“States Struggle to Vet Coders of Election Software”
September 4th, 2024I’m not sure when I first wrote this on Cryptogon, but here it is again: The U.S. is a banana republic with nuclear weapons.
Via: Politico:
When election officials in New Hampshire decided to replace the state’s aging voter registration database before the 2024 election, they knew that the smallest glitch in Election Day technology could become fodder for conspiracy theorists.
So they turned to one of the best — and only — choices on the market: A small, Connecticut-based IT firm that was just getting into election software.
But last fall, as the new company, WSD Digital, raced to complete the project, New Hampshire officials made an unsettling discovery: The firm had offshored part of the work. That meant unknown coders outside the U.S. had access to the software that would determine which New Hampshirites would be welcome at the polls this November.
The revelation prompted the state to take a precaution that is rare among election officials: It hired a forensic firm to scour the technology for signs that hackers had hidden malware deep inside the coding supply chain.
The probe unearthed some unwelcome surprises: software misconfigured to connect to servers in Russia and the use of open-source code — which is freely available online — overseen by a Russian computer engineer convicted of manslaughter, according to a person familiar with the examination and granted anonymity because they were not authorized to speak about it.
The company that conducted the scan, ReversingLabs, has also warned about those issues in a blog post and a talk at a hacking conference last year, though it did not specify the state and the vendor where the issues were found.
New Hampshire officials say the scan revealed another issue: A programmer had hard-coded the Ukrainian national anthem into the database, in an apparent gesture of solidarity with Kyiv.
Related: Everyday ‘Placebo Buttons’ Create Semblance of Control
It’s always those pesky Russians (eye roll)