Election security is critical, but why does the “Tech Capital of the World” (California), do so poorly?

March 17, 2018

Washington, D.C.

Just LAST MONTH, the Center for American Progress (CAP) released a new study on election security in all 50 states. Unfortunately, California… the “Tech Capital of the World” earned a mediocre grade of “C.”

The job of the Secretary of State is to make sure our elections are functioning properly and the CAP study shows that something is VERY wrong. The study evaluated election security including cybersecurity, after-election recounts/audits, voting machine certification, and more.

LINK TO STUDY —> Read the assessment here <—LINK TO STUDY

The study noted that states receiving a grade of C “have SIGNIFICANT VULNERABILITIES that leave them susceptible to HACKING and infiltration by sophisticated nation-states.” Of course, vulnerabilities are a concern no matter who may be attempting to access our voting systems.

The assessments of ballot accounting and reconciliation and paper absentee ballots as “Unsatisfactory” are particularly concerning.  Even areas where California received a grade of “Fair,” big corporate election software makes regular audits nearly impossible to verify.

I’m running for California Secretary of State because I believe that we can do better, and that in fact, we MUST do better if we want to protect our democracy from all attacks, whether foreign or domestic. By ensuring that we have paper ballots, full precinct-level audits, and PUBLICLY-OWNED/OPEN SOURCE SOFTWARE, we can improve the security and transparency of our elections and restore the trust of the public.

Ruben Major
Secretary of State Candidate
“Running with Ruben for Major Change”

The ACLU wins against Secretary Padilla

March 7, 2018

San Francisco, California

For the past several months, we’ve been campaigning to end California’s discriminatory practice of disenfranchising minority voters who see their mail-in ballots thrown away nearly TWICE as much as non-minorities.

Additionally, California has seen tens of thousands of mail-in ballots thrown out on the basis of signature mismatches and has not provided proper notification to voters when their votes are not going to be counted. This has been a known issue for several years, but has gone forward without any solution.

Now the ACLU has sued the current Secretary of State and won.

Petition

Court Order

It shouldn’t take a lawsuit to resolve this problem. At best, this issue shows negligence when it comes to protecting YOUR vote. Even worse, the Secretary of State’s office has defended disenfranchisement practices by calling injury to voters deprived of the right to vote “slight” in an official court filing. (see page 5 below).

This entire problem could have been avoided had the Secretary of State’s office issued a directive requiring counties to provide REAL notification to voters when their votes were not going to be counted. This has yet to be done. In fact, the office has no comment and has been “reviewing options” regarding appeal of the case.

It’s time for a Major Change. It’s time to elect a Secretary of State who stands up for the voting rights of Californians and isn’t afraid to go against those who might otherwise seek to restrict the right to vote. Help us bring integrity back to the office. Help us win by making a contribution of any amount below

Ruben Major
Secretary of State Candidate
“Running with Ruben for Major Change”[/vc_column_text][/vc_column][/vc_row]

Congrats to Doug Jones!

— Press Release —

December 13, 2017

Sacramento, CaliforniaI’m very excited to congratulate Doug Jones on his victory last night  in Alabama. 

Victories like this don’t happen in a vacuum. They are the combination of hard work, brilliant strategy, smart fundraising, and a winning advertising campaign. They are the culmination of the work of hundreds of people who spent time knocking on doors, making phone calls, and gathering signatures. They are the end result of hard work done by great teams.

I would be remiss if I didn’t mention, as Doug Jones did in his victory speech, the contributions of legendary strategist Joe Trippi. His advice and hard work helped bring this race home for Democrats and we are honored to have Joe’s advice helping guide our team as well. With the help of Joe Trippi and supporters like you we know we can win and bring positive change to the state of California in 2018.

As Mr. Trippi has noted, “It is critical to democracy that we immediately move toward the best election system security.” We couldn’t agree more!

Can you help us to continue this winning streak by giving $18 toward a victory in 2018?

Marin County Young Democrats Endorse Ruben Major for Secretary of State

— Press Release —

November 9, 2017

San Rafael, California

Breaking News — Marin County Young Democrats endorse Ruben Major for Secretary of State.

Amidst a ground swell of growing support, the Ruben Major for Secretary of State campaign announced the Marin County Young Democrats as its most recent endorsement.

The MCYD joins Secretaries of State, Caucus Chairs and a growing number of high profile Delegates supporting the Major campaign for fair elections.

Ruben Major announced he will be speaking at the CYD convention in Lake Tahoe this Saturday to bring forward his platform of free & fair elections.

“We are proud to be endorsed and pleased to be on the CYD ballot,” said, Secretary of State Candidate, Ruben Major.

Certifying Flawed Election Software by the Secretary of State is Dangerous to Democracy

— Press Release —

October 28, 2017

Oceanside, California

The campaign to elect Ruben Major is reaching out to all eligible voters because we want to express our concern for the security of California’s election systems. Currently, we are voting on machines which contain scientifically proven vulnerabilities that are endangering our democracy. These are the same systems in use across the country that called into question the legitimacy of the 2016 election.

Unfortunately, vendors selling election infrastructure also incorporate secret corporate code which prevent computer scientists from helping to secure our voting systems

Team Major strongly urges people look at these vulnerabilities for themselves and form their own opinions based upon the analysis. Be sure to ask questions and demand to know why the current Secretary of State continues to certify election systems known to be vulnerable to hacking.

The 2007 Top to Bottom Review was a comprehensive election systems study conducted by then Secretary of State Debra Bowen. The systems were de-certified, but unfortunately, the current Secretary of State has begun to certify new machines with known and critical vulnerabilities. Be sure to read the Staff Reports for full details…

Despite these problems, we know there is a path which will increase security and voter confidence at the same time. We can rid our voting systems of the insecure, corporate secret software and utilize publicly owned systems with open source software, and printed paper ballots. If Ruben Major is elected, he will deploy a public system that pulls back the secret curtain — a system which can be taken to the rest of the country.

Imagine if the Secretary of State of California said NO to the privatization of our elections. Imagine what affect this could have on the entire country. We can do better and we deserve better! The current Secretary of State has failed in his promise to move the state and country forward. It’s time for a Major Change!

NSA Leak confirms route of Russian hacking in virus transmission to election systems

The importance of the National Security Agency (“NSA”) leaked documents cannot be overstated.  I have been writing about voter registration and elections system hacking in the 2016 Primary and General Election for several months now and have surveyed following states related to these issues: Arizona, Alabama, Alaska, CaliforniaColorado, ConnecticutFlorida’s primary electionFlorida’s general election, GeorgiaHawaii, IdahoIllinois, & Indiana. In many of these states, we have found evidence which matches up with this prior analysis and helps to answer some unanswered questions. The above states help point to the likely route of transmission from the source of hacking to the voting machines themselves. There is only one final piece which needs to be conducted, and this is a forensic analysis of the machines. Brent Turner, Secretary of the National Association of Voting Officials (“NAVO”) has already asked for a forensic analysis from all 50 states, however, no state has yet permitted NAVO to conduct such an analysis.

Route of Virus Transmission

The importance of the NSA document is that it provides proof of actual malicious virus infiltration into the voting systems, beginning at the vendor level. The document explains that the Russian General Staff Main Intelligence Directorate (Russian military unit) attempted to and successfully infiltrated an elections systems company using phishing emails. VR Systems, an elections system vendor, is mentioned, but not identified as the hacked company in the NSA document. VR Systems is an election systems vendor, based out of Tallahassee, Florida which operates in California, Florida, Illinois, Indiana, New York, North Carolina, Virginia, and West Virginia.

VR Systems released the following statement in response to requests for comment by the media:

http://www.rubenmajor.com/wp-content/uploads/2017/06/security.pdf

Phishing YouTube Video

Infection of the election vendor’s computer system was accomplished by the user opening up emails which contained Word Documents that had viruses embedded in them. Once clicked, the virus extracted and was so powerful that it could give Total Access to whoever was doing the hacking. The entire process is described below:

http://www.rubenmajor.com/wp-content/uploads/2017/06/NSA-Report.pdf

After this was accomplished, hackers obtained over 120 email addresses for various election officials. It is not clear which election officials are affected. Wayne County, Indiana Clerk Debra Berry explained that she received information from VR Systems that Florida was the primary target, however, this has not stopped other election officials in different states from conducting an analysis. Currently, there is an on-going analysis of the election systems in various counties throughout the U.S.

There is no specific documentation other than Clerk Berry’s statement which explains where these election officials were located or if the leaked document describes an event limited to a particular geographic location. There is also no mention how many election officials were actually affected by the virus. It is import to note, however, that if any election official were infected, it could result in Total Access to their computer. Considering the scope of the operation and historical analysis of Russian hacking, it is likely that the attack was not limited to one election systems vendor but rather an extensive use of bot networks, which could send out numerous requests. The NSA document explains that the Word Document sends out a beacon when a computer is infected, most likely so a real human user can access the computer itself.

DDOS/Bot Networks

DDOS attacks are those which overwhelm a computer with repeated requests over and over until the server/computer shuts down. Bot networks can infiltrate massive numbers of servers/computers over many networks. The hacking tools discussed above had the ability to both bypass firewalls and inject malicious viruses everywhere. These tools could have been used to hit many different servers/computers across the country where election workers were unwittingly harboring a virus.

 

From Election Official Computers to Voting Machines

What makes this highly concerning is that if a hacker were to have complete access to the election system as an administrator, they could easily implant a virus on the computer that might reprogram the voting machines either prior to the election through removable media (such as a USB stick) infected with the virus that could change vote counts at some point.

There is no need for voting machines to be connected to the internet to get infected. Andrew Appel, a computer scientist at Princeton University explains: ”

“To hack a voting machine remotely, you might think it has to be plugged in to the Internet.  Most voting machines are never plugged directly into the Internet.  But all voting machines must accept electronic input files from other computers: these “ballot definition files” tell the vote-counting program which candidates are on the ballot.

These files are transferred to the voting machine, before each election, by inserting a cartridge or memory card into the voting machine.  These cartridges are prepared on an Election Management System (EMS) computer.  If that computer is hacked, then it can prepare fraudulent ballot-definition cartridges.  Are those EMS computers ever connected to the Internet?  Most of them probably are…”

This could all happen without an election officials knowledge. It is important to ask the question:

“why would the Russians stop at the election officials computer and not make a change to the actual vote count?”

There would be no benefit to going at the extreme length of setting everything up, but stopping short of finishing the job. If anything, it is absolutely necessary for the forensic analysis of the voting machines to take place in order to maintain Integrity of our election system. For far too long the systems have been vulnerable to hacking.

Additionally some State contracts prevent people from being able to conduct forensic analysis of the voting machines.

http://www.rubenmajor.com/wp-content/uploads/2017/06/Letter_to_Louisianared2-1.pdf

These are simply unacceptable results which need to change in order for people to be represented in a true democracy.

Leon County Florida Hacking Demonstration

In January of 2016 Dan Sinclare, Leon County, Florida Elections Supervisor Candidate and Dave Levin with Vanguard Cyber Security presented a short demonstration of how Levin was able to hack into the county election systems in Florida and found numerous problems with the security of the system.

It was incredibly easy for the Levin to get in and accomplish anything that the administrator was able to accomplish. He explained that “you be from Siberia and perform” the attack on the system. While Levin’s actions are considered by many to be White Hat Techniques, that did not deter his criminal prosecution for the act. He was later sentenced to 20 days in jail.

What’s important about this particular video has that it shows in real-time format how Hacker’s likely would have used state election officials credentials in order to do whatever the administrator could have done in the systems. It is important to note, that administrators had the responsibility of uploading and downloading candidate information as well as results to and from the administrators computer and the voting machines themselves. This is important because it demonstrates again, the route of transmission of the virus to the vote count systems. If an election official’s computer used for these actions was compromised with this virus, results could not be trusted.

Arizona

Voter registration systems were extensively targeted throughout the country as I have detailed in numerous reports. It is important to note that an attack on the voter registration systems is an attack on the vote count. In analyzing the NSA document reported above, it is important to note several issues in Arizona starting before the primary where voters were kicked off the rolls. Arizona Secretary of State, Michelle Reagan gave testimony accepting that there had been alterations of both Republican and Democrat party affiliations on the voter rolls — where they were changed to “No Party Preference.” Her testimony appeared genuinely concerned, shocked, and heartfelt. The results were truly disturbing.

Were these events related or was this part of another Russian hacking attempt? Either answer is concerning. The breach itself caused the FBI to issue a Flash Alert which was reported by Yahoo! on August 29, 2016. detailing a cyber analysis of the Arizona hacking incident.

It turns out that hackers were actually able to install malicious software, prompting the state to take the machines down/offline for nine days. It is also important to note that on January 10, 2017, local news reported that numerous lawmakers’ computers have been infected with malware, of which one of the characteristics was to bring up a screen in Russian.

Apparent Russian hacking

The fact that election officials and lawmakers’ systems were breached, tends to lend credence to the fact that the most important systems were affected. This Arizona attack was previously identified as part of a phishing email infiltration. Because of the way that botnets work it is important to point out that sending out queries to lawmakers and election officials computers, as well as the voting systems themselves probably occurred widely throughout the country. Again, a transparent forensic analysis of the voting machines would help to answer this question ultimately.

