (#36692258)

They probably thought the authorities were physically guarding the database.

Re:secure? oh really? (2)

Robert Zenz (1680268) | more than 3 years ago | (#36692620)

They probably were...but the bastard slipped through the intertubes!

Re:secure? oh really? (0)

Anonymous Coward | more than 3 years ago | (#36693394)

All your vote are belong to us- fixed that, now you can get a +4

and ... (0)

Anonymous Coward | more than 3 years ago | (#36692252)

nobody gives a shit, AGAIN!

Re:and ... (1)

rtfa-troll (1340807) | more than 3 years ago | (#36692782)

100% right. The only possible thing which would even get noticed is if a third party candidates started winning ballots. Now if that happened, then the politicians that be would make sure the ballot committees ended up in real trouble. As long as that doesn't happen, the candidates are just happy that their own people are in charge of the vote counting.

They are telling the truth, the system is secure (4, Funny)

SmallFurryCreature (593017) | more than 3 years ago | (#36692262)

The voting system in Florida is 100% secure, they absolutely positively guarantee that there is ZERO chance of ANY voter being able to affect the predetermined outcome sold to the highest bidder.

Oh yeah thought they were trying to ensure the voters choice was not tampered with? What a silly idea.

Re:They are telling the truth, the system is secur (1)

WrongSizeGlass (838941) | more than 3 years ago | (#36692306)

The voting system in Florida is 100% secure, they absolutely positively guarantee that there is ZERO chance of ANY voter being able to affect the predetermined outcome sold to the highest bidder.

Now that's just cynical, SFC, even for you ;-)

Abhaxas is playing with fire. Politicians don't like to be embarrassed - especially over and over again for the same thing (except coke and hookers, of course). But this is Florida so he has a decent chance of getting acquitted.

Re:They are telling the truth, the system is secur (0)

Anonymous Coward | more than 3 years ago | (#36692408)

{whispered aside}
Voting database? I told them we've already got one.

{written in a ridiculous French accent}
Now, I told you silly Florida officials to go away or I would taunt you a second time.
Rick Scott, your mother was a hamster and your father smelled of elderberries!

Re:They are telling the truth, the system is secur (1)

Robert Zenz (1680268) | more than 3 years ago | (#36692668)

That is, if he/she is even sitting in the U.S. .

Re:They are telling the truth, the system is secur (1)

sycodon (149926) | more than 3 years ago | (#36693502)

"Glad you cleaned things up, pretty secure now guys."

Honestly, if you knew someone that behaved like this in your personal relationship, wouldn't you just want to take a 2x4 and whack them upside the head?

There is a reason people like this are living in their mother's basements.

Re:They are telling the truth, the system is secur (1)

Hatta (162192) | more than 3 years ago | (#36693554)

Cynical, but absolutely correct. The two usually go hand in hand. Perhaps we need an analog to Occam's razor. When all other things are equal, the most cynical explanation is most likely correct.

Re:They are telling the truth, the system is secur (0)

Anonymous Coward | more than 3 years ago | (#36696980)

Ah, the ol' Slashdot Razor. Secretly brought to us by The Jews who are running the world.

P.S. Hitler. That should stop this from devolving.

Re:They are telling the truth, the system is secur (1)

Archangel Michael (180766) | more than 3 years ago | (#36695190)

But this is Florida so he has a decent chance of getting acquitted.

No he won't. Lying to police investigating a murder warrants only 4 years, while embarrassing politicians is a major crime worthy of 25 years to life!

Re:They are telling the truth, the system is secur (1)

Anonymous Coward | more than 3 years ago | (#36692812)

It's not just tampering. When a district has undesirable votes, whole voting machines disappear rather than editing the data. "par for the course" claimed one mayor when ask why one machine was found hidden under boxes of stationary. Needless to say the votes weren't counted or any investigate made as to how it could happen.

is Abhaxas a bad movie reference? (1, Interesting)

Bleek II (878455) | more than 3 years ago | (#36692274)

I posted this last time I saw a story about this hacker but I point out again. Abhaxas must have taken the name from Abraxas Guardian Of The Universe. It easily ranks among some of the worst movies ever mane. But I'll let other be the judge of that. Here's part one: http://www.youtube.com/watch?v=xs6yYAMpxUs [youtube.com] Or is there some other reference I'm missing?

Re:is Abhaxas a bad movie reference? (1)

Anonymous Coward | more than 3 years ago | (#36692304)

Wikipedia is your friend:
https://secure.wikimedia.org/wikipedia/en/wiki/Abraxas

Re:is Abhaxas a bad movie reference? (1)

Bleek II (878455) | more than 3 years ago | (#36692336)

Wow, I feel dumb. It's funny that I assume an obscure contemporary culture reference without any research.

