Forgot your password?
typodupeerror
Politics Government Your Rights Online Technology

Election Officials And Crackers Challenge Diebold 219

Posted by ScuttleMonkey
from the give-it-the-harri-hursty-test dept.
Rick Zeman writes "The Washington Post is reporting that election officials in Florida have manipulated election results in controlled tests. From the article: 'Four times over the past year Sancho told computer specialists to break in to his voting system. And on all four occasions they did, changing results with what the specialists described as relatively unsophisticated hacking techniques. To Sancho, the results showed the vulnerability of voting equipment manufactured by Ohio-based Diebold Election Systems, which is used by Leon County and many other jurisdictions around the country.'"
This discussion has been archived. No new comments can be posted.

Election Officials And Crackers Challenge Diebold

Comments Filter:
  • by rts008 (812749) on Sunday January 22, 2006 @06:22AM (#14531692) Journal
    "Pay no attention to that man behind the curtain." (http://www.imdb.com/title/tt0032138/quotes [imdb.com])

    North Carolina had the same problem with their voting machines (http://www.techdirt.com/articles/20051130/1121207 _F.shtml [techdirt.com]).

    The only new thing here is the current state finding Diebold non-compliant.
  • by James_Duncan8181 (588316) on Sunday January 22, 2006 @06:27AM (#14531706) Homepage
    Windows XP + network connection + data held in an *Access DB* and then transferred by memory card with no crypographic checksum.

    If I prepared work like that for a client, I'd expect to get chucked out by security.

    I'll also note the following:
            a) Diabold say that a paper trail is not needed for security, but provide one on their own ATMs. Apparently independent verification of election results is less important then $$$ transactions.
            b) Both local and remote vulns have been demonstrated on their voting machines, but the ATMs have not been pwned.
            c) Diabold refuses to let the source code be reviewed, and chose to run on Windows XP so neither the program or the OS of the box can be verified safe.
            d) Diabold machines can have the vote totals rewritten on their memory sticks as they do not cryptographically sign or encrypt the totals. That's plain text on a card that can be removed from the machine and has a standard file format.
            e) Diabold security is fucked whether or not they put the same code they have tested on the box. With tested, verfied boxes they cannot add XP security patches for known flaws after te verification date (and if there is one thing worth keeping an 0-day for...). If they do add security patches etc then we are trusting closed source biaries to be added to election counting machines without the possibility of review. One bad actor and the elecetion is up for grabs.

    No thanks. I'm not usually a conspiracy theorist but is is as if they were designed to be broken into.

    Would a BSD box with one simple program, output to the framebuffer, a results paper trail and a constant SSH tunnel to the FEC be that hard? *sighs*

    Fuck Diabold.
  • by Anonymous Coward on Sunday January 22, 2006 @06:45AM (#14531758)
    If they did we'd have this problem fixed by now. We've know they were insecure for years now; ever since the accidental release of diebolds e-mails detailing backdoors and holes that were not patched. Who remembers that security researcher who went before congress and said specifically that his code, which was to illustrate a backdoor into the machines, was used to hack the elections in ohio? I forget his name.

    Fact is, CEO's and friends of voting machine companies get into power. Why? Guess. It isn't the 20% of the vote they need to swing; it's the 6% after they've divided everyone on the issues. Voting laws and policys are consistantly broken, and is anything done about it? The answer lies in the question; Has anyone been taken out of power yet? Dictatorship only works if people are divided; if they stand for something and stand by it for hell or high water.

    And I might, just might give credit to the guys who said "well, it's stil the will of the people" if it weren't for that they can't prove their position since there's nothing for them to count. The election board can't even tell them who voted for who so they can go around asking people.

    Of course, the best way you can tell the government you don't like what you're doing is to decide you stand for something and stand for it tall. I personally chose the constitution; it ain't perfect, but it's something everyone can agree on. Of course, ever since the civil war and reconstruction the constitution's layed dormant. To make a long story short, if you want to get rid of the current government, the best way is to simply stop working for them; stop giving them your money. How do you do that? Well, basically the 14th amendment set you up to be a federal citizen by the name of a "U.S. citizen" and social security turned you into a corporate legal fiction so that income tax, which worked only on corporations, now works on you. How do you get out? You rescind your federal citizenship, declare your citizenship of your state as it was before reconstruction, rescind your birth certificate (to remove proof of being under the 14th), rescind your social security (to correct your status as a soverign instead of a corporation), then begin rescinding everything else; drivers lisence, fishing lisences, gun lisence, any contract with the federal government and it's munincipal corporations (read; the states are corporations). You can get a non-binding play-ID from the SS office if you want to get a bank account, for example. Then you simply stop paying income and social security taxes, atwhich point you stop giving the government 30% of your income and begin working to reinstate lawful government in your state via holding elections and office and organizing locally. More to the point, if enough people do it quickly enough, the federal government will have about 10 trillion in debt to pay off, and no way repay it back which means a massive collapse. :X...

    The price? Reading a few books; learning how history, governments, and legal documents work. Mabye $500 in books total. A good place to start is here:

    http://www.usa-the-republic.com/revenue/true_histo ry/Contents.html [usa-the-republic.com]

    Do a find for john ainsworth and ed wahler on this page

    http://mp3.rbnlive.com/Stadt06.html [rbnlive.com]

    They've been preparing a book and an organization to do this on a massive scale. The book comes out in march-ish along with the publicisation of the startup and they hope to do it state-by-state.

  • by Anonymous Coward on Sunday January 22, 2006 @06:58AM (#14531800)
    The price? Prison sentence; learning how the courts work. Mabye $500,000 in fines total. A good place to start is here:

    http://yro.slashdot.org/comments.pl?sid=174700&cid =14531758 [slashdot.org]
  • Re:Umm (Score:3, Informative)

    by mabinogi (74033) on Sunday January 22, 2006 @07:23AM (#14531863) Homepage
    It looks like a new viewing option.
    I'm not sure what the grey ones are - possibly articles in other sections that wouldn't otherwise make the front page (as someone else suggested).

    Have a look at your preferences - there's a new part in the front page section that lets you choose whether or not to display the grey bars, or whether to show the full stories for all, grey bars for all, etc.
  • by gaijin99 (143693) on Sunday January 22, 2006 @07:45AM (#14531913) Journal
    The voter doesn't take the paper with him, as you say that would ruin the whole anonymous ballot thing. The voter gets the paper, looks at the human readable output to verify that his vote was correctly recorded, and drops the paper into a ballot box on his way out. If the paper shows that his vote was incorrectly recorded, he can ask an election official to remove his vote from the machine, destroy that paper ballot, and try again.

    The election officials keep the paper ballots, machine printed recepts that is, so that in the event of a dispute they can be hand counted. Since, theoretically, every voter looked at their recept and verified that it recorded what they truly intended to vote for, if someone hacks the machines and falsifies the votes recorded there, the paper ballots get the final say in the event of a dispute.

    It also gives you a good indication of where the falsification of the electronic votes got started since you can say: hmmm, district 123 shows 4000 votes for candidate X on the computer, but the paper ballots only show 1000 votes for candidate X, who messed with the machines in district 123?

    Essentially we're keeping the old paper method of vote recording as a backup in the event that its suspected that someone hacks the machines.
  • by Grumpy Troll (790026) on Sunday January 22, 2006 @08:28AM (#14532017)
    The president of Diebold said he would deliver the votes to Bush [commondreams.org]. And he did [whatreallyhappened.com].
    Via USS Neverdock [blogspot.com], America - Vote Fraud in Ohio - By Democrats! [blogspot.com]:

    Fortunately, today comes more bad news for the Democrats. Their long awaited investigation into voter fraud found no evidence of voter fraud by the GOP [captainsquartersblog.com] and their deranged poster boy, Dean was forced into a humilating admission.

    A five-month study for the Democratic National Committee found that more than one in four Ohio voters experienced problems at the polls last fall, but the study did not find evidence of widespread election fraud that might have contributed to President Bush's narrow victory there.
    In a stinging reply to the report, Mr. Mehlman agreed that there were numerous election abuses that took place in Ohio last year, but said they were perpetrated by Democrats or their political allies. In one instance, he said, "Democrat allies attempted to disenfranchise Ohio voters by submitting registration cards for Mary Poppins, Dick Tracy and Michael Jordan."

    ...

    "Overwhelmingly," this report said, "these problems were reportedly traced primarily" to four Democratic political allies who supported Mr. Kerry: ACORN, America Coming Together, the AFL-CIO and the NAACP National Voter Fund.
  • Weak. (Score:2, Informative)

    by lheal (86013) <lheal1999 AT yahoo DOT com> on Sunday January 22, 2006 @09:56AM (#14532247) Journal
    You believe Moore's lies and distortions because you want them to be true.

    Diebold is a fine example of how the small-mindedness of some people manifests itself. Particularly, it shows that proprietary softare and oafish business practices are next of kin.

    But it has nothing to do with President Bush.

    You defend Moore's dishonesty, but tout Diebold's ineptitude as evidence of President Bush's alleged corruption because his brother is governor of Florida?

    That's some strained reasoning.
  • by Qzukk (229616) on Sunday January 22, 2006 @10:11AM (#14532296) Journal
    This was one of Michael Moore's weakest points.

