Princeton computer scientist and former White House Deputy CTO Ed Felten (previously) writes about the security lessons of the 2016 election: first, that other nation-states are more aggressive than generally supposed, and second, that you don't need to hack the vote-totals to effect devastation on an adversary -- it's sufficient to undermine the election's legitimacy by messing with voter rolls, "so there is uncertainty about whether the correct people were allowed to vote."
Attacks on legitimacy could take several forms. An attacker could disrupt the operation of the election, for example, by corrupting voter registration databases so there is uncertainty about whether the correct people were allowed to vote. They could interfere with post-election tallying processes, so that incorrect results were reported–an attack that might have the intended effect even if the results were eventually corrected. Or the attacker might fabricate evidence of an attack, and release the false evidence after the election.
Legitimacy attacks could be easier to carry out than election-stealing attacks, as well. For one thing, a legitimacy attacker will typically want the attack to be discovered, although they might want to avoid having the culprit identified. By contrast, an election-stealing attack must avoid detection in order to succeed. (If detected, it might function as a legitimacy attack.)
The good news is that steps like adopting auditable paper ballots and conducting routine post-election audits are useful against both election-stealing and legitimacy attacks. If we have strong evidence of voter intent, this will make election-stealing harder, and it will make falsified evidence of election-stealing less plausible. But attacks that aim to disrupt the election process may require different types of defenses.
Lessons of 2016 for U.S. Election Security
[Ed Felten/Freedom to Tinker]
Yesterday’s massive ransomware outbreak of a mutant, NSA-supercharged strain of the Petya malware is still spreading, but the malware’s author made a mere $10K off it and will likely not see a penny more, because Posteo, the German email provider the crook used for ransom payment negotiations, shut down their account.
Petya is a well-known ransomware app that has attained a new, deadly virulence, with thousands of new infection attempts hitting Kaspersky Lab’s honeypots; security firm Avira attributes this new hardiness to the incorporation of EternalBlue — the same NSA cyberweapon that the Wannacry ransomware used, which was published by The Shadow Brokers hacker group — […]
The CBC asked me to write an editorial for their package about Canadian identity and politics, timed with the 150th anniversary of the founding of the settler state on indigenous lands. They’ve assigned several writers to expand on themes in the Canadian national anthem, and my line was “We stand on guard for thee.”
Despite the upfront cost, electric toothbrushes are much better at removing plaque than those freebies from the dentist’s office. For those who struggle to fill the American Dental Association’s recommended two minutes of brushing time, or anyone with limited dexterity, a sonic toothbrush can give your oral care routine a boost.To keep your chops healthy […]
Learning a new language will give your resume an upgrade, sure, but it will also provide a huge cognitive boost for mental tasks outside of translation and conversation. Bilingual brains have been shown to be better at handling multiple concurrent tasks, and gaining fluency in a new tongue is an amazing way to improve memory, […]
If you struggle to get a good night’s rest, consider replacing your pillows before dropping hundreds on a new mattress. You can give your tired neck a break with a 2-pack of memory foam pillows, available now in the Boing Boing Store.Each of these pillows is stuffed with cooling polyurethane foam that molds to your […]