Illinois

The next state to consider is Illinois. I have previously reported and Illinois and from what I have found the Illinois State Board of Elections (“SBE”) had come out with a report which detailed an analysis of the infiltration which occurred into it systems prior to the general election. This infiltration involved involved obtaining usernames and passwords of election officials as demonstrated in the SBE report below:

http://www.rubenmajor.com/wp-content/uploads/2017/06/Illinois-Voter-Registration-System-Database-Breach-Report.pdf

It is important that there is credential harvesting in this case. Illinois officials would have likely been hacked in a manner which would result in Total Access to the election systems by the hackers. This could have been a way to change the vote tallies as described above. Again this is highly concerning.

Analysis/Solution

It is important to point out that the information provided above provides a route of transmission of Russian hacking in the election from the source to the vote count systems which tends to discredit the results. These issues need to be shored up as soon as possible in order to prevent any future incidents there have already been calls for the information to be declassified so that states can begin the necessary work to fix their election systems.

There is a solution to this problem which Mr. Turner, Brian Fox, and Dr. Juan Gilbert from the National Association of Voting Officials have demonstrated – See www.navo-us.org. This system advocates for complete and total transparency in the process. We need to make sure that the election systems are appropriately transparent so that the public has confidence in the system. General Public License Version 3 (GPLv3) open source ballot printing and tabulation systems have been tendered to the US government for public ownership and use, but have been kept on the sidelines by corporate led lobbyists.

Prime III Demo from Wisconsin Elections Commission on Vimeo.

This can no longer be tolerated as it is in direct conflict with the national security interest. The process is relatively simple. This process (1) begins with the voter  choosing the candidate which he or she would like to vote for. Then (2) a ballot is printed out and the voter verifies that the ballot matches the desired selection from the screen. The ballot is then (3) inserted into a privacy sleeve and (4) dropped into the ballot box where it is (5) counted at the end of voting. It is important to note that the count will occur at the end of the day and at the precinct where the vote was originally cast so that people from both parties, as well as voter, the media, and election officials can watch as the count begins to take place. The following video demonstrates how the system works:

Once the counting begins, all of the ballots are announced then (6) scanned into a scanner and the scanning process is projected on a big screen in the public count center. The hand count (8) audit will take place immediately and the hand count will be (9) matched up to the electronic accounting system. If there is found to be a problem with the machine scanner, then the scanner will be thrown out. The hand count will be paramount. Transparency is key here. It is important to use open-source GPLv3 software, because it is not proprietary and does not contain any secret coding which would prevent the forensic analysis of the voting machines. Many reputable entities requiring the best security platform possible utilize open source software, in particular the Department of Defense and NASA which use the code for numerous platforms within their operational makeup.

We deserve nothing less than to have transparency in the elections process as well as to have accountability. Voting officials, unfortunately can be reluctant to provide information related to deficiencies which may have occurred, but there is nothing more precious than a right to vote. If our right to vote is infringed upon, we will have no recourse and our democracy will no longer exist. There is no issue more important for our preservation as a shining example of freedom, than protecting our right to vote — we must continue this fight for our democracy.

Indiana confirmed hacking of 2016 election systems

Updated June 10, 2018

In the analysis of Indiana’s election system, we find hacking and confirmed penetration, millions of scans, and alarming concerns related to voter suppression. This is part of a U.S. wide analysis regarding potential “Vote Hacking” in the following states: Arizona, Alabama, Alaska, CaliforniaColorado, ConnecticutFlorida’s primary electionFlorida’s general election, GeorgiaHawaii, Idaho, & Illinois. This analysis follows below.

On October 18, 2016, Secretary of State Connie Lawson explained that thousands of voter registration records were altered using paper forms, through the Bureau of Motor Vehicles and via the state’s online voter registration system. In response, State police blamed and raided the Indiana Voter Registration Project, an organization with a solid reputation for getting out the vote, just prior to the election — thus preventing the additional potential registration of approximately 45,000 of black voters. The IVRP contacted the Department of Justice to assist, claiming Indiana violated the law in a manner which discriminates against minorities.

There has not yet been an update on the disposition of this case.

On November 1, 2016, Secretary Lawson explained Indiana began having its election systems scanned.

On December 16, 2016, scanning ceased, according to Secretary Lawson

On February 21, 2017, it was reported that an IP address originating from the Department of Homeland Security scanned Indiana’s voter registration database approximately 14,800 times. Secretary Lawson explained:

“we know that between November 1 and December 16 we were scanned with about 14,800 scans, nearly 15,000 different times.”

