[lbo-talk] Re:internet insecurity

Dwayne Monroe idoru345 at yahoo.com
Mon Jan 26 13:43:29 PST 2004


Frank Scott asked:

mine was a more general wondering...if this is a problem:

" Interception of data streams, transmitted via the public Internet, which could be decrypted and modified."

why isn't it equally a problem for money? probably because much better care is taken, by creating more foolproof programs...otherwise, why wouldn't individual crooks - or maybe revolutionaries?- intercept money streams, then decrypt and modify them to put money in my, your, or -heaven forbid - ramsey clark and answer's bank accounts?

================================================

Well you see, money systems HAVE been compromised from time to time.

It is difficult but far from impossible.

Of course, CitiGroup (for example) does not talk about these problems but I assure you they exist. Devising counter-measures to this sort of thing is a big part of how I spend my days.

Presently, the most common hack is "identity theft" (executed often via "social engineering" emails), a growing problem and a valuable object lesson of the sorts of hacks we'd encounter if Internet voting becomes the norm. The lesson: properly secure data havens are difficult to crack and are monitored closely. Also, the consequences for getting caught are quite harsh. A better target presents itself: inexperienced users and their poorly secured (mostly MS Windows) machines.

An example of an attack vector: a trojan applet, distributed via email, running on your machine, could harvest keystrokes, data caches (containing account data) and so forth and send this info to a bot for parsing and exploitation. The goal is to get between the user and the secure server.

...

Frank Scott writes:

obviously, my point is that it is no more a matter of electronics than war is a matter of computers...make the democratic demand for foolproof voting programs, rather than, say, a mars probe or a death ray, and we get such a program...no problem at all to create it, once we hire, or even order, the programmers to do so....no?

=======================================

The development of a democratic demand for a secure voting network requires that citizen-users:

a.) Understand the insecure nature of the present infrastructure

b.) Understand that this insecurity comes, largely, from the fact that most software is slap-dash, "as is" product designed to maximize profit.

A truly secure, robust and reliable distributed voting net would be the result of a collaborative effort not unlike the Open Source movement's projects. This is not going to happen anytime soon.

It is misleading to compare the creation of a good voting system with the engineering challenges of robotic space probes or directed energy weapons. All complex technical tasks are not complex in the same way.

Voting systems need to verify you are who you say you are, that your choices are being accurately recorded and that the recorded result has not been altered.

This is not a trivial task. Yes, money systems perform similar functions with a reasonable level of security and accuracy. But if your credit card has been charged 8 grand for purchases you never made there are recourses (your past spending patterns, etc).

A compromised voting system would be more difficult to troubleshoot - how would we know that you didn't actually vote for Pat Robertson if the database says so?

DRM



More information about the lbo-talk mailing list