I’m sorry, but I keep seeing US Uncut linked to on Daily Kos and my Facebook feed, so I feel like I need to do my part to cut through the loud noise of BS conspiracy theories that are driving people into a tizzy.
In this article, the headline says “Arizona Secretary of State Confirms Election Fraud Happened in State Primary (VIDEO)”. Well, no. The woman in question says she knew that some errors were found in the database, and even knew someone who had it happen to them, but that’s not evidence of election fraud. That’s just evidence that somewhere along the line, from the voter doing the registration form, to another person doing data entry at some point, to a bug in the system that hasn’t been discovered yet, causing party registration to be recorded incorrectly.
But I want to point out that this article makes a claim that is so outlandish that it deserves scrutiny. It makes the claim that the SQL databases are “easily hackable” through a SQL injection attack and links to a video of “a man teaches his 3 year old how to do it”. But since most people have no idea what that is, allow me to explain.
Back in the early days of SQL, people would create a webform and parse the results directly into a SQL string. For instance, if a user types in $username and $password variables, the result could look like this:
‘select * from users where username = ‘.$username.’ and password = ‘.$password
So if at some point someone realized that you could add some SQL code to the end of the password and it would search the users database, and then execute the next command.
‘select * from users where username = ‘joe’ and password = ‘smith’; delete from users;’
Yikes! That would delete all the users from the database!
But this was something first discovered 20 years ago. These days, PHP sites are created using frameworks that guard against SQL injection attacks. Daily Kos has a login form. Go ahead and try some SQL commands to see for yourself that any modern site won’t be hacked this way. And there’s no evidence that the voter rolls in Arizona have this vulnerability, so claiming that SQL databases are easily hacked is just garbage, especially since the method claimed is a SQL injection attack.
But let’s take it one step further. How would the attacker even know which Democrats to switch to independent? Are people registering somewhere as “Bernie Supporters” and “Hillary Supporters”? How could they be sure they weren’t inadvertently locking out a Hillary voter? It just defies logic. But if you read US Uncut, you come away thinking that election fraud in Arizona is all but guaranteed to have happened, and that there was a SQL injection attack involved, and that the DNC was behind it.
We’re supposed to be the reality based community, but in my opinion, that means we ought to reject stupid conspiracy theories. We’re not the progressive Alex Jones, are we?