Homemade Key Opens Diebold AccuVote-TS Electronic Voting Machines

We have discussed before how easy it would be to rig an election using some of today’s e-voting machines, like the ones made by Diebold. Ed Feltenof the Freedom to Tinker blog first told us how easy it would be to change the vote totals using malicious code, now he has posted how, using Diebold’s own website, you can make your own key to unlock the flimsy cover that they use on the voting machines! They sell the key to the locks to people, who have accounts only, but they had a detailed picture of the key posted to their online store, and Ross Kinard of Sploitcast made three keys from the picture and two of them actually opened the lock. Video is below.

By now it should be clear that Diebold’s AccuVote-TS electronic voting machines have lousy security. Our study last fall showed that malicious software running on the machines can invisibly alter votes, and that this software can be installed in under a minute by inserting a new memory card into the side of the machine. The last line of defense against such attacks is a cheap lock covering the memory card door. Our video shows that the lock can be picked in seconds, and, infamously, it can also be opened with a key that is widely sold for use in hotel minibars and jukeboxes.

Security experts advocate designing systems with “defense in depth,” multiple layers of barriers against attack. The Diebold electronic voting systems, unfortunately, seem to exhibit “weakness in depth.” If one mode of attack is blocked or simply too inconvenient, there always seems to be another waiting to be exposed. Source: Diebold Shows How to Make Your Own Voting Machine Key

This is amazing, these people shouldn’t even be allowed to talk about security, let alone claim that they have any. Two out of the three keys worked. Why not just hand people a card with the malicious code on it, show them how to use it and then ask them not to change the vote totals. According to that website, nearly all of the machines deployed across the country use the exact same key as the one that was shown on the Diebold site, so almost anyone, almost anywhere could affect an election using a simple homemade key and a little bit of code. Ross said he sent many emails to Diebold and the never removed the picture, Ed posted on his blog Tuesday and now they have removed it, finally. Pictures are still out there though, hopefully the ones who posted them will remove them, because, if the past is any indicator, this won’t be fixed and Diebold and their supporters will spin their way out, again.

Posted by Jimmy Daniels Posted in: E-voting, Politics, Security No Comments » January 2007

E-Voting Problems

I had talked earlier about Election Fraud and how easy it could be using the new e-voting machines that everyone wants to use nowadays. Well it appears that there are plenty of e-voting problems according to this post on Techdirt, Would You Believe It? Widespread Reports Of E-Voting Problems.

What a surprise that after plenty of people have pointed out for years why e-voting machines are problematic that there appear to be numerous reports of problems with the machines. There’s nothing too surprising: reports of machines not working right, selecting the wrong candidate or poll workers not knowing how the machines worked at all. Everywhere you look there are more and more and more reports of problems. While elections officials everywhere are trying to claim it’s no big deal, it should be a huge deal.

And check out the big list of voting problems from ABCnews,

A Republican source said that while party officials still felt that things were going relatively smoothly, they were concerned about the possibility that Michigan senate candidate Mike Bouchard’s Web site was hacked, and machines had been tampered with in New Jersey. Party officials were also concerned that they ran out of ballots in a heavily Republican county in New Mexico, but in balance, they were comfortable with the process of the election.

Ohio is the No. 1 state getting called about at nationwide hotline centers run by Election Protection — a consortium led by People for the American Way, the NAACP, and the Lawyer Committee for Civil Rights Under the Law. According to calls at the Election Protection hotline in Ohio, there were large problems in the district of East Cleveland (Cuyahoga County) — all the machines at one precinct crashed and they did not hand out paper ballots.

In New Jersey — home of a key and close Senate race between Democrat Bob Menendez and Republican Tom Kean Jr. — Republicans are upset about reports that machines are malfunctioning. The reports say Menendez is pre-selected on machines when voters try to use them. Voters tried to cast their ballot for Tom Kean but couldn’t. It was unknown if it was caused by glitches or something malicious.

In Pennsylvania, Poll hours have been extended to 9 p.m. to compensate for machine malfunctions. The Lawyers’ Committee for Civil Rights Under Law plans to file a lawsuit about delays and problems at the polls due to machine malfunctions. They want Lawrence County voting hours extended to compensate for machine malfunctions. Source: ABC News

Sounds like lots of problems are happening and I just quoted a few of them. Although they are still happy that everything is going smoothly. But that is part of the problem today, as long as its not too many people having trouble, they will call it a successful election, but if anyone has a problem voting, if you ask me, that is a problem. Voting is a right and everyone’s vote should count.

More coverage from Techdirt on e-voting, http://www.techdirt.com/articles/20061106/231708.shtml” target=”_blank”>What The Maryland Study On Diebold Voting Machines Didn’t Tell You where a 200 page report on the Diebold voting machines was knocked down to 38 pages, by none other that, you guessed it, Diebold. How many industries get to do that?

The Electronic Voting Movie Diebold Didn’t Want You To See… Even If They Hadn’t Seen It Where Techdirt talks about the movie Diebold doesn’t want you to see, see it here Hacking Democracy on Google Video.

Posted by Jimmy Daniels Posted in: E-voting, Election Fraud, Politics No Comments » November 2006

Saddam Hussein Sentenced to Hang

An Iraqi court sentenced Saddam Hussein to hang today for crimes against humanity, as he and six subordinates were sentenced for the 1982 killings of 148 Iraqi’s in a single Shiite town after someone attempted to kill him there, of the 148, 50 of those sentenced by the Revolutionary Court died during interrogation before they could be executed and some of those hanged were children. The nine month trial was televised in Iraq and three defense lawyers and a witness were murdered during its 39 sessions.

Saddam trembled and shouted “God is great” when the hawk-faced chief judge, Raouf Abdul-Rahman, declared the former leader guilty and sentenced him to hang.

Ibrahim, Saddam’s half brother and intelligence chief during the Dujail killings, was sentenced to join the former leader on the gallows, as was Awad Hamed al-Bandar, head of Iraq’s Revolutionary Court, which issued the death sentences against the Dujail residents.

Iraq’s former Vice President Taha Yassin Ramadan was convicted of premeditated murder and sentenced to life in prison.

Three defendants were given up to 15 years in prison for torture and premeditated murder. Abdullah Kazim Ruwayyid and his son, Mizhar Abdullah Ruwayyid, were party officials in Dujail, along with Ali Dayih Ali. They were believed responsible for the Dujail arrests.

A local Baath Party official Mohammed Azawi Ali, was acquitted for lack of evidence. Source: Yahoo

Saddam visibly trembled and shouted “God is great” when the verdict was read and he was sentenced to hang. He cried “Long live the people and death to their enemies. Long live the glorious nation, and death to its enemies!” after the verdict and as he was escorted from the courtroom there was a hint of a smile on his face.

President Bush said it was “a milestone in the Iraqi people’s efforts to replace the rule of a tyrant with the rule of law. It’s a major achievement for Iraq’s young democracy and its constitutional government,” and he added, “Today, the victims of this regime have received a measure of the justice which many thought would never come.” Yet no mention of any weapons of mass destruction that started the invasion. Not that they needed those to convict Saddam of anything, but it is what started the whole thing.

The death sentence is not guaranteed now, this verdict automatically goes to a nine-judge appeals panel, which will have unlimited time to review and make their decision on the case. If it is upheld, the executions have to be carried out within 30 days. A court official told The Associated Press that the appeals process was likely to take three to four weeks.

Posted by Jimmy Daniels Posted in: Politics No Comments » November 2006

CNN Video Demonstrates Voting Machine Virus

Nice video from CNN with one of the professors who tested the Diebold e-voting machines, demonstrating hacking the e-voting machines with a virus. It also talks about people suing to have these machines removed and not used.

I think the government should tell these companies that we need some kind of paper trail, these machines could easily print out who they just voted for in each election, the voter could make sure they are correct and then drop it in a box, for verification purposes should there be some kind of problem.

Simple.

Posted by Jimmy Daniels Posted in: Election Fraud, Politics No Comments » September 2006

Should We Stick with Manual Voting Machines?

The longer you are around technology, the easier it becomes to use, the more it becomes ingrained in your lives, that it’s often impossible to imagine there being a better way. But with the recent report on Diebold Election Systems AccuVote-TS voting machines, I have to wonder, isn’t the best way still the old fashioned way? I know e-voting machines will make the pollsters work easier, but will it make them feel better about the outcome? If it is that easy to hack a voting machine, infect it with a virus that spreads by their memory cards and change the outcome, then what are we really saving? And, to take a conspiracy theory to the edge, how hard would it be for an employee to infect each voting machine as it is created, to make sure their party wins.

Recently, Diebold responded to the report in a PDF, and said, basically that the machines they tested were old and had outdated software, that the machines would not be tied to a network to spread the virus and called the report unrealistic and inaccurate, essentially attacking the reviewers trying to deflect the criticism. Well, Ed Felten posted their response to Diebold.