Re:is Abhaxas a bad movie reference? (0)

Anonymous Coward | more than 3 years ago | (#36692392)

Me, too. Here I was thinking it was a script kiddie modification of "Abacus".

Re:is Abhaxas a bad movie reference? (1)

wintercolby (1117427) | more than 3 years ago | (#36693260)

Yeah, now I'm trying to figure out if there's a reason other than the haxor reference for swapping out the H. Maybe I'm giving the guy too much credit. Maybe it's just someone who believes whole-heartedly in democratic principles. If he or she really were up to no good it would be by choosing a victor in a major election instead of posting a vulnerability.

Re:is Abhaxas a bad movie reference? (0)

Anonymous Coward | more than 3 years ago | (#36692314)

There is at least one children's book where that name (Abraxas) appears. I actually suspect it's not a very uncommon one. Probably derived from Abracadabra.

Re:is Abhaxas a bad movie reference? (1)

Anonymous Coward | more than 3 years ago | (#36692350)

Other way around, actually. Abracadabra was probably a magical invocation of the god Abraxas.

Re:is Abhaxas a bad movie reference? (0)

Anonymous Coward | more than 3 years ago | (#36692486)

Unlikely. Very few (just you so far) have ever heard of Abraxas Guardian Of The Universe, whereas there are many other reference to Abraxas that are far more popular.

http://en.wikipedia.org/wiki/Abraxas

The other side of the coin (4, Insightful)

Anonymous Coward | more than 3 years ago | (#36692308)

Most if not all of you will have heard something along the following lines...
"I'm getting infected by a lot of viruses since you've installed an antivirus on my PC. I'm worried, how can I solve this problem?"

How do you think these kind of people react to the recent hacking activities? I myself consider them to be at least a necessary evil, but the average Joe's mind will scream... these hackers are making our system unsecure, make them go away!

The hackers are not making the system unsecure Joe - the system was unsecure to begin with. You're just being uncomfortable with the truth.

Re:The other side of the coin (3, Interesting)

WaywardGeek (1480513) | more than 3 years ago | (#36692842)

Right on. The government should offer rewards for hacks like this, in any critical system: voting databases, military secrets, IRS database, etc. It would be the equivalent of the whistle-blower law we passed to reward people who expose fraud in government contracts. Just require the hackers to make public enough to prove they have accessed sensitive data, but not enough to compromise important systems. State how they did the hack in secret communication, and get money from the US government, as bitcoins through the Tor network. Allow the hackers to collect the reward over and over once a month until the system is secure.

Imagine how awesome such a program would be for exposing which important secrets have been compromised? With say a $100K reward to any worker anywhere who can prove they have access to critical US "secrets", we'd learn a ton about what systems are secure and which aren't. That's the kind of information that wins or loses wars.

Re:The other side of the coin (0)

Anonymous Coward | more than 3 years ago | (#36693024)

This

Re:The other side of the coin (1)

RobbieThe1st (1977364) | more than 3 years ago | (#36693540)

Mod Parent Up!

Re:The other side of the coin (0)

Anonymous Coward | more than 3 years ago | (#36695284)

"as bitcoins through the Tor network"
I think I'd rather deal with law enforcement, at least then I'll be able to get my money back once I'm out of prison.

Re:The other side of the coin (1)

flar2 (938689) | more than 3 years ago | (#36697446)

Except, doing so would create incentives for insiders to leak security secrets to hackers in return for a cut of the reward, thus defeating the purpose.

Re:The other side of the coin (1)

repapetilto (1219852) | more than 3 years ago | (#36693356)

My mom said the exact same thing.

free network security penetration consulting (0)

Anonymous Coward | more than 3 years ago | (#36692402)

they should be happy hes doing it for them before an election.

why online? (2)

perryizgr8 (1370173) | more than 3 years ago | (#36692546)

why is any computer holding the voting db even online? why do you need internet access? what is the problem with using an offline db and syncing the voting machines or something?

Re:why online? (1)

j00r0m4nc3r (959816) | more than 3 years ago | (#36693760)

why is any computer holding the voting db even online

How is Florida going to sell its election if it's not?

Re:why online? (1)

Xacid (560407) | more than 3 years ago | (#36694012)

That's what I don't get. There's absolutely no reason for this.

In my town it's electronic - but it's all closed.

Is it impervious? Probably not. But is it exposed to this kind of crap on this kind of scale? Hell no.

Re:why online? (0)

Anonymous Coward | more than 3 years ago | (#36697986)

"Because they're fucking idiots" seems to be the only logical conclusion.

Root (2)

TheSpoom (715771) | more than 3 years ago | (#36692626)

Anyone notice he posted the file listing as root?

Also, cleartext passwords in the database, all using the same format. For shame.

check out the passwords (1)

roman_mir (125474) | more than 3 years ago | (#36692674)

Check out the passwords in the paste bin [pastebin.com] . Who the hell comes up with these? Two letters, one for the first name, one for the last name and a 4 digit numeric code?

Re:check out the passwords (1)

MrOctogon (865301) | more than 3 years ago | (#36693226)

Its most likely their initials, and the last 4 of their SSN. I've worked in offices where that is the default password they set up for you, and 90% of people never changed it.

Re:check out the passwords (1)

wintercolby (1117427) | more than 3 years ago | (#36693300)

I'll bet you dollars to donuts that the numeric code is the last four of each person's social security number. I wonder how hard it is to get that changed.

Should have ran this... (1)

FunkyELF (609131) | more than 3 years ago | (#36693228)

ls -ail ???

I think a better command would have been ....

tar -c . | bzip2 | base64

Re:Should have ran this... (1)

RobbieThe1st (1977364) | more than 3 years ago | (#36693564)

Not really. The above command proves he has root access, while not letting(much) secret data out. The bottom one would be what, say, LulsSec would do, and is sort of overkil and much more dangerous to you if you get caught, I think...

Really _scary_ implementation! (1)

LordFolken (731855) | more than 3 years ago | (#36693620)

Great...
  Mistake #1: Application obviously runs as root
  Mistake #2: Permissions on directory should not be 644 but 600!
  Mistake #3: Server with VITAL Data obviously publicly accessible. It should be firewalled in, separate from the webfrontend...
  Mistake #4: You use CSV for storing the data???? This is a voting machine? You people SCARE me! This should be WORM device for audit purposes!

I really don't want to know what the rest of the "application" looks like.. Please fire your implementor. This is really asking for it. You are doing a disservice to the people you are supposed to serve!

Re:Really _scary_ implementation! (1)

Steauengeglase (512315) | more than 3 years ago | (#36698504)

If I recall Diebold was using an unprotected Access database for storing its votes and the whole thing was available from the outside via a dialup modem. Having legislation that makes tampering illegal seems to be the preferred method of CYA.

Ha! (1)

cmdr_klarg (629569) | more than 3 years ago | (#36693820)

pwnd

jtubgiUrl (-1)

Anonymous Coward | more than 3 years ago | (#36694700)

I burn7 out. I

Nationalized Election Standards? (0)

Anonymous Coward | more than 3 years ago | (#36699130)

Aren't there nationalized standards for elections in the US? Why is this only Florida's problem? Why is it that the wheel keeps having to be reinvented from state to state?

Re:Nationalized Election Standards? (0)

Anonymous Coward | more than 3 years ago | (#36699568)

It would be more secure to have multiple vendors by region or state if the product was actually being vetted... But there is no vetting.

Search around for the Utah electronic voting scandal. A guy got canned from a public position for discovering their voting machines were out of spec and some had data in the results section before the election. IIRC they ended up blaming him for a re-certification fee they had to pay for each machine, fired him, and buried the story.

The public apparently didn't pick up on the fact that the machines had been certified in the first place and passed with all the problems, and the same examiners were getting paid to pass the exact same machines without effort at redress. The flaws this guy exposed were in addition the lack of rational security features on the boxes themselves which would have allowed ample opportunity for a malicious party to influence the integrity of the machine while supposedly casting their votes.

The elections here have lost all appearance of legitimacy.

what about the old "manual" machines (1)

colonel spalding (936960) | more than 3 years ago | (#36702474)

What was wrong--I'm not being facetious--I would like to know, with the old voting machines. The ones in which you pushed the big lever to the right, flipped down the little knobs to vote and then push the lever back. Were they hackable? It drives me crazy when the computer experts warn warn warn, but the right wing powers that be, funded by the corporations with the most to gain monetarily and politically, ignore the warnings and are once again wrong wrong wrong.

Exactly WHAT got hacked? (1)

zipn00b (868192) | more than 3 years ago | (#36705592)

I'm rather unclear exactly WHAT has been hacked as it's not the actual voting data. I've verified that with people who worked with the system. It's definitely not normal to have any data easy to get to so it should cause an increased effort at security but nothing has been compromised that would affect any actual votes. One theory is that a test system of some sort got compromised. The fact that it's called a "Florida" database is mystifying as well since it's all county by county. If he's getting into some county's test system then that system needs to be secured.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>