Accordingly, Indiana had been scanned approximately 222 Million times within one and a half months. The state’s IT team traced the intruder to a DHS computer’s IP address. The same DHS unit attempted 10 times in 2016 to hack into the Georgia electoral system. I discussed this countrywide issue at length in my analysis of Idaho and Georgia.

DHS had asked Indiana if their state wanted assistance with securing their election systems, along with many other states after the Illinois and Arizona election systems were compromised. Secretary Lawson’s IT Director, Thomas Vessely explained that Indiana, “kindly declined [DHS] assistance because we were very comfortable in the work we were doing in monitoring our election system.”

Secretary Lawson was asked why she believed DHS chose to scan their system. She explained that she:

“always assumed it was because I was the incoming President of the National Association of Secretaries of State and because we declined their assistance.”

I think it is important to repeat the same critical questions:

Was scanning the result of an active investigation?

If the IP addresses were from DHS, what would the agency have to gain from scanning a system after the election?

Why would DHS scan a state’s election system thousands of times?

It also calls into question Georgia’s case where there were only 10 scans conducted, versus other states reporting thousands. Further information is required and should be disclosed from the states and federal government so we can make a proper analysis. Transparency related to our elections process is key.

On February 22, 2017,  Computer World reported that Secretary Lawson made an admission that Indiana’s election system had indeed been penetrated. While defending that their voter registration system had not been penetrated, Secretary Lawson shockingly admitted that there was:

“one slight penetration on an (election) website that was actually old and out of date, so it didn’t go anywhere.”

This is highly critical because it represents an admission from a state governmental body that part of the election system, although implied to be insignificant, was penetrated.

Questions arise here, such as what was the extent of the hacking? When did the hacking occur? Is there logging information of the hacking? Also, was the IP address the same as those which came from Georgia or were they different?

Again, many more questions to be answered here.

Currently, there is an ongoing effort by the Indiana Secretary of State to purge voter information from the voter rolls. Secretary Lawson contends that this effort is meant to clean up information that is outdated and is compliant with federal law. In light of suspicious activities surrounding the voter rolls in the last election, such activities need to be scrutinized by the public and must be as transparent as possible and include reporting by the government so that there is accountability to ensure people are not unjustly purged from the rolls.

Analysis

We have numerous concerns related to the practices in Indiana which potentially point to minority voters discrimination. Additionally, with a confirmation of election system penetration, as well as over 200 million scans detected and reported upon, we need further information regarding the breech as well as scanning from Secretary Lawson’s office. There needs to be more transparency with voter registration system with regard to removing voters from the rolls. There also needs to be transparency in investigation process in order for voters to trust that the election system is working properly. Systems with multiple layers of protection best serve the public. Those responsible for maintaining the election systems have an obligation to ensure that we have confidence in administration. Failure to inform the voters does not instill confidence.

We need a full accounting of the voter registration problems in Indiana, answers to the above questions asked as well as a forensic analysis of the election results in order to ensure the vote counts. Same day voter registration, combined with other transparency safeguards to help improve the system. Paper ballots with open source, general public license voting with a 100% count at each precinct, and an anonymous receipt is the best way to rebuild confidence.

Russian hacking in Illinois puts our next election in peril

Controversy related to the firing of FBI Director James Comey as well as the reckless release of sensitive information to Russia during an active investigation should give us pause to consider those circumstances giving rise to such possibilities as well as what we must do moving forward to protect our democracy. Our voting system is in peril and we must do something to fix it immediately, otherwise we stand the risk of losing our democracy permanently.

This article discusses voter registration and voting machine related issues which indicate hacking of the election systems. While there may be other explanations for the problems described below, the fact remains that we must do something to fix our election and voting systems as soon as possible in order to avoid future compromise. I have already detailed circumstances indicating hacking in the following states: Arizona, Alabama, Alaska, CaliforniaColorado, ConnecticutFlorida’s primary electionFlorida’s general electionGeorgia, Hawaii, & Idaho. The information below goes through Illinois in the 2016 election, primary and general.

Illinios

On March 14, 2016, during early voting for the primary election, there were numerous reports of voting machine failures in Chicago. Voters reported picking a candidate and the receipt reflecting different information. They also reported trouble with the correct candidate information showing up. Board of Elections spokesperson, James Allen explained that their staff would verify calibration of the machines.

