[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] FBI investigates hack at e-voting software company
From:       InfoSec News <isn () c4i ! org>
Date:       2003-12-31 9:10:58
Message-ID: Pine.LNX.4.44.0312310310470.3831-100000 () idle ! curiosity ! org
[Download RAW message or body]

http://news.com.com/2100-7349_3-5134106.html

By Paul Festa 
Staff Writer
CNET News.com
December 30, 2003

update: Local and federal authorities including the FBI are
investigating an intrusion into a computer network at an e-vote
software company, which suspects the hack was politically motivated.

VoteHere, a 7-year-old company in Bellevue, Wash., on Tuesday
confirmed reports that its network had been breached in October. The
company identified a suspect and said it turned the case over to the
FBI, the Secret Service and the U.S. Attorney's office for an
investigation that is ongoing.

"This is a crime," said VoteHere Chief Executive Jim Adler. "This is
about breaking and entering and stealing."

It's also, e-voting critics would say, about security.

The story of VoteHere's network breach, reported Monday by MSNBC and
the Associated Press, is likely to play into a lively debate over the
security and reliability of electronic voting systems. That debate has
risen in pitch as federal deadlines loom for states to upgrade their
voting systems, and e-voting systems provider Diebold has become a
lightning rod for criticism for its own series of woes relating to
security, partisan comments by its CEO and other issues.

Still, Adler sought to portray the intrusion as evidence the system is
working, because the break-in was quickly detected and investigated.

"What this demonstrates is that you cannot protect a system from
outside attack," said Adler. "People draw the wrong conclusion, that
because there was this intrusion, therefore you can't have confidence
in e-voting. But the confidence comes from understanding and believing
that nothing was compromised. And if it was, you want to make sure it
was detected."

Citing the criminal investigation, Adler declined to say what the
intruder might have taken before being caught. He also called that
aspect of the incident immaterial.

"We don't really care what this guy got," said Adler. "Security
doesn't rely on the secrecy of the algorithms. We're all a bunch of
cryptos (cryptographers) over here, so we know there's no security
through obscurity."

VoteHere has tentatively linked the suspect to a number of advocacy
groups critical of electronic voting systems. The company declined to
identify the suspect or the groups, again citing the investigation.

The FBI said the case was being handled by a federal and local
multi-agency group called the Northwest Cybercrime Task Force. No
suspects have been charged yet in the case.

VoteHere, which has posted some of its technical documents to the Web
at VerifiedVoting.org, and has pledged to reveal the source code to
its software when it completes an internal review within months, said
no elections were compromised in the intrusion.

The company's verification software works on top of other voting
systems. So far only Sequoia Systems has licensed the technology, but
has not yet implemented it.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@attrition.org with 'unsubscribe isn'
in the BODY of the mail.
[prev in list] [next in list] [prev in thread] [next in thread]