Once a week.
Subscribe to our weekly newsletter.
A Hackathon Reveals Most Any Hacker Can Break Into Election Equipment
DEFCON hackers find it’s really easy to hack U.S. voting machines.
From July 27-30, 25,000 hackers — yes, you read that right — convened in Las Vegas for the DEFCON hacking conference. One of the topics under discussion was the security of U.S. voting systems, especially apt in light of ongoing investigations into possible Russian hacking of the American electoral system during the 2016 presidential election. At the conference, there was a gathering of voting hardware called “Voting Village" for hackers to check out and hack into, if they could. In September, DEFCON published the startling results of the Voting Village experiment at VerfiedVoting.org: Every single piece of voting hardware was successfully breached. The report was co-authored by DEFCON's founder Jeff Moss.
Douglas E. Lute, former U.S. ambassador to NATO, and retired Lieutenant General of the U.S. Army wrote the preface to DEFCON's report, explaining why he's getting involved in electoral security:
The answer is simple: last year's attack on America's voting process is as serious a threat to our democracy as any I have ever seen in the last 40+ years — potentially more serious than any physical attack on our Nation. Loss of life and damage to property are tragic, but we are resilient and can recover. Losing confidence in the security of our voting process — the fundamental link between the American people and our government – could be much more damaging. In short, this is a serious national security issue that strikes at the core of our democracy.
In fact, what happened at Voting Village was even worse that it seems, since the hackers didn't even possess the resources and tools a real-world hacker might have, such as “source code, operational data or other proprietary information," according to the report. And it didn't require any special skill, either; hackers of all levels broke in just fine.
Most of the equipment was purchased on eBay, though DEFCON has a special allowance that allows it to buy machines for research. Most current voting machines are made by just four manufacturers. All in all, there were 25 machines in Voting Village, including these:
The DEFCON report reveals how stunningly weak the U.S. voting system is, with bold text added for emphasis:
The first voting machine to fall — an AVS WinVote model — was hacked and taken control of remotely in a matter of minutes, using a vulnerability from 2003, meaning that for the entire time this machine was used from 2003-2014 it could be completely controlled remotely, allowing changing votes, observing who voters voted for, and shutting down the system or otherwise incapacitating it.
That same machine was found to have an unchangeable, universal default password — found with a simple Google search — of “admin" and “abcde."
Virginia has decertified the AVS Winvote. VERFIEDVOTING)
An “electronic poll book", the Diebold ExpressPoll 5000, used to check in voters at the polls, was found to have been improperly decommissioned with live voter file data still on the system; this data should have been securely removed from the device before reselling or recycling it. The unencrypted file contained the personal information — including home residential addresses, which are very sensitive pieces of information for certain segments of society including judges, law enforcement officers, and domestic violence victims — for 654,517 voters from Shelby County, Tennessee, circa 2008.
As important as the integrity of our election system is, the truth is it's a patchwork of rules and systems individually acquired and operated by each state in accordance with the first clause in Article 1, Section 4 of the U.S. Constitution.
Local politicians have been able to, for example, maintain their hold on power by preventing their opponents' constituency from voting. This has been done through literacy tests at the polling place, as well with the distribution of misleading information that's prevented voters from successfully casting ballots. Today, photo IDs are required in some states that make voting harder for certain groups — often, the only photo ID available locally is a drivers license — disproportionately affecting students, the poor, and the elderly. And there's always the question of incompetence that can result in ballots that make no sense to local voters or even to election officials during counting. Congress has modified national election laws only a few times to rectify egregious abuses, such as with the passage of the Voting Rights Act in 1965 and the National Voter Registration Act of 1993.
All of which is to say that each state decides not only how its citizens will vote, but what kind of electoral machinery will be used. Whether or not the state has the requisite expertise or personnel on hand to select the best equipment, operate it, and keep it up-to-date and secure, that's the way it works. Budgetary considerations at times drive state election officials simply to find and take the best deal available — regardless of potential conflicts of interest or other considerations — or force them to keep machines in service long after they should be de-certified and decommissioned. States don't have the resources to thoroughly research the source of their machines' components either, meaning that, as DEFCON notes, “the extensive use of foreign-made computer parts… within the machines opened up a serious set of concerns that are very relevant in other areas of national security and critical infrastructure: the ability of malicious actors to hack our democracy remotely, and well before it could be detected. “
Election consultant Pam Smith tells Who.What.Why, “The very notion that local election officials would be able to protect themselves, when they are underfunded and under-resourced, is almost laughable."
Five states — Delaware, Georgia, Louisiana, New Jersey and South Carolina — have chosen to forgo paper backups of voters' choices, and nine others are partially paperless. Paper backup is a critical line of defense when dealing with otherwise completely electronic Direct Recording Electronic (DRE) machines, viewed by cybersecurity experts as the most vulnerable systems, not to mention likely to experience occasional operational failures.