On April 5, 2016, the Chicago Board of Elections met to discuss an automatic recount of 5% which is required to ensure election integrity. Some of the observers, noted deeply disturbing issues, explaining that the machine totals did not match the paper totals and accused election officials of changing paper votes to reflect machine totals. Below is the hearing where these issues were discussed at length:

The comments regarding the Board’s meeting were critical, however, the results stood.

The important part here are the machine vote totals which were not said to match the paper ballot totals. This issue requires further in-depth study and analysis in order for us to have a better idea about what exactly happened with machines and why they did not reconcile.

On June 23, 2016, the Illinois State Board of Elections (SBE) is hit with a malicious SQL injection. The act went unnoticed for nearly 3 weeks. At the time, hackers gained valuable and critical information in a highly concerning manner.

On July 12, 2016 McLean County Clerk Kathy Michael posted a message on Facebook regarding the infiltrated election systems. The posting detailed how the event had used form fields to gain access to sensitive voting information using SQL injection.

http://www.rubenmajor.com/wp-content/uploads/2017/05/IllinoisElectionOfficial.pdf

The above message was sent by Kyle Thomas, Illinois SBE Director of Voting and Registration Systems and it explained that he believed the attack, while reaching voter information, did not add, delete or change records, nor did they seem to call up voting records. It is interesting to note that there is an actual copy of a certain voter’s record in Illinois. It this information was able to be accessed undetected, it could be highly problematic.

 

On July 13, 2016, officials took the Illinois Voter Registration System offline.

On July 19, 2016, the Illinois SBE notified the General Assembly and the Attorney General’s Office.

On July 21, the system went back online after making numerous security enhancements. Ken Menzel, the Illinois Board of Elections’ General Council explained in local media that hackers infiltrated via:

“a chink in the armor in one small data field in the online registration system,”

But again, the attack was significant enough for officials to take Illinois Voter Registration System offline in addition to the integrated vital records system which contains voter databases.

On August 12, 2016, attempted attacks abruptly ceased.

On August 18, 2016, the government complained that “hacking tools” had been stolen and issued an alert which was later disclosed by the media.

It is important to note here that the United States lost some of its most valuable hacking tools, disclosed in June 2016 by the New York Times, that these tools were ransomed, and this threat would later come out one week prior to the election from a group, the Shadow Brokers, claiming to hold the tools.

The Shadow Brokers are currently selling a subscription service of what it claims are NSA hacking tools. The information unfortunately is quite credible.

On August 26, 2016, the Illinois State Board of Elections issued the following report:

http://www.rubenmajor.com/wp-content/uploads/2017/05/Illinois-Voter-Registration-System-Database-Breach-Report.pdf

The report indicated that the SBE website was hit a massive number of 5 times per second 24 hours per day. The Board also concluded that “various IVRS passwords were compromised.” Those with compromised passwords included election authorities, staffers, SBE users, vendors and web services.

In order to maintain  compliance with the Illinois Personal Information Protection Act (PIPA). The SBE was responsible for notifying the State Assembly in the event of any such breach. The report explains that it is not final, however, no further report has been published from the SBE, despite calls from the Senate. This information should be updated so that people have a good, working understanding of thee election systems in Illinois.

Many people attribute the design of the “hacking tools” to a consortium called The Equation Group which techies believe is the NSA. Some of the details on this information was apparently found in some documents which Snowden leaked thus MATCHING The Equation Group with the NSA.

On September 1, 2016 WHNT News ran a story explaining that Alabama took action on the FBI Flash letter sent regarding suspected election hacking of Arizona and Illinois voting systems, later traced to known Russian hacking incidents.

In Illinois, in truly disturbing form, hackers used malicious SQL/database scanning software to inject code and obtain 200,000 voter files.

The case of voter registration hacking in Illinois and Arizona, led the FBI, among other intelligence agencies to issue the above alert attempting to explain to voting officials how to identify and act upon these new threats. Many counties simply did not have the technical resources to deal with election fraud and hacking properly and in a timely manner. Additionally, there are political questions which get in the way – the voting systems are particularly vulnerable.

On November 8, 2016, there were various reports of broken machines. Additionally, there were reports of machines not working and election judges not responding to the site to ensure proper voting and protocols were taking place.

The National Association of Voting Officials reached out to Illinois to ask for a forensic audit of the election systems.

However, Illinois has yet to provide permission or to respond to the request.

On March 15, 2017, the Illinois passed Senate Resolution 93:

http://www.rubenmajor.com/wp-content/uploads/2017/05/Senate-Resolution.compressed.pdf

The bill echoed The SBE initial findings and called upon the SBE to conclude their investigation, additionally, the resolution states:

“We urge that the Illinois SBE produce a final comprehensive report outlining the nature of breach, an audit of their IT Systems and that they enact preventative measures to ensure that such cyber interference never occurs again.”

There is yet to be any reporting on these particular issues published. This is highly concerning because the people need more accountability and transparency and the SBE promised a comprehensive report previously.

Analysis

The case of Illinois is a combination of issues which ultimately boil down to a lack of reporting information to the general public. Because the SBE has yet to release a final report on hacking, there is a lot of information missing from the story. It is important to note that it has been almost a year since the attacks took place and SBE became notified of the issue. We need a follow up from the SBE. Even the Senate called for an analysis of the systems.

With the recent release of the Wanna Cry ransomware and zero day vulnerability, among other well-documented issues related to the voting systems, we need to begin with an analysis of ALL voting machines to check for traces of malicious viruses. Once we are able to assess the damage, we will be able to make a better solution.

Voting itself needs to be as open and transparent as possible so the American people can have buy-in that the system is being fixed properly. NAVO advocates the following system which includes a 100% count at the precinct level, paper ballots and Open Source, General Public License software. The multiple redundancies help to ensure that the system is working properly. They are considered checks and balances in the event of compromise.

Open source software/paper ballot election systems are now deployed in New Hampshire and funds have been allocated for projects in San Francisco, Los Angeles and Texas per the National Association of Voting Officials.

Also important to note is that we can secure voter registration system though verification, such as two-factor authentication for any changes in information, various scripting solutions, and/or mail/email confirmation, among countless other solutions which I will detail once the 50 state survey is complete. Voter registration and vote count hacking should be at the very top of the list for any all Americans. If the issues are not rectified quickly lawmakers and candidates may find themselves in perilous circumstances where our very democracy will be at stake.

Hawaii worked with, while Idaho claims election system scanning by DHS

I have previously reported issues indicating “Vote Hacking” in the following states: Arizona, Alabama, Alaska, CaliforniaColorado, ConnecticutFlorida’s primary electionFlorida’s general election, & Georgia. There could potentially be other explanations for some of the circumstances offered, however, information provided may indicate characteristics of hacking. When combined with other states, this evidence substantially increases the likelihood of systems vulnerability and election hacking throughout the country.

Hawaii

On November 3, 2016, it was reported that Hawaii was working with the Department of Homeland Security to secure its election systems.

On November 8, 2016, there were reports of equipment problems at 18 different polling places with ballot scanning machines.

At Aiea high School and the University of Hawaii Laboratory School, there were reports of machine malfunctions. One of the voters, Jamie Swan, left with her ballot and said she would return later because of her experience with the machine at the Laboratory School. The precinct chairperson explained that the e-SCAN machine rejected ballots and even crumpled one voter’s ballot.

At Kapunahala Elementary School, poll workers were temporarily unable to find machines because they had allegedly been moved to another location by janitorial staff.

At Kapole Precinct, one voter explained:

At Manoa Elementary, the voting machine malfunctioned for an unknown reason and was down for 4 hours, from 7AM to 11AM.

At Mountain View Elementary School troubleshooters were sent to fix malfunctioning voting machines.

At Ocean View Community Center troubleshooters were sent to fix malfunctioning voting machines.

At Waiakea High School, troubleshooters were sent to fix malfunctioning voting machines.

There were also reports of machine jams among numerous other issues with the machines reported across the state. Despite the issues, Hawaii County Clerk Steward Maeda appeared confident, stating:

“All of our issues with our voting equipment is fine and people seemed to be voting with no problem.”

However, multiple issues reported across the area indicate large scale problems. Perhaps the Clerk was unaware of all issues occurring?

Analysis

Hawaii experienced numerous and significant issues with its voting systems. This is highly concerning because of the potential for vote hacking. Again, such characteristics become an issue with so many problems with the machines spread out all over the state. Additionally, there needs to be a uniform and transparent system of reporting machine malfunctions and investigation results which are reported to the public who deserves nothing less.

Idaho

Secretary of State Lawrence Denney explained that around November 8, 2016, it detected scanning of its election systems. Secretary Denney explained that access came from a Department of Homeland Security IP Address. He appears to have gained this information after Georgia Secretary of State, Brian Kemp sent the DHS IP Addresses to several states. Secretary Denney explained that many of those states had reported back to Secretary Kemp that their own systems had been scanned by the IP Address alleged to be DHS. In an earlier article on potential vote hacking in Georgia’s election systems, I discussed that DHS’s explanation was that a contractor had accessed the systems using a method identified using HTTP Options, in order to obtain information about whether a person was licensed.

As I had previously explained:

“Scanning activity – Georgia presents a wide range of issues which need to be addressed. It is likely that the “scanning” activity attributed to DHS was, in fact, occurring by the FLETC contractor in a routine performance of his/her duties in order to more rapidly obtain data. As there has been no further public pursuit by Secretary Kemp nor another official report provided to the media, it is likely the DHS analysis of the result is accurate.

However, it also seems plausible that scanning activities could have taken place in an attempt to assess Georgia’s systems for weaknesses. Secretary Kemp seems to imply nefarious intentions, but again, there has been no further evidence related to back up the claim presented to the public.”

Both Idaho and Georgia refused help from DHS to protect their elections further. Secretary Kemp explained later that one of the reasons for his state’s denial was that DHS had been offering the states “out of the box corporate solutions that some states needed. [Georgia] did not because we were already using our own.”

Secretary of State Denney (Idaho) explained that the DHS IP address showed up on their server on multiple occasions. DHS explained that

“When DHS conducts a cybersecurity scan of a network or system, we do so only with the cooperation and consent of the system owner.”

Secretary Kemp’s (Georgia) relaying of IP address information to Idaho and other states is important to note here.

Analysis

Idaho’s experience demonstrates concern regarding the DHS IP addresses provided by Secretary Kemp and distributed to the other Secretaries of States. While the Georgia incident had been explained as it related to the issue described above, with the contractor accessing the state website to obtain employee information, we should question why the same IP addresses accessed Georgia’s election system around November 8, 2016.

Additionally, we do not have many details related to the scanning activity in Idaho and there are not enough reports for us to make a definite conclusion at this point. As will be shown in future articles, the same IP addresses were alleged to have scanned other states, such as Indiana, thousands of times. Interestingly, scanning occurred after the election into mid-December. This is concerning because we need an explanation for why such activity took place.

Several Questions come to mind:

Was this the result of an active investigation?

If the IP addresses were from DHS, what would the agency have to gain from scanning a system after the election?

Why would DHS scan a states election thousands of times?

It also calls into question the conclusions in Georgia’s case. Further information is required and should be disclosed from the states and federal government so we can make a proper analysis. Transparency related to our elections process is key.

General Public License version 3 is the best possible solution at this time. It is inexpensive, non-secret software and more secure than what we are currently using.

Prime III Demo from Wisconsin Elections Commission on Vimeo.

Deploying a system, such as that advocated by the National Association of Voting Officials, which contains both paper ballots and true open source coding (not secret) can help to prevent another national security crisis. We deserve better than to permit our systems to be insecure. It is critical that we act as soon as possible — as these problems will only continue to grow if not addressed immediately.

 

California universal healthcare bill will save lives and seeks to decrease rising costs

Insurance companies have had their chance to make healthcare work for the people and they have failed — their failure is not just the increasing costs but rather the capital paid in human lives as a result of a lack of appropriate healthcare coverage. Last night we had a very informative session put on by Kyle Thayer, a Paramedic and community leader, who lives in North County San Diego. Mr. Thayer has been tirelessly advocating for the passage of Senate Bill 562 which is a healthcare bill asking for the removal of insurance companies from the process of most healthcare — termed “Single Payer.”

The bill was introduced by California Senator Toni Atkins and is supported by the California Nurse’s Association.

http://www.rubenmajor.com/wp-content/uploads/2017/04/amended-senate.pdf

Under the bill, health insurance companies would still be permitted to involve themselves in non-essential care such as cosmetic surgery, but they would be taken from the administration of care which has largely contributed to the rising costs as well as record profits of healthcare in recent years. Currently the bill is in referral status and has been assigned to the Committee on Health for further discussion.

The content delivered last night is one of a series of presentations related to the Single Payer program across the state being organized by Healthy California. Mr. Thayer explained the importance of this bill in the context of saving lives.

As a Paramedic, myself, I can relate to the stories that he related about how so many people who go without healthcare will see their conditions worsen or even die. Mr. Thayer explained that he sees no good reason why we can’t come together to solve this problem and that nobody deserves to die because they do not have health insurance. His tireless advocacy aims to put an end to these terrible results. If passed, Senate Bill 562, by it’s removal of insurance companies as the primary administrators, is likely to substantially decrease the cost of overall care for Californians.

Insurance companies have had their run at administering healthcare for many years. Now it’s time to give that power back to the people.

More information about Senate Bill 562 can be found on the state legislature website.