March 10th, 2005 01:56 PM
US Election hacked?
You knew that someone, somewhere was finally going to blurt out what many thought or believed to have been conspired. Personally, without proof, this is just "stirring the political pot". The possibilities were certainly there and it isn't that far from the potential from happening... I just question whether it did or not. Wouldn't it be better to call an investigation into the election process?
You can find more articles with this Google News Search
Source: Boston Herald
Teresa rips GOPís dirty tricks
By Andrew Miga
Wednesday, March 9, 2005
WASHINGTON - The presidential campaign may be long over, but Teresa Heinz Kerry is still stirring the political pot.
The outspoken wife of Sen. John F. Kerry last weekend openly questioned the legitimacy of electronic vote counts, cited GOP dirty tricks and scolded the Catholic Church for assailing her husband's pro-choice views.
During a fund-raising event in Seattle, she charged it would be ``very easy to hack into the mother machines'' and steal an election.
Heinz Kerry said she was appalled by the attacks of some Catholic bishops on her husband's support for abortion rights.
``You cannot have bishops in the pulpit - long before or the Sunday before the election - as they did in Catholic churches, saying it was a mortal sin to vote for John Kerry ,'' she said, according to the Seattle Post-Intelligencer.
Heinz Kerry said she doubted the accuracy of the 2004 vote, warning the 2006 mid-term elections are also at risk.
``I fear for '06,'' she said. ``I don't trust it the way it is right now.''
Reprising a familiar Democratic complaint, she alleged that ``two brothers'' who are ``hard right'' conservative Republicans ``own 80 percent of the machines used in the United States.''
Sen. Kerry has said that while there were irregularities in the 2004 presidential vote, particularly in states such as Ohio, he does not question President Bush's three-point re-election win.
Heinz Kerry's office, when asked to clarify her remarks, had no comment.
But a spokeswoman for the senator stressed Heinz Kerry was voicing her ardent support for election reform.
Said Kerry aide Katharine Lister, ``2006 marks the 40th anniversary of the Voting Rights Act and, in the spirit of this landmark law, she hopes Republicans and Democrats will work together at every level of government to ensure the passage of electoral reform and the preservation and protection of our voting rights.''
March 10th, 2005 02:05 PM
HA Washington... There's no security, or trust. Kind of like Military intelligence = oxymoron
MsM do you really think an investigation would achieve anything? I mean the same folks that put congress and Homeland security on WiFi would be doing the audit.
From Security Wire Perspectives
*Reigning in Washington's Wi-Fi hotspots By Mark Baard, Contributing Writer WASHINGTON, D.C. -- In a town already known for its poorly kept secrets, it may seem suicidal to make data even easier to access. But in the nation's capitol, where PDAs and cell phones are used in virtually every ballroom, office and food court, federal workers are demanding Wi-Fi access be ubiquitous.
That's why the U.S. Senate is deploying a wireless LAN to improve Capitol Hill communications, an effort that includes shutting down wireless access points set up in staff offices with off-the-shelf routers purchased at consumer electronics stores.
"My business drivers are (to provide) security and customer service,"
said Senate CIO and Assistant Sergeant-at-Arms Greg Hanson, who spoke at a government wireless and RFID conference in Washington last week.
His experiences can help other enterprises grappling with securing a highly fluid, mobile workforce.
Hanson and an information security officer familiar with government installations acknowledged that the staff also needs to police the Senate's network for wardrivers and rogue access points, set-up by users unsatisfied with the new network. "There will always be someone who can't quite get the reception he wants in his office," said the information security officer, Phil Cracknell, chief technology officer at U.K.-based consulting firm NetSurity.
Too many Senate office managers have taken it upon themselves to install Wi-Fi routers, many of them running with insecure, default configurations. Those default configurations typically broadcast the presence of the access points, issue IP addresses automatically, and may or may not even utilize WEP password protection. The performance of the Sergeant-at-Arms' WLAN must be superior to that of existing access points, so users will willingly give up their own routers, said Hanson.
Another trouble spot: Many legislators' staffs see themselves as not being under Hanson's control. In that way, "we are not like other organizations," he said. Still, the CIO plans a layered, defense-in-depth approach to WLAN security, in this case using the WPA Wi-Fi standard under the 802.11g specification, a VPN and
(eventually) hard tokens, such as smartcards.
The Sergeant-at-Arms Office "will be doing some warwalking to uncover unauthorized access points," said Hanson. The office soon will also have a centralized security operations center, from which IT can watch attacks on the network. Hanson will call on the Senate Rules Committee to settle any disputes with those insisting on keeping their own Wi-Fi routers, he said.
NetSurity's Cracknell was encouraged by the Senate's layered security measures. But, he cautioned, wireless users will take their devices off the Senate campus to insecure wireless hotspots throughout the capital, where they will be particularly vulnerable.
That means that on and off the Senate campus "they will need to issue strict guidelines for use of wireless networks, and then audit the hell out of them," he added.
March 10th, 2005 06:37 PM
Here's something that i found awhile ago and have been silently following, and it's right up this threads alley. This has gotten pretty much zero media attention, and I'm not really suprised. It did get made fun of on MSNBC though.
The way the proof of concept worked, was that it was utilized by the touch screen voting systems that were rolled out last election. If you touched certain parts of the screen you could manipulate the percentages, so the actual voting totals stayed the same, but a percentage of the votes would be switched from one candidate to another. I haven't read what I just linked for about 2 months, but I believe it was a one shot percentage shift that would switch the percentages to 51/49 in favor of the party you chose. Pretty slick setup, especially since no one can watch what your doing on those.
In my opinion I believe it was done, especially because of the close margins of the elections in the battleground states, and the fact that exit polls were completely off target with the computer tallied votes. The congressman was also republican, and they whooped the democrats pretty badly last year at the polls. Makes you think.... BTW I'm a conspiracy nut and don't particularly trust anyone (probably like alot of you security folks) so don't mind me.
March 10th, 2005 10:22 PM
Why exit polls mean nothing:
Loud mouthed liberals are going to more likely to scream who they voted for over quiet, conservative grandma's.
Any statistician will tell you their results aren't worth a damn because they use an entirely voluntary selection procedure. There is a huge amount of non-response bias associated with it.
I'm not debunking the other arguments, but exit polls are ****.
March 10th, 2005 10:58 PM
Good post MsM. I actually gave my government class a lecture about the new electronic voting machines. Now, the diebold machine code is easily available and has been reviewed many times through government audit. I don't want people saying that the government audits done on the machine code are 'rigged' simply because the govt did them. They were done by auditing groups who have no real political lean, they do their job, i trust them for the most part. There have been some other audits of the code by independent groups that gave it less than stellar ratings. Aside from that, there are blatant security problems with the transmission of votes.
After polling takes place at your precinct polling center, the diebold machines have to get their votes to the central vote server for the area. There are two options: A) Remove hard drives from the machine, deliver them by van to the central vote server site, and upload the voting data directly. B) Establish a direct dial-in connection with the central vote server, remotely log in, and send the votes _unencrypted_ over the phone line. Now, here's the hilarious part, there's basically no authentication at all. So, joe evil dude can go hack apart the TNI box of the building the machine is in, intercept the number the machine is calling, and then act like the central vote server and record the votes that come in. So, after this happens, joe evil dude changes the votes to his liking and replays what happened and directs that to the central vote server.
Hrm....sounding feasible yet? "But somebody must notice the vast statistical difference between the hacked votes and the regulap ballots, right?" Well, no. Bruce Schneier had a very good post about this at: http://www.schneier.com/crypto-gram-0404.html It seems rather simple to steal an election without anybody knowing it happened.
Personally, I'm surprised that they announced the winner without ever auditing the voting machine results, checking the local machine backups against the votes reported by the central voting servers, etc. There's a group called BlackBoxVoting that's trying to get audit logs of many sites that offered electronic voting under the FOIA. More information can be found at: http://blackboxvoting.org/
Is there a sum of an inifinite geometric series? Well, that all depends on what you consider a negligible amount.