Putin Is Well on His Way to Stealing the Next Election

[InfoSec News <alerts () infosecnews org>]

https://www.theatlantic.com/magazine/archive/2020/06/putin-american-democracy/610570/

By Franklin Foer
The Atlantic
June 2020 Issue

Jack cable sat down at the desk in his cramped dorm room to become an adult in
the eyes of democracy. The rangy teenager, with neatly manicured brown hair and
chunky glasses, had recently arrived at Stanford—his first semester of life away
from home—and the 2018 midterm elections were less than two months away.
Although he wasn’t one for covering his laptop with strident stickers or for
taking loud stands, he felt a genuine thrill at the prospect of voting. But
before he could cast an absentee ballot, he needed to register with the Board of
Elections back home in Chicago.

When Cable tried to complete the digital forms, an error message stared at him
from his browser. Clicking back to his initial entry, he realized that he had
accidentally typed an extraneous quotation mark into his home address. The fact
that a single keystroke had short-circuited his registration filled Cable with a
sense of dread.

Despite his youth, Cable already enjoyed a global reputation as a gifted
hacker—or, as he is prone to clarify, an “ethical hacker.” As a sophomore in
high school, he had started participating in “bug bounties,” contests in which
companies such as Google and Uber publicly invite attacks on their digital
infrastructure so that they can identify and patch vulnerabilities before
malicious actors can exploit them. Cable, who is preternaturally persistent, had
a knack for finding these soft spots. He collected enough cash prizes from the
bug bounties to cover the costs of four years at Stanford.

Though it wouldn’t have given the average citizen a moment of pause, Cable
recognized the error message on the Chicago Board of Elections website as a
telltale sign of a gaping hole in its security. It suggested that the site was
vulnerable to those with less beneficent intentions than his own, that they
could read and perhaps even alter databases listing the names and addresses of
voters in the country’s third-largest city. Despite his technical savvy, Cable
was at a loss for how to alert the authorities. He began sending urgent warnings
about the problem to every official email address he could find. Over the course
of the next seven months, he tried to reach the city’s chief information
officer, the Illinois governor’s office, and the Department of Homeland
Security.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_