Florida Election Servers Hacked Again
After state officials boasted about security improvements following a breach, a hacker once again breached the same voter record systems.
The most recent breach occurred after Florida election officials had touted the security of their systems. "Glad you cleaned things up, pretty secure now guys," said the hacker responsible for the attack--who goes by the name "Abhaxas"--in a post to Pastebin uploaded on Thursday. That post also contained data obtained during the second hack.
More Security Insights
- How Attackers Identify and Exploit Software and Network Vulnerabilities
- Getting a Grip on Mobile Malware
- The 451 Group Impact Report: Skybox Enters Vulnerability Management Space
- Skybox Security Vulnerability Management Survey
Via Twitter, Abhaxas said that hacking into the servers--using well-known and what would be easy-to-close holes--took him about 10 minutes. Furthermore, he said he had access to all 310 databases on the server, though only publicly released information from two of them.
Florida officials said that the data stolen during the first breach was from an election office system in Liberty County. After that breach, Tim Durham, the chief department supervisor of elections for Collier County, downplayed the potential impact on election results, saying that every vote generates a paper trail. "Paper ballots are reviewed and compared with totals that are given per the voting machine and that's done at an open public meeting," he said, according to Storify. Likewise, another election official said that all vote tabulation was handled by a separate system, not breached during the attacks, that wasn't connected to any other systems.
Altering or tampering with election records is a third-degree felony in Florida. But the breach poses a pertinent question: Are electronic voting records so secure that an interested third party--perhaps even a foreign government--couldn't tamper with the results? The 2004 presidential election, of course, ultimately hinged on less than 400,000 votes cast in Florida.
Abhaxas made that point in the document that included information from the breached servers. "Who still believes voting isn't rigged? If the United States Government can't even keep their ballot systems secure, why trust them at all? Fail!" Furthermore, it sounds as if attackers wouldn't have to breach too many systems to create an impact. According to a Twitter post from Abhaxas, "after some research, I've found out 1 company manages all but 6 [counties'] voting sites--hosted on the same server."
The public dump of Florida voting system information is the latest in a recent string of so-called "hacktivist" efforts, which wield hacking as a means to a political end. Recently, for example, hacktivist group Anonymous has been launching distributed denial of service attacks against Turkish government agencies' websites, in protest against the country's plans to begin filtering the country's Internet access on August 22. (People in Turkey have also taken to the streets in protest.)
Likewise, as part of its 50-day hacking spree, LulzSec released a trove of sensitive information from the Arizona Department of Public Safety, in protest against the country's immigration policies. Less than one month later, that department was again hacked by the LulzSec and Anonymous spin-off known as AntiSec.
Black Hat USA 2011 presents a unique opportunity for members of the security industry to gather and discuss the latest in cutting-edge research. It happens July 30-Aug. 4 in Las Vegas. Find out more and register.