    That's funny, it was strong enough of a point for the Bush administration, they had a citizen of Canada "renditioned" to Syria for more than a year [www.cbc.ca] for working with the brother of a known terrorist.
  • Someone already is. (Score:5, Informative)

    by KingSkippus (799657) * on Sunday January 22, 2006 @10:40AM (#14532413) Homepage Journal

    There's an organization called the Open Voting Consortium [openvotingconsortium.org] whose mission is "the development, maintenance, and delivery of open voting systems for use in public elections." They are directly opposed to the shenanigans that Diebold has engaged in.

    Problem is, they spend their donations on actually developing the system, not in paying off Congressmen to give them lucrative exclusive contracts. Still, one can hope that it changes someday. (And donate to support the effort...)

  • by Qzukk (229616) on Sunday January 22, 2006 @11:18AM (#14532568) Journal
    In the end, there are better ways from the standpoint of guaranteeing a secure election than demanding or not demanding a single hardware vendor to do this or that.

    A standard should be set for the ballot and the voting software's capabilities, and then several companies' equipment set up at every station. In fact, if these all generate a standardized paper ballot, then the counting process could (and should) be completely divorced from the voting process, perhaps even an additional vendor could deal with this task. Increasing the number of vendors perhaps increases the risk that one will act in bad faith, but decreases the damage one such vendor could do. I mentioned in a post in an article some time ago how this kind of setup could help guarantee correct results without devolving to random manual recounts, by simply requiring all machines to produce a machine-and-human readable ballot, with these ballots machine sorted and counted. Should there be any question of whether the sorting machine is correct, one must only flip the ballots like a flipbook and watch the line in question, any improperly sorted ballot will be easily caught. Should there be a question of the counting machine's integrity (this would be hard to do, since a stand alone counting machine should be unable to know what is being counted at any time) then a different counting machine could be substituted. This leaves incompetence and malice in the human component, and with oversight from independent election observers, the risk of the latter can be reduced. Counting ballots before sorting and comparing the total to the grand total of sorted votes will cut down on chances of the former causing someone's stack of votes to be accidentally lost.
  • Old news (Score:3, Informative)

    by plsuh (129598) <plsuh AT goodeast DOT com> on Sunday January 22, 2006 @01:52PM (#14533397) Homepage
    What's really amazing/frightening to me is how long it has taken for the mainstream media to pick this up. The tests done by Harri Hursti for Leon County were conducted and reported back on December 13th, 2005! The Post waited until a slow news day over a month later to report on it. Since then, there's been a whole slew of additional activity on the voting machines front. For more details, see the original blackboxvoting.org article [bbvforums.org].

    --Paul

    Disclaimers: I have been working with the good folks at TrueVoteMD.org [truevotemd.org] to get the d*mned things banned in Maryland, my home state; I'm also a plaintiff in a lawsuit in Maryland that seeks to force the Maryland State Board of Elections to follow exsting state law and get rid of them.
  • Re:Weak. (Score:1, Informative)

    by Anonymous Coward on Sunday January 22, 2006 @02:48PM (#14533700)
    I won't get into the political side of this thread, but I will say this. You views of Diebold are incorrect. Do I believe they have sloppy security and don't care to fix it? Absolutely. Do I believe they chose Windows XP and are using it as a flimsy excuse to not provide the source code of their machines to the state of North Carolina? You bet. But don't for a minute think that Diebold knows anything about security.

    You say that Diebold's ATM machines haven't been broken, and not for lack of being a juicy target. You're right, an ATM machine might be a juicy target. But you would have to know way more than the workings of Windows XP in order to extract cash from them. But the main reason you haven't seen them broken into? Because they're not on the Internet. The banking ATM network is a completely separate network, or so I have been told by a friend who is the IT manager at a local bank. There's the Internet, there's the bank's internal network, and then there's the ATM network (not to be confused with the ATM protocol).

    But just to show how secure Diebold's ATM machines are, take a look at this article: Nachi worm infected Diebold ATMs [securityfocus.com]. These guys *ARE* a bunch if inept oafs who have no businesses in the banking or voting industries.
  • by JimBobJoe (2758) <swiftheart@gmail . c om> on Sunday January 22, 2006 @07:58PM (#14535137)
    In all fairness, you could use paper ballots in the New England states, which don't vote for all that much. You might only vote for 5 offices in any given year.

    In 2004, here in Columbus (Franklin County, Ohio) we voted for 57 different offices, judgeships, city/county/state initiatives and referenda. If you multiply that out by the 590,000 votes cast, then you see why electronic balloting is a necessity.

Nature, to be commanded, must be obeyed. -- Francis Bacon

Working...