The Diebold Voting-Machine Hack

Warm John writes to mention a short article on Doctor Dobbs Journal about the Hack that couldn't be done. "Hacking a Diebold voting machine was the focus of Cigital's Gary McGraw's keynote at SD Best Practices. He discussed 'Security Analysis of the Diebold AccuVote-TS Voting Machine,' a paper released by Edward Felten, Ari Feldman, and Alex Halderman of the Princeton Center for Information Technology Policy. 'The paper details a simple method whereby the Princeton team was able to compromise the physical security of a Diebold voting machine, infecting it with a virus that could change voting results and spread by memory-card to other machines of the same type.'"

firmware flash

[thedrunkensailor]

if i flash it can i use it as a calculator too?

Re:firmware flash

[__aaclcg7560]

You don't want to do any flashing around these machines. The little old ladies behind the voting table will be watching you like a hawk and they're swoop down on you so fast with their canes before you could even think about flashing anyone. If you want a safe voting experience, you must see no evil, hear no evil or speak no evil when the voting machine flashes you!

Re:

[An Onerous Coward]

I wouldn't suggest it. With a Diebold calculator, you give it the problem, and also the solution you want it to give you when it's done calculating.

meme seems appropriate

[xanie]

I'm in your voting machine stealing your election.

America Has A Rootkit

[Jeremiah Cornelius]

And no, SpybotSD can't help you.

Re:

[sd_diamond]

Would suggesting a re-format put me on an FBI watch-list?

Money more important than a fair vote?

[ronkronk]

Man Diebold looks slimier and slimier every passing week, but I'm more disturbed by Joe Demma's, Salt Lake's chief elections officer, response to Bruce Funk's actions. Granted, Funk acted by going around Demma by calling in Black Box Voting to check the Diebold machines, when presumably Demma is supposed to be responsible for that (just my guess as he's the chief elections officer).

However, Demma seems more incensed at Funk because he may cost the state $40,000 for Diebold's astronomical recertification fee. He doesn't seem to be worried that people might not trust these machines. He doesn't seem to care that a state officer was worried enough to call in a non-profit third party to verify the integrity of these machines. I mean, these things could possibly affect the outcome of a vote, the foundation for a democratic republic! But instead of worrying about these machines he's clearly more upset about the $40,000 and Funk not talking to him about his concerns regarding the voting machines.

And of COURSE Diebold is going to tell you the machines are fine and fair. Sheesh, they want to make money don't they?

Isn't it great that chief elections officers have their priorities straight?

Give me a ballot sheet and a pencil any day over these closed, proprietary black box machines.

Re:Money more important than a fair vote?

[partisanX]

Nobody in their right mind who cares about the stability of our democratic republic could condone a continuation of these scandals. If we can't trust the vote, then we can't trust anything about the government, and when enough people feel that way in a democratic republic, bad things happen.

Re:Money more important than a fair vote?

[dgatwood]

Nobody in their right mind who understands what's going on can condone the existence of closed-source software in the vote counting or vote taking process at all, whether by Diebold or otherwise.

If elections officials told the public, "We're going to count by a secret counting method and we won't tell you how we're going to count; you'll just have to trust us that we picked the right person for the job," the public would burn down city hall. Unfortunately, the public hasn't yet realized that this is exactly what is happening....

Anybody want to raise money for a front page ad in the NY Times? Maybe with a little extra money left over to donate to local fire departments? :-)

Re:

[nexarias]

If elections officials told the public, "We're going to count by a secret counting method and we won't tell you how we're going to count; you'll just have to trust us that we picked the right person for the job," the public would burn down city hall. Unfortunately, the public hasn't yet realized that this is exactly what is happening....

Nothing suggests to me that the American public are that concerned to do anything. It barely flinched with the NASA wiretapping incident, and more recently the passing of

Re:Money more important than a fair vote?

[megaditto]

If elections officials told the public, "We're going to count by a secret counting method and we won't tell you how we're going to count; you'll just have to trust us that we picked the right person for the job," the public would burn down city hall.

If elections officials told the public, "To protect your Freedom we are going to count by an undisclosed counting method and we won't help terrorists by telling the evildoers how we're going to protect the public and count the votes; you'll just have to support our troops and the person we picked for the job," the public would greet you as liberators

There, corrected it for ya.

Re:

[necro81]

Anybody want to raise money for a front page ad in the NY Times? Maybe with a little extra money left over to donate to local fire departments? :-) Alas, the NYT doesn't place advertisements on its front page. I'd back it, though.

