Skip to content

Russian Hackers Accessed US Voting Machines: US Assertion That Presidential Election Was Safe Focuses Perception Not Reality

January 4, 2017

The firm setting security for US voting machines reported Russian hackers got a hold of passwords to US voting machines and tried to sell them online. Supposedly this only happened after the election, and allegedly the “bad guys” were caught; however, nothing delegitimizes a presidency like a voting hack and a poorly worded Twitter campaign. Which does the public have more tolerance for? Russian hacking.

The U.S. agency charged with ensuring that voting machines meet security standards was itself penetrated by a hacker after the elections in November, according to a security firm working with law enforcement on the matter.

The security firm, Recorded Future, was monitoring underground electronic markets where hackers buy and sell wares and discovered someone offering logon credentials for access to computers at the U.S. Election Assistance Commission, company executives said.

Posing as a potential buyer, the researchers engaged in a conversation with the hacker, said Levi Gundert, vice president of intelligence at the company, and Andrei Barysevich, director of advanced collection.

Eventually they discovered that the hacker had obtained the credentials of more than 100 people at the Commission after exploiting a common database vulnerability, the researchers said.

The hacker was trying to sell information about the vulnerability to a Middle Eastern government for several thousand dollars, but the researchers alerted law enforcement and said Thursday that the hole had been patched.

While the Trump presidency complacency in the face of human rights violations has been compared to the rise of Nazism, with perception being more important than reality, it’s not surprising that Americans trust the Trump Twitter feed more than they do the FBI revelations of hacking in the US election.

So, we are led to believe that the voting machine hacking that US judges denied could happen when Jill Stein asked for a recount, notably in Pennsylvania where it was denied, actually happened. Here is where the perception of reality, i.e. that the US voting machines couldn’t be hacked because judges didn’t know how it could be done, determined policy equaling no recount when the reality is, the machines were hacked. Perception vs. reality seems to be the predominant feature of a Trump presidency and the American public.

The American public and judiciary want to believe that US voting machines weren’t hacked, and so therefore assert it couldn’t happen, all the while ignoring the reality that it already happened. Perception, in this case, was easier to stomach than reality, and so perception, or wishful thinking, creates an alternate reality. Creating that alternate reality based on perception is what led to Nazis taking over Eastern Europe. Perception: all those outside of Germany posed a threat to Germany’s independence and patriotism. Reality: Nazism posed the most extreme threat to Germany’s independence and patriotism.

Perception: the 2016 US Election couldn’t be hacked. Reality: Not on only was the election influenced by Russian spies, but US voting machines were hacked:

In the case of the election commission, the hacker used methods including an SQL injection, a well-known and preventable flaw, obtaining a list of usernames and obfuscated passwords, which he was then able to crack.

Though much of the Commission’s work is public, the hacker gained access to non-public reports on flaws in voting machines.

In theory, someone could have used knowledge of such flaws to attack specific machines, said Matt Blaze, an electronic voting expert and professor at the University of Pennsylvania.

The researchers were confident that the hacker moved to sell his access soon after getting it, meaning that he was not inside the system before election day. Further, the U.S. voting process is decentralized and there were no reports of widespread fraud in November.

Huffington Post published the article quote above, and while it has sources for its assertions that the hacker gained “non-public flaws,” there are no citations to support its assertion that “there were no reports of widespread fraud in November,” not that fraud didn’t occur, just that it wasn’t widespread. How can we trust that? And that is the point: if we want to believe that hacking didn’t take place, then we act as if it didn’t take place, and suddenly we can ignore the reality that US voting machines were hacked. Ergo, perception trumps reality.

The NYTimes calls the Russian hack the equivalent of the best weapon ever:

While there’s no way to be certain of the ultimate impact of the hack, this much is clear: A low-cost, high-impact weapon that Russia had test-fired in elections from Ukraine to Europe was trained on the United States, with devastating effectiveness. For Russia, with an enfeebled economy and a nuclear arsenal it cannot use short of all-out war, cyberpower proved the perfect weapon: cheap, hard to see coming, hard to trace.

GRAPHIC

Following the Links From Russian Hackers to the U.S. Election

The Obama administration announced sanctions against Russia and released a report that states that the Russian government deployed computer hackers to attack the Democratic Party’s computers.

Tadaaaa…Russian hacking in a quick and easy-to-understand graphic.
Perhaps Russian had a shot in the dark? A daring attack that was not well-orchestrated? Nope, perception, again is not the reality:
“There shouldn’t be any doubt in anybody’s mind,” Adm. Michael S. Rogers, the director of the National Security Agency and commander of United States Cyber Command, said at a postelection conference. “This was not something that was done casually, this was not something that was done by chance, this was not a target that was selected purely arbitrarily,” he said. “This was a conscious effort by a nation-state to attempt to achieve a specific effect.”
 Reality vs. Perception hit the D.N.C., too, with the perception that they were safe, when in fact, reality proved that hackers had infiltrated.

There were aspirations to ensure that the D.N.C. was well protected against cyberintruders — and then there was the reality, Mr. Brown and his bosses at the organization acknowledged: The D.N.C. was a nonprofit group, dependent on donations, with a fraction of the security budget that a corporation its size would have.

“There was never enough money to do everything we needed to do,” Mr. Brown said.

The D.N.C. had a standard email spam-filtering service, intended to block phishing attacks and malware created to resemble legitimate email. But when Russian hackers started in on the D.N.C., the committee did not have the most advanced systems in place to track suspicious traffic, internal D.N.C. memos show.

