The Diebold Voting-Machine Hack

Warm John writes to mention a short article on Doctor Dobbs Journal about the Hack that couldn't be done. "Hacking a Diebold voting machine was the focus of Cigital's Gary McGraw's keynote at SD Best Practices. He discussed 'Security Analysis of the Diebold AccuVote-TS Voting Machine,' a paper released by Edward Felten, Ari Feldman, and Alex Halderman of the Princeton Center for Information Technology Policy. 'The paper details a simple method whereby the Princeton team was able to compromise the physical security of a Diebold voting machine, infecting it with a virus that could change voting results and spread by memory-card to other machines of the same type.'"

firmware flash

[thedrunkensailor (992824)]

if i flash it can i use it as a calculator too?

Re:firmware flash

[creimer (824291)]

You don't want to do any flashing around these machines. The little old ladies behind the voting table will be watching you like a hawk and they're swoop down on you so fast with their canes before you could even think about flashing anyone. If you want a safe voting experience, you must see no evil, hear no evil or speak no evil when the voting machine flashes you!

Re:

[An Onerous Coward (222037)]

I wouldn't suggest it. With a Diebold calculator, you give it the problem, and also the solution you want it to give you when it's done calculating.

meme seems appropriate

[xanie (446372)]

I'm in your voting machine stealing your election.

America Has A Rootkit

[Jeremiah Cornelius (137)]

And no, SpybotSD can't help you.

Money more important than a fair vote?

[ronkronk (992828)]

Man Diebold looks slimier and slimier every passing week, but I'm more disturbed by Joe Demma's, Salt Lake's chief elections officer, response to Bruce Funk's actions. Granted, Funk acted by going around Demma by calling in Black Box Voting to check the Diebold machines, when presumably Demma is supposed to be responsible for that (just my guess as he's the chief elections officer).

However, Demma seems more incensed at Funk because he may cost the state $40,000 for Diebold's astronomical recertification fee. He doesn't seem to be worried that people might not trust these machines. He doesn't seem to care that a state officer was worried enough to call in a non-profit third party to verify the integrity of these machines. I mean, these things could possibly affect the outcome of a vote, the foundation for a democratic republic! But instead of worrying about these machines he's clearly more upset about the $40,000 and Funk not talking to him about his concerns regarding the voting machines.

And of COURSE Diebold is going to tell you the machines are fine and fair. Sheesh, they want to make money don't they?

Isn't it great that chief elections officers have their priorities straight?

Give me a ballot sheet and a pencil any day over these closed, proprietary black box machines.

Re:Money more important than a fair vote?

[partisanX (1001690)]

Nobody in their right mind who cares about the stability of our democratic republic could condone a continuation of these scandals. If we can't trust the vote, then we can't trust anything about the government, and when enough people feel that way in a democratic republic, bad things happen.

Re:Money more important than a fair vote?

[dgatwood (11270)]

Nobody in their right mind who understands what's going on can condone the existence of closed-source software in the vote counting or vote taking process at all, whether by Diebold or otherwise.

If elections officials told the public, "We're going to count by a secret counting method and we won't tell you how we're going to count; you'll just have to trust us that we picked the right person for the job," the public would burn down city hall. Unfortunately, the public hasn't yet realized that this is exactly what is happening....

Anybody want to raise money for a front page ad in the NY Times? Maybe with a little extra money left over to donate to local fire departments? :-)

Re:Money more important than a fair vote?

[megaditto (982598)]

If elections officials told the public, "We're going to count by a secret counting method and we won't tell you how we're going to count; you'll just have to trust us that we picked the right person for the job," the public would burn down city hall.

If elections officials told the public, "To protect your Freedom we are going to count by an undisclosed counting method and we won't help terrorists by telling the evildoers how we're going to protect the public and count the votes; you'll just have to support our troops and the person we picked for the job," the public would greet you as liberators

There, corrected it for ya.

Re:Money more important than a fair vote?

[partisanX (1001690)]

Golly, do you people lack reading comprehension or just critical thinking skills?

Funny, I didn't get the feeling the poster mentioned closed source so much to advocate open source software, as to draw the clear paralell between that and a secret ballot counting method implementation. Let me re-read... Yep, he didn't mention using Open Source at all, he mentioned closed source and then followed it with the very valid, extremely painfully obvious paralell between that and a secret ballot counting procedure.

Do you see that now or is there a problem with YOUR reading comprehension or critical thinking skills?

Re:Money more important than a fair vote?

[Mikkeles (698461)]

Avi Ruben also has an interesting blog article [blogspot.com] on his experiences as a poll worker in the recent Maryland election.

Re:

[fade-in (839519)]

The other funny thing about money and Diebolds in Utah is that because they are so expensive, some precincts have fewer voting machines than ever before.
http://www.kcpw.org/article/1719/ [kcpw.org]

Re:Money more important than a fair vote?

[symbolic (11752)]

However, Demma seems more incensed at Funk because he may cost the state $40,000 for Diebold's astronomical recertification fee.

Huh? Diebold is certifying its own machines? To say that this is like the fox guarding the henhouse would be a gross oversimplification...it's more like the fox has control of a large percentage of the henhouses throughout the country, and is working diligently to ensure this does not change.

Re:

[Maxo-Texas (864189)]

I keep saying this but a lot of fools seem to think they really have a chance of changing things.

One of my votes since 1998 has mattered. ONE.

Even then, I was #31.

My district is so gerrymandered.
If I was a republican- my vote doesn't matter.
If I was a democrat- my vote doesn't matter.

And then on top of that- I only get to vote for candidates that were pre-selected for me by the party (aka corporations, lawyers, and politicians (who are beholden to the corporations) ).

Why vote when it is going to be 70/30

Re:

[XorNand (517466)]

Actually, *all* corporations pay taxes. Some may not income taxes, but they certainly pay other taxes (or their members do). In fact, corporate taxes account for around 7% of the US's GDP. While that's somewhat concerning because as late as the 1960's, corporate taxation accounted for 25% of the GPD, it certainly isn't "no taxes".

Also keep in mind that the vast majority of corporations are small businesses (can't find a citation ATM). That's important because small businesses employ 52% of the workers in t

If this can't finally nail the coffin lid shut

[fudgefactor7 (581449)]

Then I don't know what can. We need more information like this to come out because when dealing with elections, the last thing we need--but apparently the opposition wants--is for some kind of shennanigans elecing the wrong person. If electronic voting is ever to be used, it darn well should be open source, and transparent as hell...with two paper receipts (one for the voter and one for the auditors.)

Re:

[Don'tTreadOnMe (686201)]

...the last thing we need--but apparently the opposition wants...

Clarification please: Who are we? And who is the opposition

Just wondering...

Scary

[sm62704 (957197)]

In Illinois we get a paper printout that you check for accuracy and put in a ballot box; we can actually have a real recount.

That's incredibly weird, considering this IS Illinois, where they say "vote early, vote often," where dead people still have a right to vote, and the last two governors who lost elections went to prison (or will, in the case of Ryan).

Uh...

[raehl (609729)]

and the last two governors who lost elections went to prison (or will, in the case of Ryan).

Ryan didn't lose an election - he won, all the way up until he (plagued with scandal) didn't run again.

Re:Scary

[penix1 (722987)]

That's what they mean when the pundents screech "paper trail!". The "paper trail" isn't for the voter to take home but to verify before depositing it in a ballot box. The problem is the voting machines that are produced by and large don't print anything. The votes are recorded inside and transfered to a larger repository for counting. If the count is off, there is no way to recount other than the faulty data in the machine already.

When you consider the ease of simply printing a receipt like slip of paper one has to wonder why they refuse to make them all do it. There is more accountability when you go to the supermarket than when you go vote.

B.

The first person to do this is going to be stupid

[CrazyJim1 (809850)]

I bet either someone is going to have 100% votes for Fred Flintstone, or someone is going to have a 60% write in for some person. Both of which could never happen and would do nothing except expose the voting machines as tamperable. I doubt someone is going to be smart enough to make the election look close, but vote for someone on the ballot. The only way a good ol conspiracy vote could happen is if the hacker got a load of money from a candidate. Well I guess that could happen.

Re:The first person to do this is going to be stup

[Marxist Hacker 42 (638312)]

I'll get mod-bombed right back down to Good Karma for this- but I have to say that I'm not at all sure it didn't happen in Ohio and Florida in 2004. The exit poll numbers, which had previously been extremely accurate in just about every election I'd ever heard of, were way off in those two states on the Presidential race- but the numbers were close enough that everybody focused on recounts instead (where possible).

More Secure Lock

[TheFlyingGoat (161967)]

This entire thing comes down to the ability to pick a lock so someone can replace the flash card. So why not put more secure locks on the devices? The paper ballots that we all love are also stored in locking containers, and as such are subject to the same fate as the Diebold tablets.

There are certain locks that are extremely difficult to pick... that's the solution.

Now that we know it is virus-susceptable...

[Ungrounded Lightning (62228)]

This entire thing comes down to the ability to pick a lock so someone can replace the flash card.

Now that we know the machine itself is virus-susceptable, the next steps are:
  1) See if the smartcard reader code has a vulnerability. (Any bets on a buffer overflow bug?)
  2) If so, design a virus that can do the initial infection via the smartcard slot.

Succeed at 2) and you can carry a bogus smartcard in, insert it while you "vote", and infect a voting machine. Since the machines are apparently capable of passing the infection during the post-election vote collection process, you can take over the precinct (either all the remaining machines or the one doing the totals) by infecting one voting machine.

Design the virus to self-destruct after doing its dirty work and you don't even leave tracks.

Unfortunately, "so what?" may be the response

[Captain Sarcastic (109765)]

I found the FAQ interesting. I liked the way they set the tenor of the questions, and included such things as "you weren't supposed to say anything about this!" The research seems pretty clear-cut, and the precautions that the researchers took appears to have been well thought out.

I hope that I underestimate the American people on this (including me), because the next tack that will be taken by Diebold will be, "Well, who in their right mind would want to tamper with an election? Calm down, citizens, this is just scaremongering by the right/left/pedestrians..." Once this is followed up with a suggestion that such might be "fomenting a panic designed to cause a breach of the peace," vague threats of arrest for those involved, and nothing changing.

Well, if nothing else, this voter's going to try his hand at absentee balloting this time around. Just in case...

Who would want to tamper? Terrorists

[FerretFrottage (714136)]

Sure hackers would be tempted as well, but look at it from a major terrorist network perspective. If they were able to alter the election outcome and prove it (or have it proven), think about the doubt this would cast in all future elections (and possibliy cast doubt on past ones as well if the same tech was used)...and not just for Americans, but world wide. "One man, one vote"....I could see the terrorists laughing as they played video of them voting of a candidate 1 million times or taking down the voting "network" entirely. They wouldn't even need to injure/kill anybody in the process and they would be able to make a major statement.

Re:Who would want to tamper? Terrorists

[Chris Burke (6130)]

The Possible Future, Nov 4th, 2008
"While exit polls conducted by our station and others showed Sen. Hillary Clinton and Sen. John McCain neck-in-neck at nearly 50% in this highly contested state of Ohio, initial results from available precincts shows the winner of the state, and thus the country, as Osama bin Laden, with 107% of the vote. A tape allegedly featuring Mr. bin Laden was broadcast by the al Jazeera network just minutes ago, in which the terrorist mastermind said he was pleased by the clear mandate the capitalist pig masses had given him, and that he hoped his transition from a cave somewhere in Pakistan to the Oval Office would go smoothly. Back to you, Tom."

I don't know, think that would wake people up?

as we all know

[User 956 (568564)]

The paper details a simple method whereby the Princeton team was able to compromise the physical security of a Diebold voting machine, infecting it with a virus that could change voting results and spread by memory-card to other machines of the same type.

It's not who votes that counts, it's who counts the votes.

We've heard it before but...

[Sgt_Jake (659140)]

How come no one seems to be asking the slot machine manufacturers to make voting machines? They deal with millions - or billions - of dollars a day and seem to be able to account for every single penny accurately. As an added bonus, all they'd really have to do is change the 7's to donkeys and jackpots to republicans... Pull the lever for your new rep! Seriously though - they're the people who should be making the machines...

Re:

[3waygeek (58990)]

Diebold is well known for banking systems, including ATMs, so they know a thing or two about accountability. For some reason, these lessons haven't been transferred to their elections division.

They have had their problems with ATMs too

[Beryllium Sphere(tm) (193358)]

>Diebold is well known for banking systems, including ATMs

Diebold ATM turned into jukebox [thetartan.org]

Diebold ATM infected with Welchia [windowsfordevices.com]

Re:We've heard it before but...

[Kesch (943326)]

Hmm... I seem to have voted for Cherry, Cherry, Lemon

Re:We've heard it before but...

[hmccabe (465882)]

A vote for Cherry is a vote for Plum. Thanks for throwing away your vote, asshole.

The video is excellent

[bsandersen (835481)]

I have just finished watching the video on the Princeton site and I must say it is very well done. Any reasonably motivated alert person who watches this video will see the problem we're trying to highlight.

It isn't enough for computer software professionals to discover problems like this; we need to be able to communicate our results effectively to the non-technical public. Too often we find something disturbing and decend into technical jargon and lose our audience. The Princeton team has done an excellent job avoiding that pitfall and communicating this threat.

Now, if only we could find a reasonably motivated and alert politician to actually act on this.

FINALLY!

[susano_otter (123650)]

Finally, a Conspiracy Theory that is actually possible, from a technological standpoint.

Now all we have to do is prove that it actually happened.

My experience with Diebold

[by Anonymous Coward]

Welcome to democratic government, brought to you by Diebold(R)!

Please choose a candidate:
(1) The incumbent guy who's against the terrorists.
(2) The weasly other guy who likes terrorists and wants your child to
        be gay.

[press 2]

You have chosen option (2), for gay marriage. Are you sure?

[press no]

Please choose a candidate.

[press 2]

Let's not be too hasty. We don't want the terrorists to feel good.
Do you want the terrorists to feel good?

[press no]

You have chosen option (1), for the incumbent. Are you sure?

[press cancel]

This may forfeit your vote! Are you sure you wish to cancel not
voting for option (1)?

[press yes]

Thank you for your participation in the democratic process! Printing
receipt ...

Sorry! Out of paper.

Army of One

[Doc Ruby (173196)]

Ed Felten is also the guy who hacked the MS DLL that "integrated" IE into Windows to remove IE without destroying the OS, proving in court that Microsoft's defense of their illegal bundling, "it was technologically necessary", was a lie. Though Felten was not even a Windows specialist, and certainly didn't have the source code to delete IE cleanly, he was the the key to the court finding that MS had violated their antibundling consent agreement, the key to finding they'd violated their monopoly status.

Now he's the guy proving Diebold voting systems are insecure.

Isn't anyone else in our giant, brilliant "computer science" industry doing anything? Or are they all working for the bad guys?

Diebold just needs an incentive ....

[RallyDriver (49641)]

Compromising Diebold machines seems to be a regular method of swinging elections in Florida ( UC Berkeley [berkeley.edu] )

The white hat community needs to start undermining vulnerable e-voting technologies whenever and wherever possible. Just put a few Democrats into office in the bible belt.

The CEO of Diebold is on record as a dyed in the wool Republican: "Our job is to deliver the election to George W Bush". Problematic for a vendor with so much trust. But once their machines start swinging votes for the other side, they'll soon start adding security.

hack?

[sckeener (137243)]

How can one hack a diebold voting machine when they are open?

Shouldn't these just be considered mods?

Re:The box was not production hardware...

[ronkronk (992828)]

I've seen plenty of pro-Microsoft and pro-Diebold posts get modded up. All you have to do is have a clear point, and show it. You didn't manage that. You said the fraud happens, and it doesn't make a difference if we can trace it or not.

It does make a difference. With a punch card, or a paper ballot, or even a mechanical voting both anyone can trace when fraud has occured. And in those cases we implement some security, track where the fraud came from (if we can) and redo the election.

With the current generation of electronic voting machines, we can't do that. I don't care who makes a good machine, but Diebold hasn't made one. And they've defended that design as if they think it is a good machine. Geeks don't like people who pretend a bad design is a good design. We'll tear into them. If they routinely defend bad design by saying it is good design and overlooking what we think are obvious flaws we'll notice, and start to expect that. Until they change, a group that decides who they like on the technical ability of a company won't like them. They are lying about their technical quality; at least in our eyes.