Actually, open source doesn't matter here

[arete]

I'm an OSS fan, but "voter verified" recountability matters, OSS does not.

There is no way for you to independently verify that the VERSION of the OSS software on a machine is actually what you think it is.

You MUST have a system where the voter can verify what their machine thinks their vote is (eg a slip of paper) in such a way that you can reliably recount it by hand (and by multiple people, of course) However, once you HAVE a recountable system suddenly it doesn't really matter how trustworthy the machin

Re:Money more important than a fair vote?

[partisanX]

Golly, do you people lack reading comprehension or just critical thinking skills?

Funny, I didn't get the feeling the poster mentioned closed source so much to advocate open source software, as to draw the clear paralell between that and a secret ballot counting method implementation. Let me re-read... Yep, he didn't mention using Open Source at all, he mentioned closed source and then followed it with the very valid, extremely painfully obvious paralell between that and a secret ballot counting procedure.

Do you see that now or is there a problem with YOUR reading comprehension or critical thinking skills?

Re:

[daspriest]

Hardened boxes, tamper proof without proper tools and procedures, along with 2 person integrity with the machines from vault(with two person integrity locks), to polling place(with machine integrity testing occuring on each machine by a not for profir third party), to counting facility, back to the vault with signature transfers all the way from start to finish. Seems like it would be worth the trouble to ensure that the voting results are properly recorded and reported.

I think it sad and scary that the re

Re:

[LordLucless]

The sort of system that most people here promote is source-philosophy agnostic. A voting machine that generates a slip that is both human-readable, and compuer-readable is the obvious solution. Even if someone hacks the software, anyone glancing at the slip can tell that the computer has marked the wrong square - open or closed source, bugs and exploits would be easy to detect in that system. Running a computer re-count would be easy. Running a human re-count would be easy. There is total transparency thro

Re:

[LordLucless]

I'm from Australia; we do. In fact, I'm one of the polling officials who does the counting. However, with our recent elections, there have been heaps of candidates and the ballot papers have been huge (like say 2xA3 sheets joined together). There are also a tonne of informal ballots, both deliberate ones, and ones where people just haven't understood the voting procedure, and have failed to make their preference clear. Computer voting could reduce this. Because the generated ticket wouldn't have to have all

Re:

[complete loony]

Just a little more perspective on the Australian system.

We vote for the lower house and the PM by voting for one person (with a preference based system, where you number each box 1 - n) in fairly small districts. As with the US this devolves into a 2 party system, though some independant candidates are elected from time to time, and can sometimes hold the balance of power.

The upper house is voted at the state level, again by a preference system. And while this is dominated by the 2 main parties, it oper

Re:Money more important than a fair vote?

[Mikkeles]

Avi Ruben also has an interesting blog article [blogspot.com] on his experiences as a poll worker in the recent Maryland election.

Re:

[fade-in]

The other funny thing about money and Diebolds in Utah is that because they are so expensive, some precincts have fewer voting machines than ever before.
http://www.kcpw.org/article/1719/ [kcpw.org]

Re:

[jafac]

I don't see why the government doesn't just hand this whole Diebold fiasco off to Mitre.org or something like that. They'll turn out that little diebold whore.

Re:Money more important than a fair vote?

[symbolic]

However, Demma seems more incensed at Funk because he may cost the state $40,000 for Diebold's astronomical recertification fee.

Huh? Diebold is certifying its own machines? To say that this is like the fox guarding the henhouse would be a gross oversimplification...it's more like the fox has control of a large percentage of the henhouses throughout the country, and is working diligently to ensure this does not change.

Re:

[Maxo-Texas]

I keep saying this but a lot of fools seem to think they really have a chance of changing things.

One of my votes since 1998 has mattered. ONE.

Even then, I was #31.

My district is so gerrymandered.
If I was a republican- my vote doesn't matter.
If I was a democrat- my vote doesn't matter.

And then on top of that- I only get to vote for candidates that were pre-selected for me by the party (aka corporations, lawyers, and politicians (who are beholden to the corporations) ).

Why vote when it is going to be 70/30

Re:

[XorNand]

Actually, *all* corporations pay taxes. Some may not income taxes, but they certainly pay other taxes (or their members do). In fact, corporate taxes account for around 7% of the US's GDP. While that's somewhat concerning because as late as the 1960's, corporate taxation accounted for 25% of the GPD, it certainly isn't "no taxes".

Also keep in mind that the vast majority of corporations are small businesses (can't find a citation ATM). That's important because small businesses employ 52% of the workers in t

Re:

[TubeSteak]

Also keep in mind that the vast majority of corporations are small businesses (can't find a citation ATM). That's important because small businesses employ 52% of the workers in the US and create 65% of the net new jobs.

I did a bunch of research about small businesses a while back.

The failure* rates (less than 500 employees) look something like this:
One Year - 20%~30%
4~5 Years - ~60%
Six Years - ~80%

Those statistics vary depending on age, education level, business experience, startup money, gender, race, acc

The box was not production hardware...

[martinbogo]

The Diebold machine used for this article came via private hands. There is no independent verification that the software contained in it is the same as the production Diebold machines used in the vote tallies.

On the other hand, the fact that the memory card is contained behind a door which can be easily picked, or completely subverted by removing screws, is practically criminal negligence on the part of Diebold. Frankly, I'm surprised these things aren't as security-hardened as the ATM's that Diebold mak

Re:The box was not production hardware...

[ronkronk]

I've seen plenty of pro-Microsoft and pro-Diebold posts get modded up. All you have to do is have a clear point, and show it. You didn't manage that. You said the fraud happens, and it doesn't make a difference if we can trace it or not.

It does make a difference. With a punch card, or a paper ballot, or even a mechanical voting both anyone can trace when fraud has occured. And in those cases we implement some security, track where the fraud came from (if we can) and redo the election.

With the current generation of electronic voting machines, we can't do that. I don't care who makes a good machine, but Diebold hasn't made one. And they've defended that design as if they think it is a good machine. Geeks don't like people who pretend a bad design is a good design. We'll tear into them. If they routinely defend bad design by saying it is good design and overlooking what we think are obvious flaws we'll notice, and start to expect that. Until they change, a group that decides who they like on the technical ability of a company won't like them. They are lying about their technical quality; at least in our eyes.

Re:The box was not production hardware...

[Frymaster]

Geeks don't like people who pretend a bad design is a good design. We'll tear into them

it's called 'peer review' and in the science world it's not only expected but mandatory.

my question is this: has diebold's product undergone any sort of peer review? if it's important enough for someone studying the genetic inheretance of grey hair, it's important enough for someone entrusted with running an election for the most powerful person in the world, dontcha think?

Re:

[Phillup]

my question is this: has diebold's product undergone any sort of peer review?

Unfortunately, yes. Many crooks and liars have deemed the system to be "just fine".

Re:

[Marxist Hacker 42]

It seems to me that write once media could be a partial solution here- a multisession CDR running packet write software, can be analyzed just like paper- but compresses the information.

Re:The box was not production hardware...

[dgatwood]

It does make a difference. With a punch card, or a paper ballot, or even a mechanical voting both anyone can trace when fraud has occured. And in those cases we implement some security, track where the fraud came from (if we can) and redo the election.

Except that they won't. There have been numerous cases recently in which problems were confirmed beyond any doubt. In every case, even when the number of dubious votes would have been enough to potentially change the results of the election, the courts let the election results stand, and no reelections were called.

We don't need to be able to prove that fraud occurred. We need to be able to eradicate it. The only way that is even remotely possible is if the voting process is transparent. This means:

• Every piece of software installed on the voting machines from the driver layer all the way up to the GUI must be open source and subject to public inspection.
• Any changes to the code must be subjected to a thorough audit before they can be deployed.
• Every single security bug reported that can be reproduced MUST be fixed prior to the date of deployment.
• Every single security bug must be public knowledge.
• The hardware must be commodity hardware underneath so that average citizens can test the software on their own systems.
• The hardware must have additional physical security measures built into the case design.
• The hardware must be under lock and key in a secure storage container from the moment that it has been certified up until the day of the election.
• The usual security measures from there forward should probably be sufficient.

With all due respect...

[partisanX]

... paper and pen are cheaper, simpler, and time tested and proven. Plus, a substantial segment of our society still views computer systems with distrust. The goal should be that NO Americans feel there is something shady in the voting process, not just those who are tech savvy enough to understand the issues.

I say this realizing that there will always be people with suspicions, so we have to aim to make that the lowest number possible, which IMO, rules out computerized voting at this time.

Re:With all due respect...

[Dr_Barnowl]

Absolutely.

What is the obsession with machine voting anyway? The only advantage seems to be counting speed. Since by the time all the ballots are in, counting speed makes ZERO difference to the outcome of a fair election, it's an irrelevancy - what's a few more hours against an elected term that will go on for years?

The absolute requirement for me is that your voting system be comprehensible and auditable by the common man. Because it concerns us all. The system with the widest comprehensibility is pencil and paper.

While pencil and paper isn't flawless, the key difference is that it's a system that a lot of people understand. Irregularities are far easier to recognise by the common man. With a machine system, only someone who understands the machine can spot the system being subverted.

Print ballots. With boxes on. You make a mark in the box, you voted for that person. No chads, no hanging. And anyone who can count can see that the right thing is done.

Sure, introduce machine systems to help make it harder to subvert the voter system. But the basic counting mechanism should be a wet thumb and a box of rubber bands.

Re:

[MightyYar]

But paper systems do have problems. Things like smudges, stray marks, poorly marked ballots, lost ballots, etc. Plus, many hands on the ballots for all of these recounts doesn't help at all as far as adding smudges, introducing fraud, etc. Machines can increase the accuracy of the count, reducing the margin of error. Typically this doesn't really matter much, but every once in a while you have a national election decided by a couple hundred votes somewhere :) I think a nice compromise is a computer print-ou

Re:

[AK Marc]

... paper and pen are cheaper, simpler, and time tested and proven.

And fraud regularly happens with pen and paper. The only solution I can think of is verified voting. The person must be able to go back after the vote and check how they voted. The votes must match the number of people that voted. I've never seen anyone propose any type of anonymous system that was tamper proof. If votes were tied to the people casting them, then fraud would be eliminated. Oh, and you can have a non-anonymous system

Re:

[AK Marc]

You can verify that the number of votes matches the number of people who voted in several different ways without taking away anonymity.

But that doesn't prevent fraud. All anyone has to do is replace the same number of votes with the fraudulent ones. The only real verification is if the voter can see how his vote was actually counted. Telling the waiter what you want for dinner doesn't mean that's what you get. It's a request. The waiter writes it down, passes it to someone else that intreprets it, a

Re:The box was not production hardware...

[rodgster]

Maybe this is an example of free market forces at work.

One customer wants a secure, hardened, auditable, time proven machine with a user verifiable paper trail.

The other doesn't need any of those features.

Therefore two entirely disparate product lines.

One is designed to protect $.

The other is designed to protect democracy.

Re:

[Em Adespoton]

I disagree. They're both designed to protect $. You just have to work out whose money is being protected.

Re:

[Mikkeles]

'There is no independent verification that the software contained in it is the same as the production Diebold machines used in the vote tallies.

From the referenced paper:

The machine we obtained came loaded with version 4.3.15 of the Diebold BallotStation software that
runs the machine during an election. This version was deployed in 2002 and certified by the National
Association of State Election Directors (NASED) [11].

Do I have this right?

[vtcodger]

***The Diebold machine used for this article came via private hands. There is no independent verification that the software contained in it is the same as the production Diebold machines used in the vote tallies.***

So, you're suggesting that the Princeton Center for whatever might have gotten ahold of a machine that someone had already hacked? Yeah, maybe so. Somehow, that doesn't make me feel better about these things.

Oh ... you're suggesting that the flaws identified by the Princeton team may alread

If this can't finally nail the coffin lid shut

[fudgefactor7]

Then I don't know what can. We need more information like this to come out because when dealing with elections, the last thing we need--but apparently the opposition wants--is for some kind of shennanigans elecing the wrong person. If electronic voting is ever to be used, it darn well should be open source, and transparent as hell...with two paper receipts (one for the voter and one for the auditors.)

Re:

[sm62704]

We need more information like this to come out because when dealing with elections, the last thing we need--but apparently the opposition wants--is for some kind of shennanigans elecing the wrong person.

Aint gonna happen. The corporate media won't let it. The same people who own your legislators also own the media; there's an article about that in today's Illinois Times [illinoistimes.com] (a small, leftist, independant weekly).

Re:

[fishbowl]

"Then I don't know what can. We need more information like this to come out because when dealing with elections, the last thing we need--but apparently the opposition wants--is for some kind of shennanigans elecing the wrong person."

I don't know why so many people act like it's unthinkable to discard a flawed election and start over with a new one. In the case of a presidential election, the term expires, the Speaker of the House takes over, and stays in charge until a president and vice president is elect

Re:

[Dr. Groovysticks]

"with two paper receipts (one for the voter and one for the auditors.)" I disagree- the voter should be able to see the printed receipt confirming his vote, but shouldn't have a receipt to take home. What's to stop his boss from telling him to vote a certain way and bring in your receipt to prove it? Or selling your vote and using the receipt as proof? Disallowing voters receipts helps protect the voter.

I know what can

[Ungrounded Lightning]

If this can't finally nail the coffin lid shut ... Then I don't know what can.

I know what can:

An election where such a virus is released into the machines and transfers ALL the votes for the candidates in ALL the affected machines to the Nth "third party" candidate in each partisan race, a pseudo-random one in any non-partisan race, and discards all votes on any propositions.

Let's see 'em certify THAT as the correct election result! B-)

Re:

[Don'tTreadOnMe]

...the last thing we need--but apparently the opposition wants...

Clarification please: Who are we? And who is the opposition

Just wondering...

Soo..

[eieken]

How much more media attention do we need to give these jackasses at Diebold before the person in charge of contracting them goes.. "Hey wait a minute, you guys aren't very good at this ludicrously simple task," and takes a different approach to voting machines that doesn't give ultimate authority to some "company" over whether or not our votes will count.

Re:

[fishbowl]

You are assuming that the person in charge of contracting Diebold for voting machines actually *wants* tamperproof, accountable systems.

Re:Soo..

[OWJones]

Thank you for stealing an earlier post of mine [slashdot.org] absolutely verbatim.

-the real jdm

Scary

[sm62704]

In Illinois we get a paper printout that you check for accuracy and put in a ballot box; we can actually have a real recount.

That's incredibly weird, considering this IS Illinois, where they say "vote early, vote often," where dead people still have a right to vote, and the last two governors who lost elections went to prison (or will, in the case of Ryan).

Uh...

[raehl]

and the last two governors who lost elections went to prison (or will, in the case of Ryan).

Ryan didn't lose an election - he won, all the way up until he (plagued with scandal) didn't run again.

Re:Scary

[penix1]

That's what they mean when the pundents screech "paper trail!". The "paper trail" isn't for the voter to take home but to verify before depositing it in a ballot box. The problem is the voting machines that are produced by and large don't print anything. The votes are recorded inside and transfered to a larger repository for counting. If the count is off, there is no way to recount other than the faulty data in the machine already.

When you consider the ease of simply printing a receipt like slip of paper one has to wonder why they refuse to make them all do it. There is more accountability when you go to the supermarket than when you go vote.

B.

The first person to do this is going to be stupid

[CrazyJim1]

I bet either someone is going to have 100% votes for Fred Flintstone, or someone is going to have a 60% write in for some person. Both of which could never happen and would do nothing except expose the voting machines as tamperable. I doubt someone is going to be smart enough to make the election look close, but vote for someone on the ballot. The only way a good ol conspiracy vote could happen is if the hacker got a load of money from a candidate. Well I guess that could happen.

Re:The first person to do this is going to be stup

[Marxist Hacker 42]

I'll get mod-bombed right back down to Good Karma for this- but I have to say that I'm not at all sure it didn't happen in Ohio and Florida in 2004. The exit poll numbers, which had previously been extremely accurate in just about every election I'd ever heard of, were way off in those two states on the Presidential race- but the numbers were close enough that everybody focused on recounts instead (where possible).

Re:

[MyLongNickName]

The exit poll numbers, which had previously been extremely accurate in just about every election I'd ever heard of,

Exit polls are generally inaccurate. [washingtonpost.com]

Re:

[ptbarnett]

And I'd believe that article exactly why?

I intentionally lie to exit pollers. I do so because I want to make the mainstream media look like idiots when they make the wrong projections based on incorrect data. And I know that I'm one of many, among a relatively small sample size.

Like all telephone polls and Internet polls, exit polls are self-selecting. The only people that participate are those that WANT to do so. That effectively invalidates the results of the poll: if it is anywhere close to the

Re:

[MyLongNickName]

Ahhh yes, the conspiracy theory. You don't offer any counter example. You don't counter the points made in the article. You just yell 'bullshit'. Great argument.

I, for one, have a better explanation. People are dumb. That's the way Bush got elected last time. I will be honest enough to say I voted for Bush in 2000. But I am, at least, smart enough to admit my mistakes. People got their little payouts in the mail. Bush shored up his base. The folks ignored the two trillion of debt he has piled on us, and the

Re:

[Phillup]

The conspiracy begins and ends with the company making these flawed voting systems being a major player in the politics of the currently dominant party.

I think you are right.

What we need to do is outsource the programming to China.

If you can't have China write the software and trust it... then something is wrong with your process. Because, who writes it should not matter one bit.

Maybe this would get the point across that the software needs a line by line peer review...

More Secure Lock

[TheFlyingGoat]

This entire thing comes down to the ability to pick a lock so someone can replace the flash card. So why not put more secure locks on the devices? The paper ballots that we all love are also stored in locking containers, and as such are subject to the same fate as the Diebold tablets.

There are certain locks that are extremely difficult to pick... that's the solution.

Re:

[TheFlyingGoat]

I want to clarify before I get a bunch of flames. I agree that there are many more issues with the Diebold machines, and I still prefer paper ballots. I'm just pointing out that this hack is easily prevented.

Now that we know it is virus-susceptable...

[Ungrounded Lightning]

This entire thing comes down to the ability to pick a lock so someone can replace the flash card.

Now that we know the machine itself is virus-susceptable, the next steps are:
  1) See if the smartcard reader code has a vulnerability. (Any bets on a buffer overflow bug?)
  2) If so, design a virus that can do the initial infection via the smartcard slot.

Succeed at 2) and you can carry a bogus smartcard in, insert it while you "vote", and infect a voting machine. Since the machines are apparently capable of passing the infection during the post-election vote collection process, you can take over the precinct (either all the remaining machines or the one doing the totals) by infecting one voting machine.

Design the virus to self-destruct after doing its dirty work and you don't even leave tracks.

Unfortunately, "so what?" may be the response

[Captain Sarcastic]

I found the FAQ interesting. I liked the way they set the tenor of the questions, and included such things as "you weren't supposed to say anything about this!" The research seems pretty clear-cut, and the precautions that the researchers took appears to have been well thought out.

I hope that I underestimate the American people on this (including me), because the next tack that will be taken by Diebold will be, "Well, who in their right mind would want to tamper with an election? Calm down, citizens, this is just scaremongering by the right/left/pedestrians..." Once this is followed up with a suggestion that such might be "fomenting a panic designed to cause a breach of the peace," vague threats of arrest for those involved, and nothing changing.

Well, if nothing else, this voter's going to try his hand at absentee balloting this time around. Just in case...

Who would want to tamper? Terrorists

[FerretFrottage]

Sure hackers would be tempted as well, but look at it from a major terrorist network perspective. If they were able to alter the election outcome and prove it (or have it proven), think about the doubt this would cast in all future elections (and possibliy cast doubt on past ones as well if the same tech was used)...and not just for Americans, but world wide. "One man, one vote"....I could see the terrorists laughing as they played video of them voting of a candidate 1 million times or taking down the voting "network" entirely. They wouldn't even need to injure/kill anybody in the process and they would be able to make a major statement.

Re:Who would want to tamper? Terrorists

[Chris Burke]

The Possible Future, Nov 4th, 2008
"While exit polls conducted by our station and others showed Sen. Hillary Clinton and Sen. John McCain neck-in-neck at nearly 50% in this highly contested state of Ohio, initial results from available precincts shows the winner of the state, and thus the country, as Osama bin Laden, with 107% of the vote. A tape allegedly featuring Mr. bin Laden was broadcast by the al Jazeera network just minutes ago, in which the terrorist mastermind said he was pleased by the clear mandate the capitalist pig masses had given him, and that he hoped his transition from a cave somewhere in Pakistan to the Oval Office would go smoothly. Back to you, Tom."

I don't know, think that would wake people up?

Re:

[Mjlner]

Quite funny, but Bin Laden would never speak of "the capitalist pig masses" of the US. He hates communism as much as the most hardline republican in the US, if not more. He is a religious fanatic, while communism is usually coupled with the idea of a secular state. And, oh yeah, he actually fought the Soviet Union.

Re:

[btellier]

You know, I hardly ever post on the slashdot comments, but this completely ridiculous comment brought me out of the woodwork. I'm willing to put up with the hundreds of conspiracy theorists, anarchists, folks calling for the execution of the president. But this, is just ridiculous. You're actually trying to make a rational argument for something that you have clearly made up in your mind.

First of all, for this attack to succeed you would actually have to take the machine apart, then switch memory cards,

Re:

[FerretFrottage]

Don't like the FUD?!?!?! Just like you and the other people who thought that terrorists flying planes into towers thought it was all FUD BEFORE it actually happened. One of our current flaws in dealing with terrorism is that we are almost always reacting to their tactics rather that actually predicting or thinking outside of our box (WRT terrorism and their future tactics). We've made some progress here (forward thinking), but your thoughts show that you still think that terrorists are all mindless, bomb

Re:

[Beryllium Sphere(tm)]

>the next tack that will be taken by Diebold will be, "Well, who in their right mind would want to tamper with an election? Calm down, citizens, this is just scaremongering by the right/left/pedestrians..."

They've already said the equivalent:
"For there to be a problem here, you're basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software," [Diebold spokesman David Bear] said. "I don't believe these evil elections people exi [nytimes.com]

as we all know

[User 956]

The paper details a simple method whereby the Princeton team was able to compromise the physical security of a Diebold voting machine, infecting it with a virus that could change voting results and spread by memory-card to other machines of the same type.

It's not who votes that counts, it's who counts the votes.

What are /.ers complaining?

[OakDragon]

C'mon, guys, don't you see a little bit of opportunity here?

• What group, collectively, has been vociferous in criticizing elected officials? Slashdot users
• Who would be more likely, on average, to be able to hack an electronic voting system? Slashdot users
• Therefore, who could easily hack these Diebold machines? Apparently, almost anyone

Hmmm... I thought I had it...

Re:

[AK Marc]

Short of that, I don't see any public outcry. Have the winner be someone that doesn't even show up on the exit polls, and maybe we'll get some real change. Though, the cynic in me says that they'll claim the process is flawless and that there must have been that number of write-ins for him. Anything to keep the political machine rolling...

Another Hack

[PingXao]

Another hack I would like to see isn't a virus at all. It would involve a deliberate loading of unauthorized software into the machine, perpetrated by a manufacturer's representative, a poll-watcher with an agenda, or a black bag job the night before an election. The result would be the same as what Felton's paper describes: unauthorized alteration of the data on the machine that records the votes.

From everything I have read and everyone I've spoken to about these machines it wouldn't be a hack at all.

We've heard it before but...

[Sgt_Jake]

How come no one seems to be asking the slot machine manufacturers to make voting machines? They deal with millions - or billions - of dollars a day and seem to be able to account for every single penny accurately. As an added bonus, all they'd really have to do is change the 7's to donkeys and jackpots to republicans... Pull the lever for your new rep! Seriously though - they're the people who should be making the machines...

Re:

[3waygeek]

Diebold is well known for banking systems, including ATMs, so they know a thing or two about accountability. For some reason, these lessons haven't been transferred to their elections division.

Re:

[Ungrounded Lightning]

As I understand it, they acquired the elections division (and the horribly flawed design) in a merger.

Apparently upper management has seen no corporate advantage to ordering the ATM team to do a redesign. (If nothing else, it would compromise their claims that the machines are just fine as is.)

They have had their problems with ATMs too

[Beryllium Sphere(tm)]

>Diebold is well known for banking systems, including ATMs

Diebold ATM turned into jukebox [thetartan.org]

Diebold ATM infected with Welchia [windowsfordevices.com]

Re:We've heard it before but...

[Kesch]

Hmm... I seem to have voted for Cherry, Cherry, Lemon

Re:We've heard it before but...

[hmccabe]

A vote for Cherry is a vote for Plum. Thanks for throwing away your vote, asshole.

The video is excellent

[bsandersen]

I have just finished watching the video on the Princeton site and I must say it is very well done. Any reasonably motivated alert person who watches this video will see the problem we're trying to highlight.

It isn't enough for computer software professionals to discover problems like this; we need to be able to communicate our results effectively to the non-technical public. Too often we find something disturbing and decend into technical jargon and lose our audience. The Princeton team has done an excellent job avoiding that pitfall and communicating this threat.

Now, if only we could find a reasonably motivated and alert politician to actually act on this.

FINALLY!

[susano_otter]

Finally, a Conspiracy Theory that is actually possible, from a technological standpoint.

Now all we have to do is prove that it actually happened.

Re:

[MarkusQ]

Now all we have to do is prove that it actually happened.

When I am president, I promise, you will have your proof.

--MarkusQ (future winner of the 2008 presidential election, courtesy of Diebold)

Oooh! Oooh! Pick me!

[rts008]

Can I be in charge of vice...er, I mean vice-president?
Pretty please!

Sure thing.

[MarkusQ]

Sure thing. All I'll you need to do is help me find a few dozen people to vote for us.

And make sure they understand we aren't talking any of that weak kneed "one man one vote" stuff. These are some super charged Diebold votes we want to have them cast for us.

