I called for an opensource governmental initiative right after the first George W. Bush election. Hardly a thing has been done to secure elections in the USA. That's been on purpose. People have been playing dumb when caught out.
“Presumably, you could just hit the backspace button on the file, put in a new file name, and it would let you download that.”
Even if someone didn’t know the name of the document they were trying to access, they could instead find it by writing a code to probe the My Voter Page, said Buell, a computer science professor at the University of South Carolina and elections and voting technology expert.
The second vulnerability described in the email is found in the state’s online voter registration system.
In the code of the website — which anybody can access using their internet browser — there is a series of numbers that represent voters in a county. By changing a number in the web browser’s interface and then changing the county, it appears that anybody could download every single Georgia voter’s personally identifiable information and possibly modify voter data en masse.
In addition, voter history, absentee voting, and early voting data are all public record on the secretary of state’s website. If a bad actor wanted to target a certain voting group, all of the information needed is available for download.
“It’s so juvenile from an information security perspective that it’s crazy this is part of a live system,” Constable said.
What’s more, there don’t seem to be any security measures that could detect these changes or trace them back to a source, according to several of the experts.
Worse yet, a bad actor could easily pretend to be someone else, according to Constable. “In theory you could copy and paste that session ID or cookie — that unique string — and put it in your browser to emulate that person,” Constable said. “So not only could you access that person’s information and act as that person, you could then make changes under that person’s identity.”
Changes to voter registration information could create chaos on Election Day: long lines to vote, voters going to the wrong precinct, voters being given the wrong ballot, or not showing up on the polls at all.
... People who have built this have no idea what they’re doing.”