Election hacking

Stalin says: “Those who cast the votes decide nothing. Those who count the votes decide everything.”

Here we go again! Election fraud as only a computer can do:

Three Putnam County voters say electronic voting machines changed their votes from Democrats to Republicans when they cast early ballots last week.

This is the second West Virginia county where voters have reported this problem. Last week, three voters in Jackson County told The Charleston Gazette their electronic vote for “Barack Obama” kept flipping to “John McCain”.

In both counties, Republicans are responsible for overseeing elections. Both county clerks said the problem is isolated.

They also blamed voters for not being more careful.

“People make mistakes more than machines,” said Jackson County Clerk Jeff Waybright.

“Security” of Electronic Voting Systems evaluated by UC Santa Barbara:

In the TTBR effort, our team focused on the security analysis of the Sequoia voting system. Our public report can be found here (a local copy can be found here). We found a number of major flaws that can be exploited to compromise the integrity, confidentiality, and availability of the voting process.

In particular, we developed a virus-like software that can spread across the voting system, modifying the firmware of the voting machines. The modified firmware is able to steal votes even in the presence of a Voter-Verified Paper Audit Trail (VVPAT).

Part 1:

Part 2:

More hacking of voting machines:

Diebold (2006):

Update: (24 October 2008) more hacking fun with Sequoia Voting Machines:

The researchers developed a program that switches votes from one candidate to another. The program, which took two days to write and is only 122 lines of code, was specifically designed to obscure the aberrant behavior when it detects that voting machine officials are running diagnostic software to test the machine. The way that the hacked firmware manipulates the vote tallying mechanism also ensures that the internal electronic audit trails generated by the machine will be consistent with the doctored vote counts. This means that the hack is virtually undetectable. The researchers burned the hacked firmware on a ROM chip which they were then able to install in the voting machine.

They were able to gain physical access by using little more than a screwdriver. The machines are protected by locks and supposedly tamper-proof straps, but the researchers found that these were easy to bypass without detection. Lead researcher Andrew Appel was able to pick the lock in only 13 seconds using a cheap set of $40 lock-picking tools. He had no previous experience with lock-picking apart from a bit of basic training from a grad student who was familiar with the art.

The researchers also found that the seal was so flexible that they could remove the circuit-board cover without having to break it. Further, they cite a study conducted by Dr. Roger Johnston of the Los Alamos National Laboratory which reveals that the vast majority of plastic anti-tamper seals can be trivially circumvented with cheap low-tech materials.

On top of all of that, the researchers point out that New Jersey’s physical security for the machines is poor and that it is easy to gain sufficient access to unattended voting machines. To demonstrate this point, the report includes photographs that were taken prior to the primary elections that show unattended Sequoia voting machines at four separate polling places.

The voting machine vendors often attack these studies and claim that hacks conducted by expert researchers in laboratory environments with full access to the source code don’t truly reflect real-world scenarios. The report, however, asserts that the skills required to perpetrate an election hack on the Sequioa machine are anything but rare. Anyone with undergraduate training in computer science could do it, they say, and it’s no more difficult than writing malware. They also claim that it could be done by reverse-engineering the firmware and that a hacker need not have full access to the source code to do so.

This entry was posted in political. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *