Results 1 to 8 of 8
  1. #1
    Member TheX1le's Avatar
    Join Date
    Sep 2006

    Half Assed Voting Machine Hack Research

    I happen to live in Ohio and I’m involved with the education of this Nov 7th Pole Workers training. The machines we are using are the new AccuVote-TSx. I went into this project after reading many articles about the lack of security with Diebold voting machines. I was pretty much convinced that this election could be decided by any six year old that could program a VCR. However after coming in contact with these machines, speaking with several Diebold Represenatives (some who also work in network security) and observing how the security will be handled I have since changed my tune. I’m not going to lie, yes they can be hacked but they are no more vulnerable then a standard paper ballot election. The purpose of my writing is to put at least some where on the net that there is good security in place and share a bit of information with my fellow computer users.

    Citing the article found on Wired.com's website about the Princeton Professor, Edward Felten states that they are vulnerable. In their current state this is true however Diebold is correct in saying that every one of their so called hacks has been countered or prevented against. This is not to say that they are secure. We all know there is no such statement as hack proof, given enough time energy and resources and a bit of talent and luck every thing can be cracked however on an election day or just before this would not be the case.

    From Wires Article “Felten and graduate students Ariel Feldman and Alex Halderman found that malicious programs could be placed on the Diebold by accessing the memory card slot and power button, both behind a locked door on the side of the machine. One member of the group was able to pick the lock in 10 seconds, and software could be installed in less than a minute, according to the report.” This is true however they are overlooking the simple fact that there is tamper proof tape over the entire access door including the lock that if played with and or removed the words void appear all through the tape and the serial number disappears. There is a log for each machine that keeps track of every serial number on the one use tags. If a machine is opened for any reason that breach is recorded by a witness from each party the change is made and a new tag is put on noting the new serial number. There is no way the memory card can be accessed with out some one knowing about it afterwards. This type of attack has also been referenced on CNET “During the simulated election in Leon, election officials tampered with the memory card of one of Diebold's Optical Scan machines. The security system used to protect against memory-card attacks failed to catch the falsified results, according to reports.” The memory cards are not even loaded into the machines till the morning of and those two come out of a sealed bag from the board of elections with its own serial number to be recorded and checked against the list given to the judges the morning of. To even tamper with the machine you would several minutes and this would still show up on the paper print out that is checked by each voter before making its way into the sealed canister inside each machine that is behind a locked door and more tamper proof tape.

    More from Wires Article “The researchers say they designed software capable of modifying all records, audit logs and counters kept by the voting machine, ensuring that a careful forensic examination would find nothing wrong” The flaw in this statement is that they are forgetting that after each ballot is cast they are printed onto thermal paper that is then displayed in a locked container under glass that goes up into yet another sealed canister with yet another one use tag and its own serial number. Each time paper is loaded the four judge’s sign the paper before it is fed into a new empty canister. Even if you could inject your own software into the machine a simple check by the voter of his ballot print out would then reveal the change.
    One of my favorite statements made by this illustrious professor is this though “It was also possible to design a computer virus to spread malicious programs to multiple machines by piggybacking on a new software download or an election information file being transferred from machine to machine, Felten said” I find this laughable though because how are they linked? The memory cards are preprogrammed and loaded the morning of and the machines are not linked. They are daisy chained for power so one outlet can power up to 6 machines and yes they have a two hour battery back up. However this is it. Some states allow them to transmit via modems over the phone lines to tabulate results how ever in Ohio this is not the case. Ohio machines have spot for the modems but they are not even installed. So I am not sure how this virus is going to propagate its self. One could argue that with the modems a MITM attack could be preformed but that’s the topic of a whole other paper.

    The Professors final words are “hacking dangers could be mitigated with better software, more restrictions on access to machines and memory cards, and paper receipts verified by the voter” Well he is right there but these have already been implemented rendering all the work he did useless. They were rendered before his article had even been published according to the slew of Diebold reps that I have spoken with. I finish with the thought that are these machines secure? No they are not but no more insecure then the old paper ballot system. The benefit being that we can now tabulate responses quicker.

    I too got caught up in the internet bandwagon of expecting easy pickings with the new voting system and a total breakdown of our political system. Trust me nothing would please me more as I have a great distaste for how our government is handled. However I wish to make it clear that things are not as bad as they seem. Though all is not lost yet there is still hope at least with electronic voting that is.

    The information in this paper are the opinions of the writer and should be not taken as fact until your prove them as such with your own research. If you find any mistakes or untruths please let me know and I will be happy to correct him. There is much on the net supporting both sides I simply picked these two articles as they best illustrated my points. Please do your own research before making up your mind. Thanks –TheX1le

    Articles I found my quotes from can be found here

    Wired Article: http://wired.com/news/politics/0,717...gy_computers_6

    CNet : http://news.com.com/2061-11203_3-5995798.html
    ...."Cant stop the signal Mel, Every thing goes some where and i go every where."...... "From here to the eyes and the ears of the verse, thats my motto or might be if i start having a motto" - Mr. Universe "Serenity"

  2. #2
    @ÞΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    St. Petersburg, FL
    Meh... Somewhere over in Europe (IIRC), they got an electronic voting machine to play chess.

    Oh... they also introduced software to change the way people vote... but I think chess is better.
    Real security doesn't come with an installer.

  3. #3
    Member TheX1le's Avatar
    Join Date
    Sep 2006
    Well what do you expect they are running windows CE its called WINCE for a reason
    ...."Cant stop the signal Mel, Every thing goes some where and i go every where."...... "From here to the eyes and the ears of the verse, thats my motto or might be if i start having a motto" - Mr. Universe "Serenity"

  4. #4
    Junior Member
    Join Date
    Jan 2006
    i thought all software purchased for use by the american government has to be cc evaluated. my understanding is that diebold has strong political ties and used these to bypass the normal procurement process.

    votes can be manipulated in any way the system chooses unless independent system evaluation a exhaustive machine code audit and a exhaustive hardware audit are accomplished. outsider threats are not the concern insider threats are.

    your article is biased sarcastic and carries no proofs. this means it is of no value other than editorial entertainment even if the content is accurate.

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington

    It isn't the hardware or the software............. the real problem is the people who are enfranchised; and even worse, those who are allowed to run for office

    All I can suggest is that the fair state of Ohio re-applies for membership of the British Empire........... then you don't get a vote, so it doesn't matter?

  6. #6
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Shawnee country
    We're really using electronic voting machines in Ohio now? I given up voting. It's just a sham. We got that crooked idiot Sherrod Brown running for Senate when Paul Hackett was obviously more popular. That was a backroom deal. Never even made it to the voters.

    Democracy only works in name anymore. I'm with Nihil: let's throw ourselves at the mercy of the Crown and perhaps we can be readmitted to the Commonwealth.

    -- sorry I'm off topic, delete this if you want.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  7. #7
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Here is an interesting read for ya!

    How to hack the vote and steal the election:
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  8. #8
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    It's depressing. Now that there's no "paper trail" at all, anything can be done (and may have been) with vote totals and we'd never know. Not that I think it matters that much who wins a national election. The people who pull their strings are basically the same. Local government elections are still worthwhile, I think.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts