2016 Postmortem
Related: About this forumAnonymous has released a report pertaining to alleged hacking of the AZ election
(If interested, please help to keep this kicked for wider viewership. It is getting lots of recs, but dropping like a stone. I find it particularly important that voters in NY and CA be on the alert and check out their voter registration. Thank you.)Pretty damning stuff. Somebody definitely hacked the election, although, unfortunately, no concrete proof. I believe a full FBI investigation needs to be instigated, and Bernie should sue the state of AZ.
https://anonymousinvestigationsblog.wordpress.com/2016/03/26/anonymous-report-was-arizonas-voter-registration-database-hacked/
An excerpt:
?w=840
SNIP
...Arizonas Secretary of State website stores its data in SQL databases. Properly maintained (a big question given Arizonas constant penny wise, pound foolish budgeting), SQL databases can be defended against hackers with a moderate or lesser skill level. But SQL databases in general have been known to have a particular, structural flaw for decades. SQL Injection, where random data is entered into a data entry field, can trigger an SQL database to give up most or all of its goods to an unauthorized user. SQL Injection is nearly always the first line of attack a hacker learns, and at its most basic level, it can literally be taught to a toddler . A Vice article from November is entitled The History of SQL Injection, the Hack That Will Never Go Away. It notes that SQL Injection repeatedly takes the number one spot in Open Web Application Security Project Foundations triennial report on threats that websites face...
SNIP
...At this point, it is clear that some of the cases, like Ms. Robertsons, stem from ridiculous new procedures put in place by Arizonas Secretary of State and Motor Vehicles Division. That said, other cases like Biancas, clearly do not fit that pattern, and the apparent overwhelming impact on Sanders supporters cannot be explained by a glitch that should have hit all parties and candidate supporters in roughly equal numbers.
The numbers in Pima County and Maricopa are particularly glaring. Reports of five-inch thick piles of provisional ballots and up to 2/3 of ballots in a particular voting location in Pima are quite suspicious. Numbers Anonymous is using internally to monitor election results across the country suggest that Sanders should have won student rich, and reliably progressive Pima county comfortably. The lack of polling stations alone in Maricopa County cannot explain how Phoenix, with a Democratic Mayor, could see Republicans show up at the polls on election day to the tune of around 80,000 voters, while Democrats cast a paltry 33,000 votes in Maricopa County on election day...
SNIP
...In that vein, we should note that there are now likewise dozens and dozens of reports of Sanders supporters in places like Pennsylvania and New York, with upcoming closed primaries, finding that their own registrations have been switched. One such report arrived in our inbox on Friday morning, the final day for new voter registrations in New York. The emailer told us that the website for New York was going up and down intermittently. We asked what link they were using. When we checked it, our Tor Browser informed us that the website was insecure, presenting an invalid encryption certificate.
link to Anonymous's AZ switched database:
https://docs.zoho.com/sheet/published.do?rid=b7lrg2140d3169d644b8082fea3207bbb73c5
These are glaring results.
Can also follow on twitter here: https://twitter.com/HiveComm/with_replies
EDIT: This was their initial release on March 26:
:large
peacebird
(14,195 posts)TheDormouse
(1,168 posts)We Americans constantly criticize other countries for their fraudulent, rigged, and failed elections.
We turn a blind eye to our own.
see Bush v Gore
DamnYankeeInHouston
(1,365 posts)Hillary will sacrifice our party and our form of government to get elected. This stuff would never be noticed in the past. Hooray for the Internet.
Snotcicles
(9,089 posts)And it looks like it can be done from anywhere into many of these systems.
CharlotteVale
(2,717 posts)Dont call me Shirley
(10,998 posts)bvar22
(39,909 posts)100% of the time,
but that is just a coincidence.
Dont call me Shirley
(10,998 posts)The accusations of CT or "incompetence" or "it was just an honest mistake" by the other side are something to behold.