Re:The box was not production hardware...

[Frymaster (171343)]

Geeks don't like people who pretend a bad design is a good design. We'll tear into them

it's called 'peer review' and in the science world it's not only expected but mandatory.

my question is this: has diebold's product undergone any sort of peer review? if it's important enough for someone studying the genetic inheretance of grey hair, it's important enough for someone entrusted with running an election for the most powerful person in the world, dontcha think?

Re:

[Phillup (317168)]

my question is this: has diebold's product undergone any sort of peer review?

Unfortunately, yes. Many crooks and liars have deemed the system to be "just fine".

Re:

[Marxist Hacker 42 (638312)]

It seems to me that write once media could be a partial solution here- a multisession CDR running packet write software, can be analyzed just like paper- but compresses the information.

Re:The box was not production hardware...

[dgatwood (11270)]

It does make a difference. With a punch card, or a paper ballot, or even a mechanical voting both anyone can trace when fraud has occured. And in those cases we implement some security, track where the fraud came from (if we can) and redo the election.

Except that they won't. There have been numerous cases recently in which problems were confirmed beyond any doubt. In every case, even when the number of dubious votes would have been enough to potentially change the results of the election, the courts let the election results stand, and no reelections were called.

We don't need to be able to prove that fraud occurred. We need to be able to eradicate it. The only way that is even remotely possible is if the voting process is transparent. This means:

• Every piece of software installed on the voting machines from the driver layer all the way up to the GUI must be open source and subject to public inspection.
• Any changes to the code must be subjected to a thorough audit before they can be deployed.
• Every single security bug reported that can be reproduced MUST be fixed prior to the date of deployment.
• Every single security bug must be public knowledge.
• The hardware must be commodity hardware underneath so that average citizens can test the software on their own systems.
• The hardware must have additional physical security measures built into the case design.
• The hardware must be under lock and key in a secure storage container from the moment that it has been certified up until the day of the election.
• The usual security measures from there forward should probably be sufficient.

Re:With all due respect...

[Dr_Barnowl (709838)]

Absolutely.

What is the obsession with machine voting anyway? The only advantage seems to be counting speed. Since by the time all the ballots are in, counting speed makes ZERO difference to the outcome of a fair election, it's an irrelevancy - what's a few more hours against an elected term that will go on for years?

The absolute requirement for me is that your voting system be comprehensible and auditable by the common man. Because it concerns us all. The system with the widest comprehensibility is pencil and paper.

While pencil and paper isn't flawless, the key difference is that it's a system that a lot of people understand. Irregularities are far easier to recognise by the common man. With a machine system, only someone who understands the machine can spot the system being subverted.

Print ballots. With boxes on. You make a mark in the box, you voted for that person. No chads, no hanging. And anyone who can count can see that the right thing is done.

Sure, introduce machine systems to help make it harder to subvert the voter system. But the basic counting mechanism should be a wet thumb and a box of rubber bands.

Re:

[MightyYar (622222)]

But paper systems do have problems. Things like smudges, stray marks, poorly marked ballots, lost ballots, etc. Plus, many hands on the ballots for all of these recounts doesn't help at all as far as adding smudges, introducing fraud, etc. Machines can increase the accuracy of the count, reducing the margin of error. Typically this doesn't really matter much, but every once in a while you have a national election decided by a couple hundred votes somewhere :) I think a nice compromise is a computer print-ou

Re:The box was not production hardware...

[rodgster (671476)]

Maybe this is an example of free market forces at work.

One customer wants a secure, hardened, auditable, time proven machine with a user verifiable paper trail.

The other doesn't need any of those features.

Therefore two entirely disparate product lines.

One is designed to protect $.

The other is designed to protect democracy.

Re:Could be modded as flamebait...

[nezroy (84641)]

http://www.openvotingconsortium.org/ [openvotingconsortium.org]

Re:

[fishbowl (7759)]

You are assuming that the person in charge of contracting Diebold for voting machines actually *wants* tamperproof, accountable systems.

Re:Soo..

[OWJones (11633)]

Thank you for stealing an earlier post of mine [slashdot.org] absolutely verbatim.

-the real jdm