We studied the most recent software version available to us. The version we studied has been used in national elections, and Diebold claimed at the time that it was perfectly secure and could not possibly be subject to the kinds of malicious code injection attacks that our paper and video demonstrate. In short, Diebold made the same kinds of claims about this version — claims that turned out to be wrong — that they are now making about their more recent versions.

We demonstrated these problems on our video, and again in live demos on Fox News and CNN. Common sense says to believe your eyes, not unsubstantiated claims that a technology is secure.

Our paper discusses physical security, election procedures, security tape, and numbered security seals. See, for example, Sections 3.3 and 5.2 of our paper. These sections and others explain why these measures do not prevent the attacks we describe. And once again, Diebold does not assert that they would.

Secure voting equipment and adequate testing would assure accurate voting — if we had them. To our knowledge, every independent third party analysis of the AccuVote-TS has found serious problems, including the Hopkins/Rice report, the SAIC report, the RABA report, the Compuware report, and now our report. Diebold ignores all of these results, and still tries to prevent third-party studies of its system.

If Diebold really believes its latest systems are secure, it should allow third parties like us to evaluate them.

Sounds like a challenge Diebold, are you going to step up to the plate and let them review your secure machine, or are voters like myself just supposed to believe the hype and ignore reports such as this? If you really want to discount what they did, let them test it and have your people watch, it’s win-win for everybody, unless you are afraid of what they will find.

Posted by Jimmy Daniels Posted in: Current Events, Election Fraud, Politics, Technology No Comments » September 2006

Wound from 911 Still Open

A nice commentary from Keith Olbermann on 911, how the government has forgotton about 911 and how without a memorial, the wound will always be open. A prime time ripping if I ever saw one. He talks about how after five years we still don’t have a memorial, and how he has not forgotten, after losing friends and colleagues and having relatives who were fire fighters, and how images are burned in his head after discovering two friends on the wall that had everyone still missing. And he said, we need the memorial so we can show the terrorists they did not change our lives and we will not be changed by the likes of them.

Posted by Jimmy Daniels Posted in: 911, Current Events, Politics No Comments » September 2006

How Hard is Election Fraud?

Just reading about the new Diebold e-voting machines and how little security seems to have been a consideration, as there has been multiple reports on how easy it is to hack into. From USA Today,

A Princeton University computer science professor added new fuel Wednesday to claims that electronic voting machines used across much of the country are vulnerable to hacking that could alter vote totals or disable machines.

In a paper posted on the university’s website, Edward Felten and two graduate students described how they had tested a Diebold AccuVote-TS machine they obtained, found ways to quickly upload malicious programs and even developed a computer virus able to spread such programs between machines.

The marketing director for the machine’s maker — Diebold Inc.’s Diebold Election Systems of Allen, Texas — blasted the report, saying Felten ignored newer software and security measures that prevent such hacking.

Of course he is going to say that, he’s not going to admit one of his cash cows are not secure, and he has to get the uncertainty and doubt going on whether these tests were accurate or not.

Felten and graduate students Ariel Feldman and Alex Halderman found that malicious programs could be placed on the Diebold by accessing the memory card slot and power button, both behind a locked door on the side of the machine. One member of the group was able to pick the lock in 10 seconds, and software could be installed in less than a minute, according to the report.

The researchers say they designed software capable of modifying all records, audit logs and counters kept by the voting machine, ensuring that a careful forensic examination would find nothing wrong.

So, it sounds like it would be very easy to break into early in the voting process to make sure everything went “their” way. Election fraud is not new, it has been going on for years, but to what extent? Lots of people believe we had fraud in the presidential election when Gore lost Florida, and we’ve all heard the stories of people buying votes, dead people “voting” and people voting multiple times, but a commenter on Techdirt relayed just how easy it used to be to commit election fraud.

I used to prepare the old lever type voting machines for our local elections and talk about insecure! All I had to do while I was in the back of the machine is turn the counting wheel to start say at 1000 instead of 0 and this took no technical training or electronic hacking. At least the new electronic machines take technological savvy to pull off election fraud. The old machines could be rigged by a monkey. I just think a lot of this is fear of technology which always happens with anything new. I am in no way letting Diebold off the hook here. They should tighten up the security on these boxes but it always has been easy to pull off an election fraud.

Sounds like lots of testing needs to be done, as well as hiring people you think are trustworthy to man the polls. Election fraud will always be around because the positions are so important, so it’s crucial to start with good personel as well as secure equipment.

