More on the hacking of the US Election Assistance Commission. NOT GOOD.

They caught one hacker trying to sell information -- but for all they know there could have been other independent hackers.

Also, put this hack together with the discovery that the voting systems used in many states ARE connected to the internet and vulnerable to hacking.

It's harder and harder to believe that our election tabulators themselves weren't hacked.

http://news.softpedia.com/news/russian-speaking-hacker-breached-america-s-voting-machine-certification-agency-511025.shtml

According to a report published by the firm, the hacker managed to breach EAC systems and access credentials, including some with administrative privileges.

“These administrative accounts could potentially be used to access sensitive information as well as surreptitiously modify or plant malware on the EAC site, effectively staging a watering hole attack utilizing an official government resource,” the company says.

The hacker was trying to sell vulnerabilities in EAC systems to Recorded Future engineers, explaining that he managed to break into computers using an SQL injection flaw that was still unpatched.

Furthermore, it appeared that the hacker was already involved in talks with a Middle Eastern government, but more specifics were not available.

“It’s unclear how long the EAC vulnerability has been active; however, it could have been potentially discovered and accessed by several parties independently,” Recorded Future says.

SNIP


http://www.prnewswire.com/news-releases/critical-new-discovery-during-wisconsin-recount-cellular-connectivity-of-tabulators-leaves-door-open-to-hacking-300379050.html

MADISON, Wis., Dec. 15, 2016 /PRNewswire-USNewswire/ -- A huge security hole in our US elections, which allows alteration of vote totals by outsider or insider entities, was discovered during the Wisconsin recount, according to electronic security investigators from RecountNow.org.

A cellular capability is available as an option on the latest Election Systems and Software (ES&S) DS200 model of optical scanner.

"Cellular connectivity at the precinct level is bad," says IT specialist Jim March-Simpson, who, along with forensic investigator John Brakey, discovered and examined the vulnerability, "but the precinct-level scanners can open an internet channel to the central vote tabulator." March-Simpson is referring to a central unit that collects and adds vote totals from a whole region.

SNIP

An entity with "government-level resources . . . could completely 'own' the electoral process," March-Simpson says. "If the central vote tabulator does not have the best possible security, then even a good hacker with a normal PC can get in," he reports.

SNIP

There are currently over 26,500 ES&S DS200 optical scan vote-counting machines in 25 states. It is not yet known how many of them have the cellular capability at present, nor whether other equipment models have the same or similar capabilities. DS200 scanners count ballots electronically; ballots are fed in by hand but are counted by a computer inside in accordance with programmable instructions.


ON EDIT: Here is another expert opinion on the hackability of our voting system.

http://www.sevendaysvt.com/vermont/talking-cyber-security-with-a-norwich-expert/Content?oid=3882847


SD: You're assuming the job of Norwich's chief information security officer at a critical moment in history. This is the first time that cyber warfare may have played a role in the outcome of a U.S. presidential election.

GS: I can't speak specifically to that because I don't know who the malicious actors were, and I don't think we actually know yet. But you're right, we're starting to use technology more and more, especially in elections. We have the electronic voting machines now that are definitely susceptible to cyber attack. I don't think there's a solution to that right now. And it's going to continue to be a problem simply because, for the manufacturers of these devices, their audience is so small. It's local and state governments, and there's no real incentive for them to build security into them. I'm not picking on any one of them. It's just the way it is.