Memory sticks used to program Philly’s voting machines were stolen from elections warehouse

[Dwarvenhobble]

Memory sticks used to program Philly’s voting machines were stolen from elections warehouse

The discovery set off a scramble to ensure voting machines had not been compromised and to contain the fallout. City officials said the theft would not disrupt the election.

www.inquirer.com

A laptop and several memory sticks used to program Philadelphia’s voting machines were stolen from a city warehouse in East Falls, officials confirmed Wednesday, setting off a scramble to investigate and to ensure the machines had not been compromised.

“We are confident,” said Nick Custodio, a deputy to Lisa Deeley, chair of the city commissioners, who oversee elections, “that this incident will not in any way compromise the integrity of the election.”


But behind the scenes, they fretted about how President Donald Trump and his allies might use the news to cast doubt on the integrity of the city’s elections in light of false claims and conspiracy theories he cited during Tuesday’s presidential debate.

Custodio, the deputy to Deeley, said officials ensured the stolen laptop had been disabled remotely after the theft was discovered to prevent it from being used and added that it “did not have any of our election material on it.”
His statement did not address the stolen memory sticks, which are used to program the machines in advance of an election, including setting the design of the ballots.

Once a machine has been set up, it’s closed with a numbered seal. That means that any voting machines that are opened after being programmed should be identifiable because they would have broken seals. The commissioners have begun checking all the seals on the machines, which are numbered to prevent them from being opened and simply replaced, Custodio said, to ensure they have not been tampered with.
Sources familiar with the investigation said late Wednesday that during the review, officials found several machines had the wrong seal numbers, but Custodio said they believe the discrepancies were due to a logging error in recording the numbers and did not indicate that the machines had been compromised.

Those machines, he said, “will be thoroughly examined, wiped, and tested just to be sure.”

 

[Revnak]

As a programmer and tech guy, DO NOT EVER TRUST US FUCKING STOP PUSHING FOR ELECTRONIC VOTING IT IS THE LEAST SECURE METHOD WE ARE ALL GARBAGE AT WHAT WE DO

 

[Gordon_4]

Also an IT guy: why the merry fuck was this stuff stored in a warehouse and not a secure goddamn facility?

 

[lil devils x]

I know when I used voting machines here locally, if I had wanted to tamper with the machine, it would have been easy to do as no one was even in there where I was and I didn't have a time limit..

This is just going to show why the US should change how we allow people to vote in the US, expanding universal mail in voting, or allow people to drop off at a specific poll box at the local post office that is only for ballots so box is under federal surveillance and protections of the US post office. We should allow people to vote as early as a month before the election and allow them to keep counting for up to a month after and do away with electronic voting all together to ensure that we can verify each and every ballot. That would give them time to contact and correct anyone with issues with their ballot. They shouldn't be allowed to just discard ballots at all without having them verified and corrected. If they actually know they will have to do extra work in order to discard a ballot, instead they will have to contact the person and give them a chance to correct it instead, they will stop with the BS they currently pull with discarding large amounts of ballots for frivolous reasons. Instead of having electronic voting, they can can take a photo of the ballots to help count and document them to make it easier to recheck them if needed, but having the physical ballots ensures they can do that, and that cannot be done with electronic voting alone.

 

[Mister Mumbler]

*Meanwhile, in some bar somewhere in Philly...*

 

[Chimpzy]

As a programmer and tech guy, DO NOT EVER TRUST US FUCKING STOP PUSHING FOR ELECTRONIC VOTING IT IS THE LEAST SECURE METHOD WE ARE ALL GARBAGE AT WHAT WE DO

 

[lil devils x]

LOL.. don't trust the software in anything. *refuses to buy smart appliances* I see them as a downgrade. The appliance will long outlast it's software failure. Oh and remember what I said about my brother s car getting him no inspection tickets because no one could figure out what was wrong with the computer?! We have cars bricked over computer issues, when the cars without them are still going even now...