FourScore
(9,704 posts)avebury
(10,952 posts)lumberjack_jeff
(33,224 posts)bbgrunt
(5,281 posts)VulgarPoet
(2,872 posts)geek tragedy
(68,868 posts)Some people think about politics like it's a professional wrestling match--the bad guys only win if they cheat.
lol
FourScore
(9,704 posts)But thanks for the kick.
BreakfastClub
(765 posts)Viva_La_Revolution
(28,791 posts)Duppers
(28,120 posts)PCPrincess
(68 posts)I have recommended my first post! I've lurked for a long while, joined to finally leave my opinion a little while back after leaving HuffPo sometime back due to forced use of Facebook.
This needs to be seen. Although, does anyone know what steps are taken to check one's current registration in CA?
FourScore
(9,704 posts)Just google "voter registration" and the name of your town. The info should come up with who to call.
Welcome to DU, PCPrincess!!! I feel honored that my post was your first recommend!
noamnety
(20,234 posts)This link should be good for any state.
https://www.headcount.org/verify-voter-registration/
Chezboo
(230 posts)It can be done with a phone call. We're being told to keep checking the status too, with all the fraud that's happening around the country. Many Sanders voters in NY are finding out too late their status has been changed and they are being told they can't vote in the primary.
Check Status of Your Voter Registration
http://www.sos.ca.gov/elections/registration-status/
hootinholler
(26,449 posts)The person writing it didn't screw the pooch on the technical stuff.
FourScore
(9,704 posts)hootinholler
(26,449 posts)I'll try to be succinct and not very technical to give you a 30,000 foot level view of some of the problems I see in the article.
Let's start by admitting that I didn't visit the link and when I replied I was going by your excerpt, and the intuitive red flags I felt when I read it. That said, given the context, it's not as bad as I thought, but I still have problems with it. If in fact there was a successful SQL injection then it is a given that there are also serious problems with the AZ systems in that it is such a fundamental and well known and easily defended attack, it should never occur as we say, in the wild.
Hacked? Arizonas SQL Vulnerability
Anonymous asked three of our veteran hackers, of varying skill levels, to scan Arizonas Secretary of State website for vulnerabilities, while insisting that nothing illegal be done along the way. One hacker had health related issues that prevented her or him from doing a vulnerability scan. Another hacker was quite busy, but made two or three attempts. In each case, the IP associated with their vulnerability scan was immediately blocked by the website. One of Anonymous best hackers, however, discovered a massive vulnerability in less than a minute that we feel is nearly impossible to defend against a skilled and determined attacker.
UGH, that last sentence. Who wrote this, her Boyfriend or his girlfriend or any other way you want to combine them? The attack that succeeded is a fundamental in defense against the dark arts. Nothing was mentioned as to what access was gained and etc. What was this massive vulnerability? What access was obtained from it?
Arizonas Secretary of State website stores its data in SQL databases. Properly maintained (a big question given Arizonas constant penny wise, pound foolish budgeting), SQL databases can be defended against hackers with a moderate or lesser skill level. But SQL databases in general have been known to have a particular, structural flaw for decades. SQL Injection, where random data is entered into a data entry field, can trigger an SQL database to give up most or all of its goods to an unauthorized user. SQL Injection is nearly always the first line of attack a hacker learns, and at its most basic level, it can literally be taught to a toddler . A Vice article from November is entitled The History of SQL Injection, the Hack That Will Never Go Away. It notes that SQL Injection repeatedly takes the number one spot in Open Web Application Security Project Foundations triennial report on threats that websites face.
What a surprise! The Az database is SQL compliant. SQL is a standard that specifies what functionality must be available and provides a standards based Structured Query Language (SQL) which is used to obtain data from a compliant database.
The claim: "random data is entered into a data entry field, can trigger an SQL database to give up most or all of its goods is bogus on its face. Random data isn't used in a SQL injection, rather a SQL clause or command is used. This couldn't be farther from being random data. To work it has to be crafted.