The now-established certainty that Russia compromised our electoral systems in the elections of 2016 — though the full effect of their incursions is not yet known as of this writing — makes it clear that in our interconnected world, electoral security needs to be considered an issue of national security and no longer left to individual states. As Lute writes, “First, Russia has demonstrated successfully that they can use cyber tools against the US election process. This is not an academic theory; it is not hypothetical; it is real. This is a proven, credible threat. Russia is not going away. They will learn lessons from 2016 and try again. Also, others are watching. If Russia can attack our election, so can others: Iran, North Korea, ISIS, or even criminal or extremist groups." Gen. Michael Hayden has said he suspects Russia's Vladimir Putin must be pleased: "He wants to bring us down in the eyes of ourselves and of his people."
Some state-level politicians will undoubtedly be reluctant to cede control over their election systems; we can expect to hear concerns voiced about “big government" whether in the context of it being an too-powerful controlling force on one hand, or, on the other, being incapable of doing it competently. There are currently state-level efforts under way to address the gaping security holes, and we can, at the very least, encourage these endeavors.
But belief in our democracy is something we're on the verge of losing altogether. Even before the 2016 election, doubt was in the air, and sSince then faith in the honesty of U.S. elections has dropped precipitously.
Given how unlikely it is that hackers bent on destruction have slacked off, though, the sooner we can secure our systems, the better. It may be something only the Federal government can do. We'll have to watch closely from here on in.
Why mega-eruptions like the ones that covered North America in ash are the least of your worries.
- The supervolcano under Yellowstone produced three massive eruptions over the past few million years.
- Each eruption covered much of what is now the western United States in an ash layer several feet deep.
- The last eruption was 640,000 years ago, but that doesn't mean the next eruption is overdue.
The end of the world as we know it
Panoramic view of Yellowstone National Park
Image: Heinrich Berann for the National Park Service – public domain
Of the many freak ways to shuffle off this mortal coil – lightning strikes, shark bites, falling pianos – here's one you can safely scratch off your worry list: an outbreak of the Yellowstone supervolcano.
As the map below shows, previous eruptions at Yellowstone were so massive that the ash fall covered most of what is now the western United States. A similar event today would not only claim countless lives directly, but also create enough subsidiary disruption to kill off global civilisation as we know it. A relatively recent eruption of the Toba supervolcano in Indonesia may have come close to killing off the human species (see further below).
However, just because a scenario is grim does not mean that it is likely (insert topical political joke here). In this case, the doom mongers claiming an eruption is 'overdue' are wrong. Yellowstone is not a library book or an oil change. Just because the previous mega-eruption happened long ago doesn't mean the next one is imminent.
Ash beds of North America
Ash beds deposited by major volcanic eruptions in North America.
Image: USGS – public domain
This map shows the location of the Yellowstone plateau and the ash beds deposited by its three most recent major outbreaks, plus two other eruptions – one similarly massive, the other the most recent one in North America.
The Huckleberry Ridge eruption occurred 2.1 million years ago. It ejected 2,450 km3 (588 cubic miles) of material, making it the largest known eruption in Yellowstone's history and in fact the largest eruption in North America in the past few million years.
This is the oldest of the three most recent caldera-forming eruptions of the Yellowstone hotspot. It created the Island Park Caldera, which lies partially in Yellowstone National Park, Wyoming and westward into Idaho. Ash from this eruption covered an area from southern California to North Dakota, and southern Idaho to northern Texas.
About 1.3 million years ago, the Mesa Falls eruption ejected 280 km3 (67 cubic miles) of material and created the Henry's Fork Caldera, located in Idaho, west of Yellowstone.
It was the smallest of the three major Yellowstone eruptions, both in terms of material ejected and area covered: 'only' most of present-day Wyoming, Colorado, Kansas and Nebraska, and about half of South Dakota.
The Lava Creek eruption was the most recent major eruption of Yellowstone: about 640,000 years ago. It was the second-largest eruption in North America in the past few million years, creating the Yellowstone Caldera.
It ejected only about 1,000 km3 (240 cubic miles) of material, i.e. less than half of the Huckleberry Ridge eruption. However, its debris is spread out over a significantly wider area: basically, Huckleberry Ridge plus larger slices of both Canada and Mexico, plus most of Texas, Louisiana, Arkansas, and Missouri.
This eruption occurred about 760,000 years ago. It was centered on southern California, where it created the Long Valley Caldera, and spewed out 580 km3 (139 cubic miles) of material. This makes it North America's third-largest eruption of the past few million years.
The material ejected by this eruption is known as the Bishop ash bed, and covers the central and western parts of the Lava Creek ash bed.
Mount St Helens
The eruption of Mount St Helens in 1980 was the deadliest and most destructive volcanic event in U.S. history: it created a mile-wide crater, killed 57 people and created economic damage in the neighborhood of $1 billion.
Yet by Yellowstone standards, it was tiny: Mount St Helens only ejected 0.25 km3 (0.06 cubic miles) of material, most of the ash settling in a relatively narrow band across Washington State and Idaho. By comparison, the Lava Creek eruption left a large swathe of North America in up to two metres of debris.
The difference between quakes and faults
The volume of dense rock equivalent (DRE) ejected by the Huckleberry Ridge event dwarfs all other North American eruptions. It is itself overshadowed by the DRE ejected at the most recent eruption at Toba (present-day Indonesia). This was one of the largest known eruptions ever and a relatively recent one: only 75,000 years ago. It is thought to have caused a global volcanic winter which lasted up to a decade and may be responsible for the bottleneck in human evolution: around that time, the total human population suddenly and drastically plummeted to between 1,000 and 10,000 breeding pairs.
Image: USGS – public domain
So, what are the chances of something that massive happening anytime soon? The aforementioned mongers of doom often claim that major eruptions occur at intervals of 600,000 years and point out that the last one was 640,000 years ago. Except that (a) the first interval was about 200,000 years longer, (b) two intervals is not a lot to base a prediction on, and (c) those intervals don't really mean anything anyway. Not in the case of volcanic eruptions, at least.
Earthquakes can be 'overdue' because the stress on fault lines is built up consistently over long periods, which means quakes can be predicted with a relative degree of accuracy. But this is not how volcanoes behave. They do not accumulate magma at constant rates. And the subterranean pressure that causes the magma to erupt does not follow a schedule.
What's more, previous super-eruptions do not necessarily imply future ones. Scientists are not convinced that there ever will be another big eruption at Yellowstone. Smaller eruptions, however, are much likelier. Since the Lava Creek eruption, there have been about 30 smaller outbreaks at Yellowstone, the last lava flow being about 70,000 years ago.
As for the immediate future (give or take a century): the magma chamber beneath Yellowstone is only 5 percent to 15 percent molten. Most scientists agree that is as un-alarming as it sounds. And that its statistically more relevant to worry about death by lightning, shark, or piano.
Strange Maps #1041
Got a strange map? Let me know at firstname.lastname@example.org.
Measuring a person's movements and poses, smart clothes could be used for athletic training, rehabilitation, or health-monitoring.
In recent years there have been exciting breakthroughs in wearable technologies, like smartwatches that can monitor your breathing and blood oxygen levels.
But what about a wearable that can detect how you move as you do a physical activity or play a sport, and could potentially even offer feedback on how to improve your technique?
And, as a major bonus, what if the wearable were something you'd actually already be wearing, like a shirt of a pair of socks?
That's the idea behind a new set of MIT-designed clothing that use special fibers to sense a person's movement via touch. Among other things, the researchers showed that their clothes can actually determine things like if someone is sitting, walking, or doing particular poses.
The group from MIT's Computer Science and Artificial Intelligence Lab (CSAIL) says that their clothes could be used for athletic training and rehabilitation. With patients' permission, they could even help passively monitor the health of residents in assisted-care facilities and determine if, for example, someone has fallen or is unconscious.
The researchers have developed a range of prototypes, from socks and gloves to a full vest. The team's "tactile electronics" use a mix of more typical textile fibers alongside a small amount of custom-made functional fibers that sense pressure from the person wearing the garment.
According to CSAIL graduate student Yiyue Luo, a key advantage of the team's design is that, unlike many existing wearable electronics, theirs can be incorporated into traditional large-scale clothing production. The machine-knitted tactile textiles are soft, stretchable, breathable, and can take a wide range of forms.
"Traditionally it's been hard to develop a mass-production wearable that provides high-accuracy data across a large number of sensors," says Luo, lead author on a new paper about the project that is appearing in this month's edition of Nature Electronics. "When you manufacture lots of sensor arrays, some of them will not work and some of them will work worse than others, so we developed a self-correcting mechanism that uses a self-supervised machine learning algorithm to recognize and adjust when certain sensors in the design are off-base."
The team's clothes have a range of capabilities. Their socks predict motion by looking at how different sequences of tactile footprints correlate to different poses as the user transitions from one pose to another. The full-sized vest can also detect the wearers' pose, activity, and the texture of the contacted surfaces.
The authors imagine a coach using the sensor to analyze people's postures and give suggestions on improvement. It could also be used by an experienced athlete to record their posture so that beginners can learn from them. In the long term, they even imagine that robots could be trained to learn how to do different activities using data from the wearables.
"Imagine robots that are no longer tactilely blind, and that have 'skins' that can provide tactile sensing just like we have as humans," says corresponding author Wan Shou, a postdoc at CSAIL. "Clothing with high-resolution tactile sensing opens up a lot of exciting new application areas for researchers to explore in the years to come."
The paper was co-written by MIT professors Antonio Torralba, Wojciech Matusik, and Tomás Palacios, alongside PhD students Yunzhu Li, Pratyusha Sharma, and Beichen Li; postdoc Kui Wu; and research engineer Michael Foshey.
The work was partially funded by Toyota Research Institute.
How imagining the worst case scenario can help calm anxiety.
- Stoicism is the philosophy that nothing about the world is good or bad in itself, and that we have control over both our judgments and our reactions to things.
- It is hardest to control our reactions to the things that come unexpectedly.
- By meditating every day on the "worst case scenario," we can take the sting out of the worst that life can throw our way.
Are you a worrier? Do you imagine nightmare scenarios and then get worked up and anxious about them? Does your mind get caught in a horrible spiral of catastrophizing over even the smallest of things? Worrying, particularly imagining the worst case scenario, seems to be a natural part of being human and comes easily to a lot of us. It's awful, perhaps even dangerous, when we do it.
But, there might just be an ancient wisdom that can help. It involves reframing this attitude for the better, and it comes from Stoicism. It's called "premeditation," and it could be the most useful trick we can learn.
Broadly speaking, Stoicism is the philosophy of choosing your judgments. Stoics believe that there is nothing about the universe that can be called good or bad, valuable or valueless, in itself. It's we who add these values to things. As Shakespeare's Hamlet says, "There is nothing either good or bad, but thinking makes it so." Our minds color the things we encounter as being "good" or "bad," and given that we control our minds, we therefore have control over all of our negative feelings.
Put another way, Stoicism maintains that there's a gap between our experience of an event and our judgment of it. For instance, if someone calls you a smelly goat, you have an opportunity, however small and hard it might be, to pause and ask yourself, "How will I judge this?" What's more, you can even ask, "How will I respond?" We have power over which thoughts we entertain and the final say on our actions. Today, Stoicism has influenced and finds modern expression in the hugely effective "cognitive behavioral therapy."
Helping you practice StoicismCredit: Robyn Beck via Getty Images
One of the principal fathers of ancient Stoicism was the Roman statesmen, Seneca, who argued that the unexpected and unforeseen blows of life are the hardest to take control over. The shock of a misfortune can strip away the power we have to choose our reaction. For instance, being burglarized feels so horrible because we had felt so safe at home. A stomach ache, out of the blue, is harder than a stitch thirty minutes into a run. A sudden bang makes us jump, but a firework makes us smile. Fell swoops hurt more than known hardships.
What could possibly go wrong?
So, how can we resolve this? Seneca suggests a Stoic technique called "premeditatio malorum" or "premeditation." At the start of every day, we ought to take time to indulge our anxious and catastrophizing mind. We should "rehearse in the mind: exile, torture, war, shipwreck." We should meditate on the worst things that could happen: your partner will leave you, your boss will fire you, your house will burn down. Maybe, even, you'll die.
This might sound depressing, but the important thing is that we do not stop there.
Stoicism has influenced and finds modern expression in the hugely effective "cognitive behavioral therapy."
The Stoic also rehearses how they will react to these things as they come up. For instance, another Stoic (and Roman Emperor) Marcus Aurelius asks us to imagine all the mean, rude, selfish, and boorish people we'll come across today. Then, in our heads, we script how we'll respond when we meet them. We can shrug off their meanness, smile at their rudeness, and refuse to be "implicated in what is degrading." Thus prepared, we take control again of our reactions and behavior.
The Stoics cast themselves into the darkest and most desperate of conditions but then realize that they can and will endure. With premeditation, the Stoic is prepared and has the mental vigor necessary to take the blow on the chin and say, "Yep, l can deal with this."
Catastrophizing as a method of mental inoculation
Seneca wrote: "In times of peace, the soldier carries out maneuvers." This is also true of premeditation, which acts as the war room or training ground. The agonizing cut of the unexpected is blunted by preparedness. We can prepare the mind for whatever trials may come, in just the same way we can prepare the body for some endurance activity. The world can throw nothing as bad as that which our minds have already imagined.
Stoicism teaches us to embrace our worrying mind but to embrace it as a kind of inoculation. With a frown over breakfast, try to spend five minutes of your day deliberately catastrophizing. Get your anti-anxiety battle plan ready and then face the world.
A study on charity finds that reminding people how nice it feels to give yields better results than appealing to altruism.