[iwar] E-Voting Firm Acknowledges Hacker Break-in

From: Fred Cohen <fc@all.net>
Date: Tue Dec 30 2003 - 08:08:17 PST

http://www.washingtonpost.com/wp-dyn/articles/A39285-2003Dec29.html

E-Voting Firm Acknowledges Hacker Break-in

By Ted Bridis
AP Technology Writer
Monday, December 29, 2003; 4:38 PM

A company developing security technology for electronic voting suffered an
embarrassing hacker break-in that executives think was tied to the
rancorous debate over the safety of casting ballots online.

VoteHere Inc. of Bellevue, Wash., confirmed Monday that U.S. authorities
are investigating a break-in of its computers months ago, when someone
roamed its internal computer network. The intruder accessed internal
documents and may have copied sensitive software blueprints that the
company planned eventually to disclose publicly.

Chief executive Jim Adler said VoteHere was confident it knew the identity
of its hacker and had already turned over "megabytes of evidence" to the
FBI and Secret Service. It also repaired the hole in its computer network
the intruder used to gain entry in October over the Internet, he said.

U.S. authorities confirmed the investigation but declined to comment further.

Adler would not identify the company's chief suspect but said he thinks the
person was linked to the debate over the security of electronic voting. The
same individual may be tied to the theft in March of internal documents
from Diebold Election Systems of Canton, Ohio.

"We caught the intruder, identified him by name. We know where he lives,"
Adler said. "We think this is political. There have been break-ins around
election companies over the last several months, and we think this is
related."

VoteHere, which is privately held, disclosed the federal investigation to
stress that the break-in did not affect the integrity of its voting
technology, Adler said. The company also wanted to pre-empt any criticisms
of electronic voting based on public disclosures of its internal records.

"I have no problem debating the merits of electronic voting with anyone,
but breaking and entering is not an appropriate forum for technology
debate," Adler said.

Adler said the intruder accessed internal corporate documents and may have
copied sensitive "source code," blueprints for software. But Adler said
VoteHere planned eventually to reveal that source code, which is protected
under patents, for review by outside security researchers.

"Given the political sensitivity to this issue, we felt it was important to
get out on this," Adler said.

-- This communication is confidential to the parties it is intended to serve --
Fred Cohen - http://all.net/ - fc@all.net - fc@unhca.com - tel/fax: 925-454-0171
Fred Cohen & Associates - University of New Haven - Security Posture

------------------
http://all.net/

Yahoo! Groups Links

To visit your group on the web, go to:
 http://groups.yahoo.com/group/iwar/

To unsubscribe from this group, send an email to:
 iwar-unsubscribe@yahoogroups.com

Your use of Yahoo! Groups is subject to:
 http://docs.yahoo.com/info/terms/
Received on Tue Dec 30 08:09:13 2003

This archive was generated by hypermail 2.1.8 : Tue Dec 30 2003 - 09:06:27 PST