[EL] The $45M Hiest from NYC ATMs
Jack Cushman
jcushman at gmail.com
Mon May 13 06:53:17 PDT 2013
Thank for this back-and-forth. It might be interesting to ask, are the
banks who are victims of this crime sure of *exactly* how much money was
stolen? If so, how? This is interesting because, in internet voting, "how
much money was stolen?" is the whole ballgame. The intruders' tasks are
different. If I break into a bank and move $45 million from one row in a
database to another, I haven't really accomplished anything; I then need to
get my hands on 2 million pieces of paper with "$20" printed on them, or
1000 kg of gold or something. And once I do, I don't care if the bank later
comes along and sees exactly how much money was taken. But if I break into
a voting computer and move numbers from one row in the database to another,
that's the whole crime; either the change goes undetected and I win, or it
gets detected and I lose.
So we might ask, for example: Do banks assume that numbers can never be
changed in their databases without their knowledge? Or do they depend on
the fact that the numbers are independently verifiable? Do they have
systems that let them verify the numbers if someone objects, using, for
example, paper?
If you acknowledge that all databases that are accessible to human beings
are potentially vulnerable to undetected intrusions and modifications (a
view based on experience, not ignorance), and then ask why the banking
system works anyway, it might lead in some fruitful directions in terms of
what kind of database you could trust to count votes.
Best,
Jack
On Mon, May 13, 2013 at 2:51 AM, David Jefferson <d_jefferson at yahoo.com>wrote:
> William Kelleher recently tried to undercut a posting by Richard Pildes,
> in which Mr. Pildes suggested that the recent $45 million heist of cash
> from ATM machines all over the world that was enabled by a cyber attack on
> the bank in question should give people pause when they think of the
> vulnerabilites of Internet voting. Mr. Kelleher argued that there is so
> little in common between online banking and Internet voting systems that
> "that financial crime has nothing to do with Internet voting security
> issues."
>
> I beg to differ with Mr. Kelleher. Essentially every security
> vulnerability in an online banking system corresponds directly to a similar
> vulnerability in online voting systems. And because the privacy, security,
> and transparency requirements for online voting are so much more complex
> and unforgiving than those for financial transactions, there are many more
> risks with online voting that have no analog in the financial world. This
> may seem counterintuitive, but for a full explication see my essay "If I
> Can Shop and Bank Online, Why Can't I Vote Online?" at
> https://www.verifiedvoting.org/resources/internet-voting/vote-online/.
>
> But Mr. Kelleher goes on to make serious errors of fact that should be
> corrected. Although the news media have not described in any detail exactly
> how the banking network was penetrated, he nonetheless suggests that some
> email-related attack may have been the means of penetration, and then
> argues in flat, authoritative-sounding language that "Internet voting
> servers are not connected to email systems". This is wrong on several
> counts. First, most of the Internet voting systems used in the United
> States not only are connected to email systems, but they actually *are*
> email systems! Email voting is legal in over 30 states, far more than any
> other form of Internet voting. Of all of the voting systems ever used in
> the U.S. email is by far the most vulnerable to automated fraud. (See my
> essay "What about Email and FAX voting?" at
> https://www.verifiedvoting.org/resources/internet-voting/email-fax/.)
>
> But even if we confine ourselves to commercial, web-based online voting
> systems, Mr. Kelleher is still overstating when he writes that "Internet
> voting servers are not connected to email systems". He can of course assert
> that, but he simply cannot know it, and it is unlikely to be true. As long
> as there is any desktop, laptop, or even mobile device connected to
> anything in the data center that contains the vote servers, including
> temporarily via VPN or RSH (sorry for the jargon) then a successful email
> phishing attack on that device would get the attacker one step closer to
> the goal of penetrating the election servers themselves. And there will
> essentially always be devices in the data center that receive email. It
> would be extremely difficult to conduct business otherwise. Note that it
> is not required that an email-capable device be actually connected to the
> same subnet as the vote servers for it to be a useful stepping stone in a
> penetration attack on the heart of the Internet voting system.
>
> Finally, Mr. Kelleher makes an essentially irrelevant but also false point
> that "Internet voting servers [are not] connected to far away or foreign
> servers, such as the Indian firm that set the limits on cards that could
> be used in New York ATMs". Of course in the essentially borderless world of
> the Internet it makes little technical difference where servers are
> physically located, so it is not clear what point he is trying to make. But
> Scytl, one of the big three Internet voting vendors vying for business in
> the U.S., is a Spanish company. In the famous Internet voting experiment in
> Okaloosa County, FL in the general election of 2008 in which Scytl was the
> vendor, its voting servers were located in Barcelona. So Scytl's vote
> servers, which collected real U.S. votes in a Presidential election in the
> swing state of Florida, were not just "connected to far away or foreign
> servers", they actually *were* far away, foreign servers!
>
> David Jefferson
> Computer Scientist
> Lawrence Livermore National Laboratory
> d_jefferson at yahoo.com
>
> All opinions are my own, and are not endorsed by my employer or any other
> organization I am affiliated with.
>
>
>
> _______________________________________________
> Law-election mailing list
> Law-election at department-lists.uci.edu
> http://department-lists.uci.edu/mailman/listinfo/law-election
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://webshare.law.ucla.edu/Listservs/law-election/attachments/20130513/bfd702d5/attachment.html>
View list directory