Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

The Diebold Voting-Machine Hack

Posted by Zonk on Thu Sep 14, 2006 05:33 PM
from the don't-say-can't-because-you-can dept.
Privacy Government Politics
Warm John writes to mention a short article on Doctor Dobbs Journal about the Hack that couldn't be done. "Hacking a Diebold voting machine was the focus of Cigital's Gary McGraw's keynote at SD Best Practices. He discussed 'Security Analysis of the Diebold AccuVote-TS Voting Machine,' a paper released by Edward Felten, Ari Feldman, and Alex Halderman of the Princeton Center for Information Technology Policy. 'The paper details a simple method whereby the Princeton team was able to compromise the physical security of a Diebold voting machine, infecting it with a virus that could change voting results and spread by memory-card to other machines of the same type.'"
+ -
story

Related Stories

[+] IT: Hotel Minibar Key Opens Diebold Voting Machines 341 comments
Billosaur writes, "As if Diebold doesn't have enough to worry about! On the Freedom To Tinker blog, Ed Felten, one of the co-authors of the recent report 'Security Analysis of the Diebold AccuVote-TS Voting Machine', reveals an even more bizarre finding related to the initial report. It turns out that you can gain access to an AccuVote-TS machine using a hotel minibar key. In fact, the key in question is a utilitarian type used to open office furniture, electronic equipment, jukeboxes, and the like. They might as well hand them out like candy."
[+] Politics: Maryland Fights to Keep E-voting 250 comments
crystalattice writes "Apparently Maryland election officials never have computer problems. That's why they're fighting so hard to keep their Diebold e-voting machines. Washington Post reporter Marc Fisher received nothing but bad attitudes, dodges, and excuses when he attempted to discuss the issue with the state elections administration and Diebold." From the article: "I asked the state's elections administrator, Linda Lamone, whether Maryland wasn't just a bit too quick to adopt electronic voting. Doesn't the computer at your desk ever freeze up on you? 'No,' she replied. Never? 'No.' But surely people in your office have had that experience? 'No.' (Maybe we've found the solution to Maryland's voting problem: Everybody head on down to Linda Lamone's office, where the machines work 100 percent of the time.)"
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

The Diebold Voting-Machine Hack 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • meme seems appropriate (Score:5, Funny)

    by xanie (446372) <xanie@xanie . c om> on Thursday September 14 2006, @05:36PM (#16108954)
    I'm in your voting machine stealing your election.

  • Money more important than a fair vote? (Score:4, Insightful)

    by ronkronk (992828) on Thursday September 14 2006, @05:36PM (#16108961) Journal
    Man Diebold looks slimier and slimier every passing week, but I'm more disturbed by Joe Demma's, Salt Lake's chief elections officer, response to Bruce Funk's actions. Granted, Funk acted by going around Demma by calling in Black Box Voting to check the Diebold machines, when presumably Demma is supposed to be responsible for that (just my guess as he's the chief elections officer).

    However, Demma seems more incensed at Funk because he may cost the state $40,000 for Diebold's astronomical recertification fee. He doesn't seem to be worried that people might not trust these machines. He doesn't seem to care that a state officer was worried enough to call in a non-profit third party to verify the integrity of these machines. I mean, these things could possibly affect the outcome of a vote, the foundation for a democratic republic! But instead of worrying about these machines he's clearly more upset about the $40,000 and Funk not talking to him about his concerns regarding the voting machines.

    And of COURSE Diebold is going to tell you the machines are fine and fair. Sheesh, they want to make money don't they?

    Isn't it great that chief elections officers have their priorities straight?

    Give me a ballot sheet and a pencil any day over these closed, proprietary black box machines.

    • Re:Money more important than a fair vote? (Score:4, Insightful)

      by partisanX (1001690) on Thursday September 14 2006, @05:47PM (#16109045) Homepage
      Nobody in their right mind who cares about the stability of our democratic republic could condone a continuation of these scandals. If we can't trust the vote, then we can't trust anything about the government, and when enough people feel that way in a democratic republic, bad things happen.

      • Re:Money more important than a fair vote? (Score:5, Insightful)

        by dgatwood (11270) on Thursday September 14 2006, @06:29PM (#16109373) Journal

        Nobody in their right mind who understands what's going on can condone the existence of closed-source software in the vote counting or vote taking process at all, whether by Diebold or otherwise.

        If elections officials told the public, "We're going to count by a secret counting method and we won't tell you how we're going to count; you'll just have to trust us that we picked the right person for the job," the public would burn down city hall. Unfortunately, the public hasn't yet realized that this is exactly what is happening....

        Anybody want to raise money for a front page ad in the NY Times? Maybe with a little extra money left over to donate to local fire departments? :-)

        • Re:Money more important than a fair vote? (Score:5, Funny)

          by megaditto (982598) on Thursday September 14 2006, @10:13PM (#16110471)
          If elections officials told the public, "We're going to count by a secret counting method and we won't tell you how we're going to count; you'll just have to trust us that we picked the right person for the job," the public would burn down city hall.


          If elections officials told the public, "To protect your Freedom we are going to count by an undisclosed counting method and we won't help terrorists by telling the evildoers how we're going to protect the public and count the votes; you'll just have to support our troops and the person we picked for the job," the public would greet you as liberators

          There, corrected it for ya.

    • Re:Money more important than a fair vote? (Score:4, Interesting)

      by Mikkeles (698461) on Thursday September 14 2006, @05:53PM (#16109102)
      Avi Ruben also has an interesting blog article [blogspot.com] on his experiences as a poll worker in the recent Maryland election.

    • Re:Money more important than a fair vote? (Score:5, Insightful)

      by symbolic (11752) on Thursday September 14 2006, @09:34PM (#16110314)
      However, Demma seems more incensed at Funk because he may cost the state $40,000 for Diebold's astronomical recertification fee.

      Huh? Diebold is certifying its own machines? To say that this is like the fox guarding the henhouse would be a gross oversimplification...it's more like the fox has control of a large percentage of the henhouses throughout the country, and is working diligently to ensure this does not change.

  • Scary (Score:5, Informative)

    by sm62704 (957197) on Thursday September 14 2006, @05:39PM (#16108976) Journal
    In Illinois we get a paper printout that you check for accuracy and put in a ballot box; we can actually have a real recount.

    That's incredibly weird, considering this IS Illinois, where they say "vote early, vote often," where dead people still have a right to vote, and the last two governors who lost elections went to prison (or will, in the case of Ryan).

  • The first person to do this is going to be stupid (Score:4, Interesting)

    by CrazyJim1 (809850) on Thursday September 14 2006, @05:39PM (#16108979) Journal
    I bet either someone is going to have 100% votes for Fred Flintstone, or someone is going to have a 60% write in for some person. Both of which could never happen and would do nothing except expose the voting machines as tamperable. I doubt someone is going to be smart enough to make the election look close, but vote for someone on the ballot. The only way a good ol conspiracy vote could happen is if the hacker got a load of money from a candidate. Well I guess that could happen.

  • Unfortunately, "so what?" may be the response (Score:4, Interesting)

    by Captain Sarcastic (109765) * on Thursday September 14 2006, @05:43PM (#16109018)
    I found the FAQ interesting. I liked the way they set the tenor of the questions, and included such things as "you weren't supposed to say anything about this!" The research seems pretty clear-cut, and the precautions that the researchers took appears to have been well thought out.

    I hope that I underestimate the American people on this (including me), because the next tack that will be taken by Diebold will be, "Well, who in their right mind would want to tamper with an election? Calm down, citizens, this is just scaremongering by the right/left/pedestrians..." Once this is followed up with a suggestion that such might be "fomenting a panic designed to cause a breach of the peace," vague threats of arrest for those involved, and nothing changing.

    Well, if nothing else, this voter's going to try his hand at absentee balloting this time around. Just in case...

    • Who would want to tamper? Terrorists (Score:4, Insightful)

      by FerretFrottage (714136) on Thursday September 14 2006, @05:59PM (#16109137)
      Sure hackers would be tempted as well, but look at it from a major terrorist network perspective. If they were able to alter the election outcome and prove it (or have it proven), think about the doubt this would cast in all future elections (and possibliy cast doubt on past ones as well if the same tech was used)...and not just for Americans, but world wide. "One man, one vote"....I could see the terrorists laughing as they played video of them voting of a candidate 1 million times or taking down the voting "network" entirely. They wouldn't even need to injure/kill anybody in the process and they would be able to make a major statement.

      • Re:Who would want to tamper? Terrorists (Score:5, Funny)

        by Chris Burke (6130) on Thursday September 14 2006, @07:05PM (#16109594) Homepage
        The Possible Future, Nov 4th, 2008
        "While exit polls conducted by our station and others showed Sen. Hillary Clinton and Sen. John McCain neck-in-neck at nearly 50% in this highly contested state of Ohio, initial results from available precincts shows the winner of the state, and thus the country, as Osama bin Laden, with 107% of the vote. A tape allegedly featuring Mr. bin Laden was broadcast by the al Jazeera network just minutes ago, in which the terrorist mastermind said he was pleased by the clear mandate the capitalist pig masses had given him, and that he hoped his transition from a cave somewhere in Pakistan to the Oval Office would go smoothly. Back to you, Tom."

        I don't know, think that would wake people up?

  • as we all know (Score:4, Funny)

    by User 956 (568564) on Thursday September 14 2006, @05:46PM (#16109044) Homepage
    The paper details a simple method whereby the Princeton team was able to compromise the physical security of a Diebold voting machine, infecting it with a virus that could change voting results and spread by memory-card to other machines of the same type.

    It's not who votes that counts, it's who counts the votes.

  • We've heard it before but... (Score:5, Interesting)

    by Sgt_Jake (659140) on Thursday September 14 2006, @06:11PM (#16109227) Journal
    How come no one seems to be asking the slot machine manufacturers to make voting machines? They deal with millions - or billions - of dollars a day and seem to be able to account for every single penny accurately. As an added bonus, all they'd really have to do is change the 7's to donkeys and jackpots to republicans... Pull the lever for your new rep! Seriously though - they're the people who should be making the machines...

  • The video is excellent (Score:5, Insightful)

    by bsandersen (835481) on Thursday September 14 2006, @06:14PM (#16109262) Homepage
    I have just finished watching the video on the Princeton site and I must say it is very well done. Any reasonably motivated alert person who watches this video will see the problem we're trying to highlight.

    It isn't enough for computer software professionals to discover problems like this; we need to be able to communicate our results effectively to the non-technical public. Too often we find something disturbing and decend into technical jargon and lose our audience. The Princeton team has done an excellent job avoiding that pitfall and communicating this threat.

    Now, if only we could find a reasonably motivated and alert politician to actually act on this.

  • Army of One (Score:5, Informative)

    by Doc Ruby (173196) on Thursday September 14 2006, @07:41PM (#16109801) Homepage Journal
    Ed Felten is also the guy who hacked the MS DLL that "integrated" IE into Windows to remove IE without destroying the OS, proving in court that Microsoft's defense of their illegal bundling, "it was technologically necessary", was a lie. Though Felten was not even a Windows specialist, and certainly didn't have the source code to delete IE cleanly, he was the the key to the court finding that MS had violated their antibundling consent agreement, the key to finding they'd violated their monopoly status.

    Now he's the guy proving Diebold voting systems are insecure.

    Isn't anyone else in our giant, brilliant "computer science" industry doing anything? Or are they all working for the bad guys?

    • Re:The box was not production hardware... (Score:4, Interesting)

      by ronkronk (992828) on Thursday September 14 2006, @05:43PM (#16109015) Journal
      I've seen plenty of pro-Microsoft and pro-Diebold posts get modded up. All you have to do is have a clear point, and show it. You didn't manage that. You said the fraud happens, and it doesn't make a difference if we can trace it or not.

      It does make a difference. With a punch card, or a paper ballot, or even a mechanical voting both anyone can trace when fraud has occured. And in those cases we implement some security, track where the fraud came from (if we can) and redo the election.

      With the current generation of electronic voting machines, we can't do that. I don't care who makes a good machine, but Diebold hasn't made one. And they've defended that design as if they think it is a good machine. Geeks don't like people who pretend a bad design is a good design. We'll tear into them. If they routinely defend bad design by saying it is good design and overlooking what we think are obvious flaws we'll notice, and start to expect that. Until they change, a group that decides who they like on the technical ability of a company won't like them. They are lying about their technical quality; at least in our eyes.

      • Re:The box was not production hardware... (Score:5, Interesting)

        by Frymaster (171343) on Thursday September 14 2006, @05:50PM (#16109081) Homepage Journal
        Geeks don't like people who pretend a bad design is a good design. We'll tear into them

        it's called 'peer review' and in the science world it's not only expected but mandatory.

        my question is this: has diebold's product undergone any sort of peer review? if it's important enough for someone studying the genetic inheretance of grey hair, it's important enough for someone entrusted with running an election for the most powerful person in the world, dontcha think?

    • Re:The box was not production hardware... (Score:5, Interesting)

      by rodgster (671476) * <rodgster.yahoo@com> on Thursday September 14 2006, @05:45PM (#16109027) Journal
      Maybe this is an example of free market forces at work.

      One customer wants a secure, hardened, auditable, time proven machine with a user verifiable paper trail.

      The other doesn't need any of those features.

      Therefore two entirely disparate product lines.

      One is designed to protect $.

      The other is designed to protect democracy.

    • Re:firmware flash (Score:5, Funny)

      by creimer (824291) on Thursday September 14 2006, @06:33PM (#16109399) Homepage
      You don't want to do any flashing around these machines. The little old ladies behind the voting table will be watching you like a hawk and they're swoop down on you so fast with their canes before you could even think about flashing anyone. If you want a safe voting experience, you must see no evil, hear no evil or speak no evil when the voting machine flashes you!

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.