 

[Agema]

Nothing to worry about guys, it's only the postal ballots that are totally unsafe.

Also an IT guy: why the merry fuck was this stuff stored in a warehouse and not a secure goddamn facility?

Back in the 90s when I was an undergrad, I ended up chatting with my flatmate's father who was in IT security. He told a story of when a law partnership hired his firm to sort out security. The first thing he did was go to their offices, blagged his way in, sneaked into the managing partner's office and got onto his computer. The managing partner came into the office, saw him and asked who the hell he was. He told the managing partner he was the guy to sort out their IT security, and if they didn't have the physical security to stop someone just walking in and accessing their computers, they may as well not bother with IT security.

 

[09philj]

As a programmer and tech guy, DO NOT EVER TRUST US FUCKING STOP PUSHING FOR ELECTRONIC VOTING IT IS THE LEAST SECURE METHOD WE ARE ALL GARBAGE AT WHAT WE DO

Every year the Def Con hacking convention buys up a load of electoral hardware and demonstrates numerous security flaws in it, then produces a large report detailing what they found, which everyone then ignores.

Sadly they couldn't run it this year due to COVID, but it's not like last year's report will be wildly outdated: https://media.defcon.org/DEF CON 27/voting-village-report-defcon27.pdf

Highlights of the 2019 penetration testing included:
- All the encryption keys for voter data in an electronic pollbook being stored in plaintext in an xml file.
- Lots of default or non-existent BIOS passwords on hardware.
- Root access to a ballot marking machine achieved by removing three screws, plugging in a keyboard, and pressing the Windows key.
- Internet Explorer still being installed on a ballot marking machine.
- Access to USB and CF card reader slots on a voting machine being covered by panels secured with simple security screws.
- Finding out that one of the machines they bought had already been modified at some point.

 

[lil devils x]

Every year the Def Con hacking convention buys up a load of electoral hardware and demonstrates numerous security flaws in it, then produces a large report detailing what they found, which everyone then ignores.

Sadly they couldn't run it this year due to COVID, but it's not like last year's report will be wildly outdated: https://media.defcon.org/DEF CON 27/voting-village-report-defcon27.pdf

Highlights of the 2019 penetration testing included:
- All the encryption keys for voter data in an electronic pollbook being stored in plaintext in an xml file.
- Lots of default or non-existent BIOS passwords on hardware.
- Root access to a ballot marking machine achieved by removing three screws, plugging in a keyboard, and pressing the Windows key.
- Internet Explorer still being installed on a ballot marking machine.
- Access to USB and CF card reader slots on a voting machine being covered by panels secured with simple security screws.
- Finding out that one of the machines they bought had already been modified at some point.

And like I said earlier I was left alone with multiple machines for a prolonged amount of time when I went to vote and I could have done whatever I wanted and no one would have known the difference. If I had been someone who intended wrong doing, it would not have been difficult.

 

[Gordon_4]

Every year the Def Con hacking convention buys up a load of electoral hardware and demonstrates numerous security flaws in it, then produces a large report detailing what they found, which everyone then ignores.

Sadly they couldn't run it this year due to COVID, but it's not like last year's report will be wildly outdated: https://media.defcon.org/DEF CON 27/voting-village-report-defcon27.pdf

Highlights of the 2019 penetration testing included:
- All the encryption keys for voter data in an electronic pollbook being stored in plaintext in an xml file.
- Lots of default or non-existent BIOS passwords on hardware.
- Root access to a ballot marking machine achieved by removing three screws, plugging in a keyboard, and pressing the Windows key.
- Internet Explorer still being installed on a ballot marking machine.
- Access to USB and CF card reader slots on a voting machine being covered by panels secured with simple security screws.
- Finding out that one of the machines they bought had already been modified at some point.

Jesus Christ, who are these chucklefucks making these machines. This is embarrassing.