But don't go overboard. Two or three per state should do it.

--MarkusQ

What about the seals?

[thedohman]

All the little openings on those things have seals placed over them, so it becomes quite obvious that the box has been tampered with because the seal is broken. True, some county clerk (or Diebold employee maybe) could probably get a replacement to replace it, but it would be hard to cover the evidence. Now i'm not saying that everythings hunky dory just becuase we know if it's been tampered with. Obviously, if a machine is tampered with, you can't trust the votes. Which means they can't (shouldn't) be co

Do you need someone to actually SAY it ?

[unity100]

You, u.s. people, have been SCREWED BADLY.

Does it take someone to say for you to realize it ?

My experience with Diebold

[Anonymous Coward]

Welcome to democratic government, brought to you by Diebold(R)!

Please choose a candidate:
(1) The incumbent guy who's against the terrorists.
(2) The weasly other guy who likes terrorists and wants your child to
        be gay.

[press 2]

You have chosen option (2), for gay marriage. Are you sure?

[press no]

Please choose a candidate.

[press 2]

Let's not be too hasty. We don't want the terrorists to feel good.
Do you want the terrorists to feel good?

[press no]

You have chosen option (1), for the incumbent. Are you sure?

[press cancel]

This may forfeit your vote! Are you sure you wish to cancel not
voting for option (1)?

[press yes]

Thank you for your participation in the democratic process! Printing
receipt ...

Sorry! Out of paper.

Army of One

[Doc Ruby]

Ed Felten is also the guy who hacked the MS DLL that "integrated" IE into Windows to remove IE without destroying the OS, proving in court that Microsoft's defense of their illegal bundling, "it was technologically necessary", was a lie. Though Felten was not even a Windows specialist, and certainly didn't have the source code to delete IE cleanly, he was the the key to the court finding that MS had violated their antibundling consent agreement, the key to finding they'd violated their monopoly status.

Now he's the guy proving Diebold voting systems are insecure.

Isn't anyone else in our giant, brilliant "computer science" industry doing anything? Or are they all working for the bad guys?

Re:

[Xyrus]

The problem with evil is there is just too much damn money to be made.

~X~

Re:

[dch24]

There are more people than Ed trying to Save The World (TM). They are my heroes.

And they usually have enough money to live on, too.

Diebold just needs an incentive ....

[RallyDriver]

Compromising Diebold machines seems to be a regular method of swinging elections in Florida ( UC Berkeley [berkeley.edu] )

The white hat community needs to start undermining vulnerable e-voting technologies whenever and wherever possible. Just put a few Democrats into office in the bible belt.

The CEO of Diebold is on record as a dyed in the wool Republican: "Our job is to deliver the election to George W Bush". Problematic for a vendor with so much trust. But once their machines start swinging votes for the other side, they'll soon start adding security.

There is one way to fix this...

[Sathias]

Someone infect these machines with a virus that changes votes to Democrat. Those security holes would be fixed up quick-smart!

My mother always said I could be president one day

[flimflam]

Now maybe I've found the way!
 

hack?

[sckeener]

How can one hack a diebold voting machine when they are open?

Shouldn't these just be considered mods?

Name an item you CAN'T hack

[Bowling Moses]

a Diebold fraud machine with, that's the real challenge. Yesterday's challenge was a toenail clipping and was successfully met in only 9.4 seconds. Today's challenge is...a loogie!

Arnold! Arnold!

[whitehatlurker]

I wish to express, on behalf of all his supporters, our warmest wishes and congratulations to President Arnold on his win over that Washington fellow.

Re:Could be modded as flamebait...

[nezroy]

http://www.openvotingconsortium.org/ [openvotingconsortium.org]

Re:

[Nephilium]

The complaints about paper ballots can be pretty reliably traced back to Florida in 2000, when we were told that the butterfly ballots "were confusing", and then we had the whole fun of chads... I personally still find it hard to believe that the ballots were confusing... I've seen the images of them... they were basically %name% with an arrow to the hole to punch...

Personally... my requirements for a voting system would be fairly simple: Anonymous, Personally verifiable, Auditable, Tamper resistant enou

Re:

[mzwaterski]

Your ideas are intriguing to me and I'd like to subscribe to your newsletter. Seriously though, this seems like the way to go. Can anyone find a problem with this system??

Re:

[mzwaterski]

Thank you very little...

Re:

[Phillup]

Somebody hack just one state and get Mickey Mouse elected...

Haven't you heard? [dailykos.com]