Maricopa Sheriff Penzone issued a statement regarding the election system routers the county is refusing to turn over to auditors.
Key point:
“The integrity of classified data, private information and law enforcement specific material would immediately be vulnerable and exposed, regardless of the steps promised by a private vendor who states otherwise.”
The integrity of all that was already compromised when the county stupidly and insanely used the general county network for the election system.
I have a bit of experience with computer networks that need to be secured against general access. Rule 1: Don’t tie systems together unnecessarily (like Worldcom did in the ’90s*).
Interestingly, Penzone claims turning over the routers could reveal “individual passwords.” What would those passwords be?
Obviously, they could include router administrator passwords; but how many people needed admin access to routers? If everyone in the MCSO had that, then — again — his network is already compromised.
Perhaps these are WiFi routers using WPA2 security, and the passwords are for individual users. But the election system isn’t supposed to have general WiFi access. Compromised.
Sheriff, your whole county was compromised when some idiot — who probably thought he was saving money — used the existing county network for the election system instead of springing for a secure and isolated election network. Blame him, not the Senate and the auditors.
* Worldcom decided to put all their DCS, muxes, SONET, etc., across the country, on one big WAN. In itself, not a prob. The NOC needed access to the systems. But they did two things very, very wrong:
1. They kept all the default admin passwords from the factory. Poor security. No security.
2. They left in place old legacy dialup modems that were tied into the local networks of individual POPs. And those dialups were not password protected.
Anyone, anywhere in the world could dial in to those modems and run rampant through nationwide network of the largest long distance provider in the country (at the time). A prankster could do anything he wished using default passwords, and much of the older systems that were hooked in used no passwwords. A malicious person could have killed the Internet (Worldcom did it at least once), and shut down US long distance phone service (mostly through cascading SS7 failures; I saw that happen, too, with another company. Way to go, Sparky.).
If you found this post useful, please consider dropping something in my tip jar. I could really use the money, what with ISP bills, rabbit feed, and general life expenses.Click here to donate via PayPal. |