« Sunday Funnies (Condiplomacy edition) | Main | John Culberson - Flawed judgment »
July 31, 2006
Democracy is Safe Under Your Bed!
Harris County election judges have possession of Hart InterCivic eSlate System Judge's Booth Controllers (JBCs) for up to 72 hours before elections.
Support David Van Os, your Texas Democratic Party Judicial Candidates and James G. Pierre.
Go to original
Even A Remote Chance?
By Pokey Anderson
July 2006
Imagine sitting in your favorite easy chair with a remote control, and being able to just push EJECT and get George Bush out of office. Or, let’s say you’re on your laptop, and you can dial up a regime change.
“Hmm,” you say, “I’m feeling like blue today. Blue is a nice color. I think I’d rather have Kerry for president.” Let’s say you’re up late, it’s November 2nd, you see that Kerry is losing in Ohio, and you say, “the HELL with that!” So, with your laptop, you dial into the tabulator for, let’s just say, 41 of 88 counties in Ohio. And, you switch 14 votes per precinct from Bush to Kerry. Voila. Kerry wins.
Could that happen?
Or, um, the other way around—Kerry is winning, and someone dials in and changes a dozen or so votes in each of roughly half the precincts in Ohio, and VOILA, Bush wins Ohio. (A flip of a dozen votes in 5,000 precincts would result in a net change of 120,000 votes in Ohio, more than the tallied margin that separated the two candidates.)
Remote control of elections? Science fiction, right? Start playing the Twilight Zone music? Not exactly.
DIEBOLD—Hack Testers Waltz In
Let’s look at a test that was done for the State of Maryland on the Diebold electronic voting equipment. The testers used actual Diebold election equipment and, after a week’s study, attempted to hack and manipulate it. The newspaper report said they were nearly “giddy” with their success.
“One guy picked the locks protecting the internal printers and memory cards. Another figured out how to vote more than once—and get away with it. Still another launched a dial-up attack, using his modem to slither through an electronic hole in the State Board of Elections software.”
The team was able to remotely upload, download, and execute files with full system administrator privileges. Results could be modified at will, including changing votes from precincts.
“My guess is we’ve only scratched the surface,” said Michael A. Wertheimer, who spent 21 years as a cryptologic mathematician and code breaker at the National Security Agency.
As a bonus, the team of test hackers from RABA Technologies was able to change votes and exit the system without a trace of their visit. Slick! Wertheimer said, “If you believe, as I do, that voting is one of our critical infrastructures, then you have to defend it like you do your power grid, your water supply.”
The State of Maryland head of elections read the testers’ report and promptly issued a press release.
I couldn’t make this stuff up; here is what Linda Lamone said, “To this date, there has never been an election compromised. The findings in the SAIC and RABA reports both confirm the accuracy and security of Maryland’s voting system and procedures as they exist today.” And, Maryland bought the Diebold electronic voting machines. ... Read the rest of the essay (pdf)
Posted by Aimee Mobley Turney at July 31, 2006 09:50 PM | Permalink
Trackback Pings
TrackBack URL for this entry:
http://www.houstondemocrats.com/cgi-bin/mt-tb.cgi/1005
Comments
And... if you think the story above is bad, granted, at least we don't use Diebold machines in Harris County and most of Texas, but tell me this isn't sufficient cause to question the integrity of our elections as documented by this story titled -
The WORST EVER SECURITY FLAW FOUND IN DIEBOLD TS VOTING MACHINE
http://openvotingfoundation.org/
Contact: Alan Dechert
Reference: PICTURES
(Click on thumbnail. Click again on lower half of picture for high resolution)
SACRAMENTO, CALIFORNIA -- “This may be the worst security flaw we have seen in touch screen voting machines,” says Open Voting Foundation president, Alan Dechert. Upon examining the inner workings of one of the most popular paperless touch screen voting machines used in public elections in the United States, it has been determined that with the flip of a single switch inside, the machine can behave in a completely different manner compared to the tested and certified version.
“Diebold has made the testing and certification process practically irrelevant,” according to Dechert. “If you have access to these machines and you want to rig an election, anything is possible with the Diebold TS -- and it could be done without leaving a trace. All you need is a screwdriver.” This model does not produce a voter verified paper trail so there is no way to check if the voter’s choices are accurately reflected in the tabulation.
Open Voting Foundation is releasing 22 high-resolution close up pictures of the system. This picture, in particular, shows a “BOOT AREA CONFIGURATION” chart painted on the system board.
The most serious issue is the ability to choose between "EPROM" and "FLASH" boot configurations. Both of these memory sources are present. All of the switches in question (JP2, JP3, JP8, SW2 and SW4) are physically present on the board. It is clear that this system can ship with live boot profiles in two locations, and switching back and forth could change literally everything regarding how the machine works and counts votes. This could be done before or after the so-called "Logic And Accuracy Tests".
A third possible profile could be field-added in minutes and selected in the "external flash" memory location, the interface for which is present on the motherboard.
This is not a minor variation from the previously documented attack point on the newer Diebold TSx. To its credit, the TSx can only contain one boot profile at a time. Diebold has ensured that it is extremely difficult to confirm what code is in a TSx (or TS) at any one time but it is at least theoretically possible to do so. But in the TS, a completely legal and certified set of files can be instantly overridden and illegal uncertified code be made dominant in the system, and then this situation can be reversed leaving the legal code dominant again in a matter of minutes.
“These findings underscore the need for open testing and certification. There is no way such a security vulnerability should be allowed. These systems should be recalled”
OPEN VOTING FOUNDATION is a nonprofit non stock California corporation dedicated to demonstrating the need for and benefits of voting technology that can be publicly scrutinized.
Posted by: Sarah Gonzales at August 1, 2006 02:50 PM