Added: After reading the rest of the comments, this commenter added something he read from the report,

The machine we obtained came loaded with version 4.3.15 of the Diebold BallotStation software that runs the machine during an election.1 This version was deployed in 2002 and certified by the National Association of State Election Directors (NASED) [11]. While some of the problems we identify in this report may have been remedied in subsequent software releases (current versions are in the 4.6 series), others are architectural in nature and cannot easily be repaired by software changes. In any case, subsequent versions of the software should be assumed insecure until fully independent examination proves otherwise.

Posted by Jimmy Daniels Posted in: Election Fraud, Politics, Security 3 Comments » September 2006

Al Gore Says the Internet Isn’t as Powerful as TV

He must be getting senile, I mean he invented the internet right? Hehe. He says the goal is to drive content from the Internet to the TV.

From Reuters,

Although the Internet is a democratizing force, television is still the most influential form of media and citizens ought to have more control over its programming, former U.S. Vice President Al Gore said on Sunday.

Gore, long an advocate of the information superhighway and now the owner of a U.S.-based current affairs TV channel that shows user-generated programs, also said the Internet is not yet technologically capable of replicating television’s power.

“Most of what’s happening in the encounter between television and the Internet has been the Internet cannibalizing television,” Gore told an annual gathering of British TV executives in Scotland.

“What is needed is to reverse the flow and find ways to use the Internet to give individuals access to the public forum, which is television,” he said.

Well, the Internet is more powerful than TV because of user generated content, be it YouTube, MySpace or even Geocities, we know more people have TV available than they do Internet, but that is changing everyday. As it gets cheaper and more and more devices access the internet, you may not even need a PC to see it. We have normal people breaking stories all over the place now, this type of stuff would not happen on television, although people can submit stories or information, they can’t use their own voice to tell it. On the Internet, they can create it just for themselves or their family, or for anyone who cares to watch or read.

I found this article via Jeff Jarvis’ Buzzmachine, in his article Jeff mentions “my West Virginia father”, so I think I will have to drop him an email and see if he is from the area, etc, you know the usual questions.

Posted by Jimmy Daniels Posted in: Politics, West Virginia No Comments » August 2006

Deleting Online Predators Act (DOPA) Passes the House

US House Resolution 5319, the Deleting Online Predators Act (DOPA), was passed by a 410 to 15 vote tonight. If the Resolution becomes law social networking sites and chat rooms must be blocked by schools and libraries on those institutions computers or the will loose their federal internet subsidies. And with a margin as big as that one, one would think it would pass the Senate easily as well.

So, if it passes, what does this mean? Will it be applied to blogs like this one, where you create a login and can describe yourself? Or will they apply it loosely and just block the big sites?

From Techcrunch,

An incredibly vague law, DOPA will require schools and libraries to block access to a potentially huge range of sites on the internet. The goal is to protect children from adult predators. Sites that must be blocked include those that allow people to post profiles, include personal information and allow “communication among users.”

Which would include all blogs, all chat rooms, news sites like News.com, shopping sites like Amazon, all the social sites, not just MySpace, but sites like Digg, Slashdot, Reddit, Facebook, but most of the talk has been about sites like MySpace. So, it makes you wonder, do they REALLY know what they are doing? If you’ve read any of my other posts, like the one from Senator Ted Stevens who is Senate President Pro Tempore, and is also Chairman of the Senate Committee on Commerce, Science, and Transportation, then you know how little some of these people know, and these are the people that are deciding the internet’s future right now, and this during an election year.

From Declan McCullagh at Zdnet,

Fitzpatrick’s re-election campaign is one reason why the Republican leadership, which is worried about retaining their slender House majority, arranged a vote on DOPA. Fitzpatrick, who represents a politically moderate district outside of Philadelphia, has found himself in a tight race against challenger Patrick Murphy, an Iraq War veteran and prosecutor.

Technology lobbying groups, which were taken by surprise by this week’s speedy approval of DOPA in the House, are now scrambling to throw up roadblocks to the measure in the Senate. Some expect that the Senate leadership will hold a vote as early as next week. (Libraries also oppose the measure.)

So the time is short for this one. I would say this one will end up in court, as one commenter on the Techcrunch site said,

U.S. Constitution: First Amendment
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.

Social Networking site are just peaceful assemblies. This is against our right to free speech.

Just one argument, and a good one, if you can get them to see that it is an assembly, even if it is one person on a computer at a time.

Posted by Jimmy Daniels Posted in: Blogging, Digg, MySpace, Online Predators, Politics, Security, Social Networks, Technology 2 Comments » July 2006