[quote]A majority of those attempts, according to the committee,
were “Structure Query Language (SQL)” injections, a tactic that Illinois
officials previously had said was used on their elections system.[/quote]
That’s Structured Query Language, often pronounced like “Sequel”. It’s a database language, created by IBM engineers decades ago, that uses English words to pick out the information they want.
For example, you could make a request similar to “From the RegisteredVoters database, select the people who are over 40 years old, and have a net worth over $500k, and voted in the last two congressinoal elections; and give me a list of their names and home addresses.”
The thing that makes “SQL Injection Attacks” a big deal among computer security people is that many other computer languages have a way of running SQL queries from inside programs written in those other languages. Often, programs ask the user what they want selected from the database the program is meant to use, and put the user’s input into an SQL query, and use the result just within the program. But if someone knows what other data is available there, she can craft SQL (and have the program execute it) that pulls data from other databases if the company (or government agency) hasn’t protected the data sufficiently; then she can have that data sent to another computer under the attacker’s control. Or she can delete the targeted database, or purge voters registered as members of the opposing party, or scramble data to make it unreliable.
Programmers have learned ways to “scrub” user input so unauthorized SQL can’t do these unapproved things… but managers want faster releases of cheaper software, rather than the most securely protected software. State governments and their election boards are particularly short of professionals skilled at preventing hacks like this.
OH boy, guessing I won’t need to go vary far out on this limb when I mention that these are 500,000 voters (sub) Z as in Zuckerberg units, you know like a new type of imaginary numbers only these are guarantied to increase exponentially…
Combined with weak or non-existent auditing procedures this appears to have had serious consequences in recent history; e.g., analysis of previous elections suggests significant tampering with vote tallies in multiple states. Landslide Denied | Election Defense Alliance
“Democracy no longer ends with a bang—in a revolution or military coup—but with a whimper: the slow, steady weakening of critical institutions, such as the judiciary and the press, and the gradual erosion of long-standing political norms.” ~ Steven Levitsky and Daniel Ziblatt (How Democracies Die, 2018)
First was the article yesterday where MD’s State election software is owned by a company with Russian connections headed by a Russian oligarch connected to all of this. So there’s a breach without even working hard. How many of the other States are similarly impacted? What are the States doing to correct this? Any patches they might install could be subverted in the next upgrade (I am a software consultant by trade).
Second, is this an implication, the half million voters’ breach, that says votes could have actually been tampered with or that people were turned away at the voting sites, which affected the outcome? Is this yet to be determined? At this point, without actual votes being tampered with, how does this Presidential election become invalid?
These answers may be yet to be determined, but the ramifications could be interesting.
