Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Florida Election Servers Hacked Again

After state officials boasted about security improvements following a breach, a hacker once again breached the same voter record systems.

10 Massive Security Breaches
(click image for larger view)
Slideshow: 10 Massive Security Breaches
For the second time in a week, a hacker has broken into systems connected with voting in Florida, stolen data, and released it to the public.

The most recent breach occurred after Florida election officials had touted the security of their systems. "Glad you cleaned things up, pretty secure now guys," said the hacker responsible for the attack--who goes by the name "Abhaxas"--in a post to Pastebin uploaded on Thursday. That post also contained data obtained during the second hack.

Via Twitter, Abhaxas said that hacking into the servers--using well-known and what would be easy-to-close holes--took him about 10 minutes. Furthermore, he said he had access to all 310 databases on the server, though only publicly released information from two of them.

Florida officials said that the data stolen during the first breach was from an election office system in Liberty County. After that breach, Tim Durham, the chief department supervisor of elections for Collier County, downplayed the potential impact on election results, saying that every vote generates a paper trail. "Paper ballots are reviewed and compared with totals that are given per the voting machine and that's done at an open public meeting," he said, according to Storify. Likewise, another election official said that all vote tabulation was handled by a separate system, not breached during the attacks, that wasn't connected to any other systems.

Altering or tampering with election records is a third-degree felony in Florida. But the breach poses a pertinent question: Are electronic voting records so secure that an interested third party--perhaps even a foreign government--couldn't tamper with the results? The 2004 presidential election, of course, ultimately hinged on less than 400,000 votes cast in Florida.

Abhaxas made that point in the document that included information from the breached servers. "Who still believes voting isn't rigged? If the United States Government can't even keep their ballot systems secure, why trust them at all? Fail!" Furthermore, it sounds as if attackers wouldn't have to breach too many systems to create an impact. According to a Twitter post from Abhaxas, "after some research, I've found out 1 company manages all but 6 [counties'] voting sites--hosted on the same server."

The public dump of Florida voting system information is the latest in a recent string of so-called "hacktivist" efforts, which wield hacking as a means to a political end. Recently, for example, hacktivist group Anonymous has been launching distributed denial of service attacks against Turkish government agencies' websites, in protest against the country's plans to begin filtering the country's Internet access on August 22. (People in Turkey have also taken to the streets in protest.)

Likewise, as part of its 50-day hacking spree, LulzSec released a trove of sensitive information from the Arizona Department of Public Safety, in protest against the country's immigration policies. Less than one month later, that department was again hacked by the LulzSec and Anonymous spin-off known as AntiSec.

Black Hat USA 2011 presents a unique opportunity for members of the security industry to gather and discuss the latest in cutting-edge research. It happens July 30-Aug. 4 in Las Vegas. Find out more and register.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...