Lord Multiplexer, King of Michigan (multiplexer) wrote,
Lord Multiplexer, King of Michigan
multiplexer

Hacking the Vote

I'm a little obsessed with the security and electronic voting issue, so bear with me.

I don't know how many people here read Slashdot daily, but one of the postings this morning is a reference to an article in Ars Technica called How to Steal an Election by Hacking the Vote. If you're interested in voting machines and voting security, the article, although lengthy, is worth a read.

In describing some of the vulnerabilities of the AccuVote TS/Diebold system, from the article:



  • The Ohio Compuware report describes how to turn a voter card into a supervisor card, which can then be used to cast multiple votes, delete votes, or shut down the machine, using a PDA with a smartcard attachment.
  • In order to use a supervisor card to access the AccuVote, you must first enter a four-digit PIN. In version of the machine that was in use as late as 2003, the exact same supervisor PIN was hard-coded into every single AccuVote TS shipped nationwide. That PIN was 1111. (I am not making this up.) This is still the default PIN for these machines, although the county can change it on a machine-by-machine basis if they have the workers and the time.
  • All of the AccuVotes have the same lock securing the PCMCIA slot that contains the Flash card with all the votes on it. When I say the "same" lock, I mean the exact same key opens all of the machines. But even if you don't have one of the tens of thousands of copies of this key that are floating around, the lock can be picked by an amateur in under 10 seconds. The Princeton video has a nice demo of this. Once you have access to the PCMCIA slot, you can do all kinds of great stuff, like upload vote-stealing software (a simple reboot will cause the machine to load software from whatever you've put in the PCMCIA slot), crash the system, delete all the votes on the machine, etc.
  • Some localities have taken to securing the PCMCIA slot with security tape or plastic ties. The idea here is that a cut tie or torn tape will invalidate the results of that machine, because
    poll workers can't guarantee that it wasn't compromised. There are two things wrong with this scheme:

    1. If you want to invalidate all the results stored in machines in a precinct that favors your opponent, just cut the tape or the ties on those machines. If the election supervisor sticks to the rules, then he or she will be forced to throw out all of those votes.
    2. According to author, security researcher, and Maryland election judge Avi Rubin, one would almost have to have a CIA background to be able to tell if the security tape applied to the AccuVotes in the Maryland primary had been removed and reapplied.




    This article walks through a step-by-step process for hacking a Diebold machine, with helpful graphics and diagrams. It also has a complete real-world example of Diebold vote tampering in Shelby County, Tennessee, also, again, with diagrams. (Where, of course, we have a hot and extremely close Senatorial election right now.)

    It's friday, so if you have a chunk of time, read the article.

    The bibliography at the end of the article is worth perusing, as is Dr. Avi Rubin's blog which discusses all these issues in pretty fine detail and is updated near daily. If you're interested in the electronic voting issues, it's definitely worth reading. Not only is Dr. Rubin an expert in computer security currently at John Hopkins, he's another fine Wolverine! Go Blue!

    (Michigan alumni rule!)
  • Tags: politics, security
    Subscribe

    • Quote for a Primary Day

      “If you are bored and disgusted by politics and don’t bother to vote, you are in effect voting for the entrenched Establishments of the two…

    • Presidential Politics and Sports Fandom

      Sorry, political post, but this has been jostling around in my brainmeats for the last few weeks and I’m finally tossing it up on my blog. It…

    • Nephilim FATE Magic — Summoning Mechanics

      Note: I am slowly converting Nephilim, an old Chaosium game, over to Dresden Files FATE. I am just flopping all the posts on my blog because I can…

    • Post a new comment

      Error

      Anonymous comments are disabled in this journal

      default userpic

      Your reply will be screened

      Your IP address will be recorded 

    • 27 comments

    • Quote for a Primary Day

      “If you are bored and disgusted by politics and don’t bother to vote, you are in effect voting for the entrenched Establishments of the two…

    • Presidential Politics and Sports Fandom

      Sorry, political post, but this has been jostling around in my brainmeats for the last few weeks and I’m finally tossing it up on my blog. It…

    • Nephilim FATE Magic — Summoning Mechanics

      Note: I am slowly converting Nephilim, an old Chaosium game, over to Dresden Files FATE. I am just flopping all the posts on my blog because I can…