Even if you are successful in making the injection there remains the problems in obtaining the query results. Attempts at SQL injection end in many different ways depending on the systems involved and I really can't say much more without more specifics. I will note that per the above excerpts one of their "best hackers" brought to bear a technique they claim "can literally be taught to a toddler" which I sort of have to stop for a minute and snicker at.
NoSQL or non-SQL databases have been around since the 1960s, gained popularity beginning in 1998 in the initial move to greater web security, and are used by banks, major social media sites, and web giants like Google and Amazon to process and protect big data.
This has absolutely nothing to do with the issue at hand. I'll leave the fact checks here as an exercise for the interested reader. Let's just say I consider this claim to be very dubious. Especially in the big data field which I have a bit of experience in.
Anonymous may release an addendum to this report at a later time outlining specific SQL related vulnerabilities for the Arizona Secretary of States voter related websites.
I look forward to the specifics of this amazing feat of crackerdom. It certainly wasn't a hack.
questionseverything
(9,654 posts)they are making their results transparent...i like that
amborin
(16,631 posts)AzDar
(14,023 posts)Pastiche423
(15,406 posts):Bump:
fun n serious
(4,451 posts)Go to the twitter link and take a HARD look at the people saying this crap. They're all fake PAID trolls. Go look for yourself. So Obvious.
blueintelligentsia
(507 posts)KT2000
(20,577 posts)shadowandblossom
(718 posts)2. how would they know who they are voting for in advance? I'm registered. There is no paperwork on who I'm voting for.
3. why have the republicans who have been working against Clinton, suddenly decided locally to support her? You see Sanders as the stronger candidate, maybe that's correct, I don't think so, but don't know, but as for republicans, they see Clinton that way. They don't want to deal with her. Why are they suddenly supporting her in this theory? How does that serve them. Please think critically.
I'm not trying to criticize you but it's worthless to jump on every explanation that favors your desires. Looking for the simplest explanation will get you better results. Please practice basic common sense before conspiracy theory, and look at what's going on locally first. There's adequate explanation there.
Sunlei
(22,651 posts)fake website only needs to be up for a short time to be effective.
randome
(34,845 posts)An SQL injection explanation and 'invalid encryption certificates' sounds like a normal day at the office, really. They didn't find anything and until someone does, it's safe to assume that the GOP fucked everything up with their usual fealty to screwing over voters.
[hr][font color="blue"][center]No squirrels were harmed in the making of this post. Yet.[/center][/font][hr]
questionseverything
(9,654 posts)The numbers in Pima County and Maricopa are particularly glaring. Reports of five-inch thick piles of provisional ballots and up to 2/3 of ballots in a particular voting location in Pima are quite suspicious. Numbers Anonymous is using internally to monitor election results across the country suggest that Sanders should have won student rich, and reliably progressive Pima county comfortably. The lack of polling stations alone in Maricopa County cannot explain how Phoenix, with a Democratic Mayor, could see Republicans show up at the polls on election day to the tune of around 80,000 voters, while Democrats cast a paltry 33,000 votes in Maricopa County on election day.
While Early Voting is increasing in Arizona with each election, we are rather skeptical of the idea that Maricopa had nearly 100,000 fewer Democrats voting in-person over against 2008s primary between Clinton and Obama.
Myrina
(12,296 posts)n/t
mariawr
(348 posts)BreakfastClub
(765 posts)do things like this:
http://www.xojane.com/issues/an-open-letter-to-anonymous-melissa-blake
felix_numinous
(5,198 posts)and weapons manufacturing, and we get these monkey business black boxes to vote with.
A standardized system with paper receipts is possible. It needs to be set up to assure democracy if we don't want to continue being a banana republic.
hopemountain
(3,919 posts)or printout. according to "claudia" in the article, her registration was correct the day before the primary - but when she got to the polling site, her designated party had been changed.
according to anonymous, the online voter registration checker is vulnerable to hacking. the voter info is provided by the states as required by law as "public information" - but the site allows one to change the registration or cancel it.