The NYTimes called it “aspirations” of security. I call it perceptions, but the reality is that no one was secure. All of the information regarding the initial reports of election hacking was disbelieved by a temp employee who didn’t take it seriously:

Mr. Tamene’s initial scan of the D.N.C. system — using his less-than-optimal tools and incomplete targeting information from the F.B.I. — found nothing. So when Special Agent Hawkins called repeatedly in October, leaving voice mail messages for Mr. Tamene, urging him to call back, “I did not return his calls, as I had nothing to report,” Mr. Tamene explained in his memo.

In November, Special Agent Hawkins called with more ominous news. A D.N.C. computer was “calling home, where home meant Russia,” Mr. Tamene’s memo says, referring to software sending information to Moscow. “SA Hawkins added that the F.B.I. thinks that this calling home behavior could be the result of a state-sponsored attack.”

There is no credible way to assert that our perception of safety is real when there is no basic attempt to even investigate safety breaches. Here is the reality, Dear Readers: hacking is nothing new. It’s been happening to the US government for 20 years now, according the the NY Times:

Their first major attack was detected on Oct. 7, 1996, when a computer operator at the Colorado School of Mines discovered some nighttime computer activity he could not explain. The school had a major contract with the Navy, and the operator warned his contacts there. But as happened two decades later at the D.N.C., at first “everyone was unable to connect the dots,” said Thomas Rid, a scholar at King’s College in London who has studied the attack.

Investigators gave it a name — Moonlight Maze — and spent two years, often working day and night, tracing how it hopped from the Navy to the Department of Energy to the Air Force and NASA. In the end, they concluded that the total number of files stolen, if printed and stacked, would be taller than the Washington Monument.

Whole weapons designs were flowing out the door, and it was a first taste of what was to come: an escalating campaign of cyberattacks around the world.

But for years, the Russians stayed largely out of the headlines, thanks to the Chinese — who took bigger risks, and often got caught. They stole the designs for the F-35 fighter jet, corporate secrets for rolling steel, even the blueprints for gas pipelines that supply much of the United States. And during the 2008 presidential election cycle, Chinese intelligence hacked into the campaigns of Mr. Obama and Mr. McCain, making off with internal position papers and communications. But they didn’t publish any of it…

The Russians grew stealthier and stealthier, tricking government computers into sending out data while disguising the electronic “command and control” messages that set off alarms for anyone looking for malicious actions. The State Department was so crippled that it repeatedly closed its systems to throw out the intruders. At one point, officials traveling to Vienna with Secretary of State John Kerry for the Iran nuclear negotiations had to set up commercial Gmail accounts just to communicate with one another and with reporters traveling with them.

The devil is in the details, so who is “G-ucifer”? (Spelling because auto-correct won’t let me spell Lucifer with a “G,” some kind of mind control there…) “G-ucifer” is a Russian hacker, with ties to the Russian government, “cloaked” by Google Translate and Microsoft Word, I kid you not. I can’t make this shit up.

On a whim, Lorenzo Franceschi-Bicchierai, a writer for Motherboard, the tech and culture site of Vice, tried to contact Guccifer 2.0 by direct message on Twitter.

“Surprisingly, he answered right away,” Mr. Franceschi-Bicchierai said. But whoever was on the other end seemed to be mocking him. “I asked him why he did it, and he said he wanted to expose the Illuminati. He called himself a Gucci lover. And he said he was Romanian.”

That gave Mr. Franceschi-Bicchierai an idea. Using Google Translate, he sent the purported hacker some questions in Romanian. The answers came back in Romanian. But when he was offline, Mr. Franceschi-Bicchierai checked with a couple of native speakers, who told him Guccifer 2.0 had apparently been using Google Translate as well — and was clearly not the Romanian he claimed to be.

Cyberresearchers found other clues pointing to Russia. Microsoft Word documents posted by Guccifer 2.0 had been edited by someone calling himself, in Russian, Felix Edmundovich — an obvious nom de guerre honoring the founder of the Soviet secret police, Felix Edmundovich Dzerzhinsky. Bad links in the texts were marked by warnings in Russian, generated by what was clearly a Russian-language version of Word.

We have Russian hackers at the DNC, and we have Russian hackers in voting machines. Clearly Russian hackers have a leg up on this cyberattack bit, one for which Trump, who is so old he thinks nuclear weapons are the only form of attack, literally can’t even comprehend. Great, elect the idiot who doesn’t understand cyber attacks, and the US is a ripe peach for the plucking.

Case in point: Russian malware was just used to hack into a computer that, while not connected to the grid at the time, was a company laptop for an electric company:

An employee at Burlington Electric Department was checking his Yahoo email account Friday and triggered an alert indicating that his computer had connected to a suspicious IP address associated by authorities with the Russian hacking operation that infiltrated the Democratic Party. Officials told the company that traffic with this particular address is found elsewhere in the country and is not unique to Burlington Electric, suggesting the company wasn’t being targeted by the Russians. Indeed, officials say it is possible that the traffic is benign, since this particular IP address is not always connected to malicious activity.

Perception, reality, perception, reality….

On Friday evening, The Post published its report, and Burlington Electric released a statement identifying itself as the utility in question and saying the firm had “detected the malware” in a single laptop. The company said in its statement that the laptop was not connected to its grid systems.

In case you were confused, The Post corrected its own story to say the laptop was NOT connected to the grid, but while everyone else seems to breathe a sigh of relief, I am left to wonder why an electrical company’s laptop was hacked. Why hack an electrical company if not to disrupt power service?

Perception, reality, perception, reality… According to joyful trumpets by competing news organizations of “fake news,” declarations of the The Post publishing the wrong story, Russian malware on a laptop could be “benign,” and is not “unique” to that infected electrical company laptop. Perception: because it’s not unique, it’s not dangerous. Reality: a hacker was able to get into an electrical company’s laptop that just happened to not be synced at that moment. Perception and reality here, becoming more and more of a dangerous game….

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: