I have struggled trying to write something about the underlying IT of our recent elections without making this overtly partisan or political. So here goes: there was no hacking of our ballots. We had probably the most secure election in our nation’s history. No foreign power changed any ballots. Numerous recounts verified the results. Biden won, fair and square.
Yes, the precise tabulation of votes was off by a few votes here and there. But not enough to change the overall result or who will become our next president. The states that were called for each candidate – including an early prediction by Fox News that Biden won Arizona on election night — remained unchanged.
Sunday night on 60 Minutes Chris Krebs was interviewed about his role in securing our election. Krebs ran the Cybsersecurity and Infrastructure Security Agency for DHS for several years and built up a powerhouse support team for local elections officials. If you haven’t yet watched the segment, please take the time to do so, or at least read the transcript of his interview. He makes it very clear what happened, and more importantly, what didn’t happen. The claims by our president are just pure fantasy.
Krebs reiterates the points made in this November 12th letter signed by various government election officials who have been supporting the underlying security efforts: “There is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised.” Krebs wrote an op-ed for the Washington Post.
Krebs and his team put together a special website called “rumor control” that is still online. It contains FAQ about rumors and misinformation about our electoral process. We should have similar pages across all government agencies, especially in these times where facts are hard to come by. The Rand Corporation calls this truth decay and how we can’t agree on the facts anymore.
Ironically, many of these rumors were started by our president and his advisors.
Krebs was very accessible on election day, hosting a series of teleconferences with reporters every few hours. It was an odd series of briefings. I kept waiting for the ball to drop but as the day wore on, it was clear that our vote was clean. “It is just another Tuesday on the Internet,” Krebs said at one point. It was clear that he had done his job well, and we should have praised him. Instead, he was fired by a tweet a couple of weeks later.
In the process of writing about elections security for Avast’s blog, I have met and interviewed some of the computer scientists who wrote their own letter. They firmly state that claims about rigged elections “either have been unsubstantiated or are technically incoherent.” This includes allegations about the operations of one of the tech voting machine vendors: there was no wholesale transfer of votes.
Another irony: it is the abundance of paper ballot backups – and the 100M people that voted early and by mail — that made these claims false. Look at the Georgia manual recount. Yes, Georgia has had some tech problems in the past year, documented by this investigation in the Atlanta newspaper. But they ultimately pulled it together for November. Again, their final tally differs by a few votes here and there. There were some counting errors, but those were done by humans, not computers. And more importantly, they were discovered and corrected. The final tally for both candidates increased slightly. But Biden’s victory margin was tens of thousands of votes and remained intact after the recount. What is more impressive is the number of counties where the counts remained exactly the same.
Our elections – and our democracy – worked. Krebs said last night that it is “a travesty what is happening now with all these death threats to election officials. They are defending democracy. They are doing their jobs.” Here is more from another interview where he talks about these threats to a WaPost reporter.
Your eCommerce website is vulnerable to a variety of threats known collectively as web skimming. The hackers behind these threats are getting better at penetrating your site and installing their malware to steal your customers’ money and private information. And web skimming is getting more popular both with the rising frequency of attacks and with bigger data breaches recorded. In this post for Network Solutions’ blog, I describe how these attacks work, reference a few of the more newsworthy ones and provide a bunch of tips on how to prevent your own eCommerce site from becoming compromised.
It is hard to believe that it has taken the US IRS all this time to figure out a better authentication mechanism for taxpayers. But starting next month, all taxpayers can apply for an identity protection personal identification number (IP PIN) to block identity thieves from falsely claiming any tax refunds. To give you an idea of the magnitude of this problem, the IRS says several billions of dollars of phony refunds have been prevented through its half-hearted efforts to date. This includes phony refunds that are issued to taxpayers who never filed returns.
The original idea behind honeypot security was to place a server on some random Internet link and sit back and wait until some hacker happened by. The server’s sole purpose would be to record the break-in attempt — it would not be part of a normal applications infrastructure. Then a researcher would observe what happened to the server and what exploit was being used. A honeypot is essentially bait (passwords, vulnerabilities, fake sensitive data) that’s intentionally made very tempting and accessible. The goal is to deceive and attract a hacker who attempts to gain unauthorized access to your network.