Hacker Exposes Florida's Voting Database — Again

Dangerous_Minds writes "A hacker that goes by the name of Abhaxas exposed parts of the Florida voting database. That apparently didn't sit well with election officials. Reportedly, officials said that authorities were contacted and that their databases are now more secure than ever. In turn, Abhaxas decided to hack the database again and reveal a file directory. Said Abhaxas in the posting, 'Glad you cleaned things up, pretty secure now guys.'"

pen and paper

[Anonymous Coward]

nothing beats it.get back to the way things were done , by hand , and say goodbye to cracked databases.
i lived in FL and it's the worst place for voting.We should all pressure FL to go back to good old hand counting and manual
voter list generation
We do it in Canuckia without trouble , dont tell me FL can't do it.

Re:

[Gideon Wells]

Pen and Paper is not anymore secure. Just a false sense of security and nostalgia. There have been reports in some states of boxs of voting slips just appearing after an election.

I'm still a fan of the dual system. Computerized voting with a paper printout for auditing purposes. The voter can double check this. Possibly have a random X% of precincts have a mandatory paper printout manual count to check against the computer for possible errors.

Re:pen and paper

[LurkerXXX]

Certainly it's more secure. You need to move around big boxes full of paper, and you need to do that at a lot of locations to affect a state or national election. Lots of people involved. Lots of not so subtle activity. Lots and lots of chances to get caught.

With electronic voting, you need at most one person per state, and at the most obvious, carrying a tiny device in their pocket going into a voting booth. That's if they can't do it all remotely from the comfort of their office chair. Many many less people involved, and with a heck of a lot less obvious activity. Very little chance of getting caught compared to paper changing.

Re:

[Moryath]

There have been reports in some states of boxs of voting slips just appearing after an election.

The Republicans have raised it to an art form in Wisconsin. What, you didn't think Scott Walker actually won the election fairly, did you? Far easier for the Kochs to simply buy him off and rig the election.

Re:

[AngryDeuce]

Don't worry, I'm sure the WI Republicans are working on a way to ensure that we never have to deal with these stupid elections again anyway. They're already hard at work trying to turn the WI Supreme Court from an elected position to an appointed one. Actually, I think it's more accurate to say a "bought" one, in light of recent evidence that Walker's illegal campaign contributors were given jobs in exchange for their donations, and that's ignoring Brian Deschane, the DUI wonder, and Hopper's 22 year old

Re:

[Archangel Michael]

It is funny, but all the recent "election" problems I can recall were all (D) precincts. I don't know anything about WI or who is having voting issues there, but blaming the (R) as you do while ignoring or neglecting to mention the problems with (D) voting is ... stupid and childish.

Don't take this to mean that the (R) are innocent, I'm sure they are not. Perhaps it is much more common in (D) circles that it fails even mentioning when it happens there ;)

Re:

[AngryDeuce]

Waukesha is a (D) precinct? Since when?

Why do you think they picked that county to be the place where they 'found' those votes? The head of the [quote]non-partisan[/quote] election board for that area is an ex-GOP aide and there's little oversight. This is the county that 'had' 96.7% turnout in 2004. Yeah, right. Australia has compulsory voting and can't crack 95%.

Re:

[Archangel Michael]

Wooosh.

Obviously you missed where I said ... "I don't know anything about WI or who is having voting issues"

Which kind of makes my point, that political ideologues like yourself can't seen the beam in your own eye.

Re:

[AngryDeuce]

If you don't know, then why do you comment on it? The voter irregularities in WI are well documented, a simple Google search would return any answers you need.

Easy

[publiclurker]

He was hoping that he could get away with his spewing without being called on it.

Re:

[Steauengeglase]

When I was a kid, my aunt bought a bunch of ballot boxes when our country made the switch (she was the antique type and figured she could sell them for something). We were completely shocked when they showed up on her doorstep, locked, sealed and filled with uncounted ballots from an election 5 years earlier.

Between dead people voting and that, I'm still not sure why I even bother voting.

Re:

[WorBlux]

That's why you should hand-count the ballots and publicly announce the count for each polling place, and the meanwhile the boxes should never leave public view.

Re:

[WaywardGeek]

No! Those of us who don't live in Florida love all the comedy. You would ruin it for the rest of us.

Re:

[jayme0227]

In the meantime, they'll just select their presidential candidate at random. Again.

Re:

[K'tohg]

This will never happen. The whole idea behind having such wacky computer based systems is to provide a sense of out of control to voters while giving control to to who has the big bucks. Remember government is not made for or from us. we just think it does. If a voting machine "borks" then there is plausible deniability. A chance for a recount, a way to skew the numbers to the benefit of those in charge. Simply put attempting to make a better system only pushes those who can manipulate that system out. So t

Re:

[Synerg1y]

Worst place is an understatement, FL was the unproven decider in an election because of which we are still at war.

Re:

[Synerg1y]

Nah, we just need competent people to implement a system that doesn't involve a www facing database.

no no no

[Kamiza Ikioi]

The only reason pen and paper are "secure" is that they aren't online. Take the f#$%ing database offline, Florida!

secure? oh really?

[spokenoise]

all your votes are belong to us!

Re:

[Robert Zenz]

They probably were...but the bastard slipped through the intertubes!

Re:

[rtfa-troll]

100% right. The only possible thing which would even get noticed is if a third party candidates started winning ballots. Now if that happened, then the politicians that be would make sure the ballot committees ended up in real trouble. As long as that doesn't happen, the candidates are just happy that their own people are in charge of the vote counting.

They are telling the truth, the system is secure

[SmallFurryCreature]

The voting system in Florida is 100% secure, they absolutely positively guarantee that there is ZERO chance of ANY voter being able to affect the predetermined outcome sold to the highest bidder.

Oh yeah thought they were trying to ensure the voters choice was not tampered with? What a silly idea.

Re:

[WrongSizeGlass]

The voting system in Florida is 100% secure, they absolutely positively guarantee that there is ZERO chance of ANY voter being able to affect the predetermined outcome sold to the highest bidder.

Now that's just cynical, SFC, even for you ;-)

Abhaxas is playing with fire. Politicians don't like to be embarrassed - especially over and over again for the same thing (except coke and hookers, of course). But this is Florida so he has a decent chance of getting acquitted.

Re:

[Robert Zenz]

That is, if he/she is even sitting in the U.S. .

Re:

[sycodon]

"Glad you cleaned things up, pretty secure now guys."

Honestly, if you knew someone that behaved like this in your personal relationship, wouldn't you just want to take a 2x4 and whack them upside the head?

There is a reason people like this are living in their mother's basements.

Re:

[Hatta]

Cynical, but absolutely correct. The two usually go hand in hand. Perhaps we need an analog to Occam's razor. When all other things are equal, the most cynical explanation is most likely correct.

Re:

[Archangel Michael]

But this is Florida so he has a decent chance of getting acquitted.

No he won't. Lying to police investigating a murder warrants only 4 years, while embarrassing politicians is a major crime worthy of 25 years to life!

Re:

[Anonymous Coward]

It's not just tampering. When a district has undesirable votes, whole voting machines disappear rather than editing the data. "par for the course" claimed one mayor when ask why one machine was found hidden under boxes of stationary. Needless to say the votes weren't counted or any investigate made as to how it could happen.

is Abhaxas a bad movie reference?

[Bleek II]

I posted this last time I saw a story about this hacker but I point out again. Abhaxas must have taken the name from Abraxas Guardian Of The Universe. It easily ranks among some of the worst movies ever mane. But I'll let other be the judge of that. Here's part one: http://www.youtube.com/watch?v=xs6yYAMpxUs [youtube.com] Or is there some other reference I'm missing?

Re:

[Anonymous Coward]

Wikipedia is your friend:
https://secure.wikimedia.org/wikipedia/en/wiki/Abraxas

Re:

[Bleek II]

Wow, I feel dumb. It's funny that I assume an obscure contemporary culture reference without any research.

Re:

[wintercolby]

Yeah, now I'm trying to figure out if there's a reason other than the haxor reference for swapping out the H. Maybe I'm giving the guy too much credit. Maybe it's just someone who believes whole-heartedly in democratic principles. If he or she really were up to no good it would be by choosing a victor in a major election instead of posting a vulnerability.

Re:

[Ozeroc]

Probably the Sanata album: http://en.wikipedia.org/wiki/Abraxas_(album) [wikipedia.org]

Re:

[Anonymous Coward]

Other way around, actually. Abracadabra was probably a magical invocation of the god Abraxas.

Re:

[kvezach]

It could be a general Gnostic reference [wikimedia.org]. Abraxas is also a Marvel Comics character [wikimedia.org].

The other side of the coin

[Anonymous Coward]

Most if not all of you will have heard something along the following lines...
"I'm getting infected by a lot of viruses since you've installed an antivirus on my PC. I'm worried, how can I solve this problem?"

How do you think these kind of people react to the recent hacking activities? I myself consider them to be at least a necessary evil, but the average Joe's mind will scream... these hackers are making our system unsecure, make them go away!

The hackers are not making the system unsecure Joe - the system was unsecure to begin with. You're just being uncomfortable with the truth.

Re:The other side of the coin

[WaywardGeek]

Right on. The government should offer rewards for hacks like this, in any critical system: voting databases, military secrets, IRS database, etc. It would be the equivalent of the whistle-blower law we passed to reward people who expose fraud in government contracts. Just require the hackers to make public enough to prove they have accessed sensitive data, but not enough to compromise important systems. State how they did the hack in secret communication, and get money from the US government, as bitcoins through the Tor network. Allow the hackers to collect the reward over and over once a month until the system is secure.

Imagine how awesome such a program would be for exposing which important secrets have been compromised? With say a $100K reward to any worker anywhere who can prove they have access to critical US "secrets", we'd learn a ton about what systems are secure and which aren't. That's the kind of information that wins or loses wars.

Re:

[RobbieThe1st]

Mod Parent Up!

Re:

[flar2]

Except, doing so would create incentives for insiders to leak security secrets to hackers in return for a cut of the reward, thus defeating the purpose.

Re:

[repapetilto]

My mom said the exact same thing.

why online?

[perryizgr8]

why is any computer holding the voting db even online? why do you need internet access? what is the problem with using an offline db and syncing the voting machines or something?

Re:

[j00r0m4nc3r]

why is any computer holding the voting db even online

How is Florida going to sell its election if it's not?

Re:

[Xacid]

That's what I don't get. There's absolutely no reason for this.

In my town it's electronic - but it's all closed.

Is it impervious? Probably not. But is it exposed to this kind of crap on this kind of scale? Hell no.

Root

[TheSpoom]

Anyone notice he posted the file listing as root?

Also, cleartext passwords in the database, all using the same format. For shame.

check out the passwords

[roman_mir]

Check out the passwords in the paste bin [pastebin.com]. Who the hell comes up with these? Two letters, one for the first name, one for the last name and a 4 digit numeric code?

Re:

[MrOctogon]

Its most likely their initials, and the last 4 of their SSN. I've worked in offices where that is the default password they set up for you, and 90% of people never changed it.

Re:

[wintercolby]

I'll bet you dollars to donuts that the numeric code is the last four of each person's social security number. I wonder how hard it is to get that changed.

Obligatory

[benjamindees]

Key Largo Election Official explains vote counting process [youtube.com].

Should have ran this...

[FunkyELF]

ls -ail ???

I think a better command would have been ....

tar -c . | bzip2 | base64

Re:

[RobbieThe1st]

Not really. The above command proves he has root access, while not letting(much) secret data out. The bottom one would be what, say, LulsSec would do, and is sort of overkil and much more dangerous to you if you get caught, I think...

Really _scary_ implementation!

[LordFolken]

Great...
Mistake #1: Application obviously runs as root
Mistake #2: Permissions on directory should not be 644 but 600!
Mistake #3: Server with VITAL Data obviously publicly accessible. It should be firewalled in, separate from the webfrontend...
Mistake #4: You use CSV for storing the data???? This is a voting machine? You people SCARE me! This should be WORM device for audit purposes!

I really don't want to know what the rest of the "application" looks like.. Please fire your im

Re:

[Steauengeglase]

If I recall Diebold was using an unprotected Access database for storing its votes and the whole thing was available from the outside via a dialup modem. Having legislation that makes tampering illegal seems to be the preferred method of CYA.

Ha!

[cmdr_klarg]

pwnd

what about the old "manual" machines

[colonel spalding]

What was wrong--I'm not being facetious--I would like to know, with the old voting machines. The ones in which you pushed the big lever to the right, flipped down the little knobs to vote and then push the lever back. Were they hackable? It drives me crazy when the computer experts warn warn warn, but the right wing powers that be, funded by the corporations with the most to gain monetarily and politically, ignore the warnings and are once again wrong wrong wrong.

Exactly WHAT got hacked?

[zipn00b]

I'm rather unclear exactly WHAT has been hacked as it's not the actual voting data. I've verified that with people who worked with the system. It's definitely not normal to have any data easy to get to so it should cause an increased effort at security but nothing has been compromised that would affect any actual votes. One theory is that a test system of some sort got compromised. The fact that it's called a "Florida" database is mystifying as well since it's all county by county. If he's getting into some