Half Assed Voting Machine Hack Research
I happen to live in Ohio and I’m involved with the education of this Nov 7th Pole Workers training. The machines we are using are the new AccuVote-TSx. I went into this project after reading many articles about the lack of security with Diebold voting machines. I was pretty much convinced that this election could be decided by any six year old that could program a VCR. However after coming in contact with these machines, speaking with several Diebold Represenatives (some who also work in network security) and observing how the security will be handled I have since changed my tune. I’m not going to lie, yes they can be hacked but they are no more vulnerable then a standard paper ballot election. The purpose of my writing is to put at least some where on the net that there is good security in place and share a bit of information with my fellow computer users.
Citing the article found on Wired.com's website about the Princeton Professor, Edward Felten states that they are vulnerable. In their current state this is true however Diebold is correct in saying that every one of their so called hacks has been countered or prevented against. This is not to say that they are secure. We all know there is no such statement as hack proof, given enough time energy and resources and a bit of talent and luck every thing can be cracked however on an election day or just before this would not be the case.
From Wires Article “Felten and graduate students Ariel Feldman and Alex Halderman found that malicious programs could be placed on the Diebold by accessing the memory card slot and power button, both behind a locked door on the side of the machine. One member of the group was able to pick the lock in 10 seconds, and software could be installed in less than a minute, according to the report.” This is true however they are overlooking the simple fact that there is tamper proof tape over the entire access door including the lock that if played with and or removed the words void appear all through the tape and the serial number disappears. There is a log for each machine that keeps track of every serial number on the one use tags. If a machine is opened for any reason that breach is recorded by a witness from each party the change is made and a new tag is put on noting the new serial number. There is no way the memory card can be accessed with out some one knowing about it afterwards. This type of attack has also been referenced on CNET “During the simulated election in Leon, election officials tampered with the memory card of one of Diebold's Optical Scan machines. The security system used to protect against memory-card attacks failed to catch the falsified results, according to reports.” The memory cards are not even loaded into the machines till the morning of and those two come out of a sealed bag from the board of elections with its own serial number to be recorded and checked against the list given to the judges the morning of. To even tamper with the machine you would several minutes and this would still show up on the paper print out that is checked by each voter before making its way into the sealed canister inside each machine that is behind a locked door and more tamper proof tape.
More from Wires Article “The researchers say they designed software capable of modifying all records, audit logs and counters kept by the voting machine, ensuring that a careful forensic examination would find nothing wrong” The flaw in this statement is that they are forgetting that after each ballot is cast they are printed onto thermal paper that is then displayed in a locked container under glass that goes up into yet another sealed canister with yet another one use tag and its own serial number. Each time paper is loaded the four judge’s sign the paper before it is fed into a new empty canister. Even if you could inject your own software into the machine a simple check by the voter of his ballot print out would then reveal the change.
One of my favorite statements made by this illustrious professor is this though “It was also possible to design a computer virus to spread malicious programs to multiple machines by piggybacking on a new software download or an election information file being transferred from machine to machine, Felten said” I find this laughable though because how are they linked? The memory cards are preprogrammed and loaded the morning of and the machines are not linked. They are daisy chained for power so one outlet can power up to 6 machines and yes they have a two hour battery back up. However this is it. Some states allow them to transmit via modems over the phone lines to tabulate results how ever in Ohio this is not the case. Ohio machines have spot for the modems but they are not even installed. So I am not sure how this virus is going to propagate its self. One could argue that with the modems a MITM attack could be preformed but that’s the topic of a whole other paper.
The Professors final words are “hacking dangers could be mitigated with better software, more restrictions on access to machines and memory cards, and paper receipts verified by the voter” Well he is right there but these have already been implemented rendering all the work he did useless. They were rendered before his article had even been published according to the slew of Diebold reps that I have spoken with. I finish with the thought that are these machines secure? No they are not but no more insecure then the old paper ballot system. The benefit being that we can now tabulate responses quicker.
I too got caught up in the internet bandwagon of expecting easy pickings with the new voting system and a total breakdown of our political system. Trust me nothing would please me more as I have a great distaste for how our government is handled. However I wish to make it clear that things are not as bad as they seem. Though all is not lost yet there is still hope at least with electronic voting that is.
The information in this paper are the opinions of the writer and should be not taken as fact until your prove them as such with your own research. If you find any mistakes or untruths please let me know and I will be happy to correct him. There is much on the net supporting both sides I simply picked these two articles as they best illustrated my points. Please do your own research before making up your mind. Thanks –TheX1le
Articles I found my quotes from can be found here
Wired Article: http://wired.com/news/politics/0,717...gy_computers_6
CNet : http://news.com.com/2061-11203_3-5995798.html
