Latest Post | Last 10 Posts | Archives
Previous Post: Stupidest controversies ever
Next Post: Question of the day
Posted in:
* When the Argonne National Laboratory says there’s a real problem, I tend to pay attention…
It could be one of the most disturbing e-voting machine hacks to date.
Voting machines used by as many as a quarter of American voters heading to the polls in 2012 can be hacked with just $10.50 in parts and an 8th grade science education, according to computer science and security experts at the Vulnerability Assessment Team at Argonne National Laboratory in Illinois. The experts say the newly developed hack could change voting results while leaving absolutely no trace of the manipulation behind.
“We believe these man-in-the-middle attacks are potentially possible on a wide variety of electronic voting machines,” said Roger Johnston, leader of the assessment team “We think we can do similar things on pretty much every electronic voting machine.” […]
Almost all voters in states like Georgia, Maryland, Utah and Nevada, and the majority of voters in New Jersey, Pennsylvania, Indiana and Texas, will vote on DREs on Election Day in 2012, says Flaherty. Voters in major municipalities such as Houston, Atlanta, Chicago and Pittsburgh will also line up in next year’s election to use DREs of the type hacked by the Argonne National Lab. […]
“This is a fundamentally very powerful attack and we believe that voting officials should become aware of this and stop focusing strictly on cyber [attacks],” says Vulnerability Assessment Team member John Warner. “There’s a very large physical protection component of the voting machine that needs to be addressed.”
The team’s video demonstrates how inserting the inexpensive electronic device into the voting machine can offer a “bad guy” virtually complete control over the machine. A cheap remote control unit can enable access to the voting machine from up to half a mile away. […]
This type of attack is particularly troubling because the manipulation would occur after the voter has approved as “correct” the on-screen summaries of his or her intended selections. Team leader Johnson says that while such an attack could be mounted on Election Day, there would be “a high probability of being detected.” But he explained that the machines could also be tampered with during so-called voting machine “sleepovers” when e-voting systems are kept by poll workers at their houses, often days and weeks prior to the election or at other times when the systems are unguarded.
* From ComputerWorld…
Johnston said the machine is “incredibly easy to tamper with” because all the crucial electronic components are accessible and can be easily modified. The Accuvote TS’ enclosure isn’t tamper resistant so hjackers can work on the machine without leaving visible signs, he added.
“All we had to do was find out what the machine was doing in terms of communication,” Johnston said. “We just had to understand the various components and how the data was being sent. We needed to understand what signal had to be sent to fool the machine into thinking the voter had touched the screen at a particular location.”
The experiment shows that e-voting systems are susceptible to more than just cyberattacks, which get the most attention but are harder to pull off as the perpetrators must have some knowledge of the machine’s software, hardware and firmware.
The so-called man-in-the-middle attacks don’t require knowledge of the voting machine’s proprietary software or hardware, Johnston said. “All you need to do is understand the communication between the different parts of the system. Then you just sit there and listen and do whatever mischief you want to.”.
* CNet…
Although it wouldn’t take a nation-state to pull of a successful attack, he said. Someone with limited computer science knowledge and electronic parts costing about $25 could do it, without needing to even solder anything and leaving no trace behind, according to the researchers.
E-voting systems have been plagued by criticism about security issues, so much so that elections officials in various states have abandoned touch-screen systems over security and fraud concerns.
Dominion Voting Systems, which now owns Diebold and Sequoia, did not respond to a phone call and e-mail seeking comment from CNET this afternoon. E-voting system vendors in general have argued that security problems identified are either overly theoretical or have been fixed with hardware and software updates.
Previous demonstrations of e-voting hacks involved cyber attacks where knowledge of the operating system and hardware were required, according to Johnston. However, that was not the case in these demonstrations, he said.
“It would be pretty easy to pull off,” Johnston said. “The bigger concern is that this attack is so straightforward. It suggests that there hasn’t been much thinking about security in these voting systems.”
While it would be relatively easy to make this type of attack more difficult to do by making modifications to the voting machine, stopping the attack cold would require more effort and a “careful examination of the security protocols used,” he said.
posted by Rich Miller
Thursday, Sep 29, 11 @ 4:49 am
Sorry, comments are closed at this time.
Previous Post: Stupidest controversies ever
Next Post: Question of the day
WordPress Mobile Edition available at alexking.org.
powered by WordPress.
This is a bigger problem than most people realize and it’s been all too easy to dismiss it as a concern of the tin-foil hat people. Election stealing is a grand old American tradition, and computerizing the process simply mean that you needn’t have an organized crew of precinct workers behind you to do it. Just one or two people in the right position suffice.
For those wanting to explore the issue a bit further, see
http://www.blackboxvoting.org/
Incidentally, the old punch card machines could be programmed to miscount votes, too, but it wasn’t quite so easy.
be well,
bob roman
Comment by Robert M Roman Thursday, Sep 29, 11 @ 6:25 am
This is kind of old news, like 5+ years. Google it to replace “Can be done” to “Was done”.
Comment by MCgone Thursday, Sep 29, 11 @ 6:58 am
You could still catch it on audit if the paper trail (the printed votes) didn’t end up matching the count the machine provided. But that is a big if and most of the machines are not audited.
So what can you do…
encourage the use of the paper ballot option (little black circles) if that is an option, it is easier to audit.
You could do a machine inspection before they are sent out (including opening) with party representatives who know what to look for ( a finite list) and close the machine up with multiple seals. You could also put some sort of seal on the connectors (where they middle attack connects) so if the connection has be modified it would be noticeable.
Nothing I propose will solve this, just make it harder to do.
Comment by OneMan Thursday, Sep 29, 11 @ 7:22 am
this has been known for some time (in fact, almost immediately after most of these machines had been purchased with HAVA help). the DRE machines have *always* been found to be the most insecure — one pentest analysis back in the early 2000s found them to be less secure than the computer found in most homes. when the security of electronic machines was first tested, sequoia was found to be the most secure, but pentests have since been done that have found holes in sequoia machines (i believe sequoia also had ownership issues that many counties in this country would find difficult). iow, no electronic voting machine in this country has passed a penetration tests — and the flaws are widely known. the only security we have with these machines is the human in charge of them (kind of makes you wonder about the prosser miracle, doesn’t it?).
however, voting is such a low priority for those who provide the money to boards of elections that nothing is likely to change. that’s just a fact. we can hoo and ha all we want, but we’re americans and we want our election results fast (immediately) for the lowest possible cost. we have the voting systems that provide quick results for a really low cost; whether or not our votes are vulnerable to alteration is simply not something we care about…
Comment by bored now Thursday, Sep 29, 11 @ 7:27 am
Security for the voting system has always been predicated on securing people and equipment. Just as an alarm system on your house is worthless if you don’t close your window. Equipment should be stored in a sealed room with video cameras.
A paper trail is critical because it puts a huge barrier to committing fraud and enhances the confidence of the public. Post election audits should be always be done to create an even larger disincentive.
Comment by Elect Me Thursday, Sep 29, 11 @ 7:39 am
Kinda makes you long for the hanging chad
Comment by Michelle Flaherty Thursday, Sep 29, 11 @ 8:17 am
Way too hi-tech for me.
I prefer the old fashion way of precinct captains and party hacks stuffing the boxes. Nice, easy, and no one had an advantage over the other guy.
That’s the Chicago way.
Comment by Moot Thursday, Sep 29, 11 @ 8:25 am
all precincts must be located in old bank buildings and put the unit within a lead lined vault. my hackers can beat your hackers! honestly, it all sounds so true and that we are powerless that one can only laugh. there is no election watch dog group around.
Comment by amalia Thursday, Sep 29, 11 @ 8:27 am
As pointed out by others above, this is old news. The computer trade press has carried stories of this type for many years. Security with almost all of the electronic voting systems are poor. The details differ between machines (make and model) but all of the major brands appear to have one or more security issues. The video points to multiple issues in the hardware of the system being tested. There are probably potential problems with the software in the machines micro processor of the machine shown (but not which were not tested for).
Comment by Left Out Thursday, Sep 29, 11 @ 8:27 am
As always, The Onion was on top of this story early:
Diebold Accidentally Leaks Results Of 2008 Election Early
Comment by Anonymous Thursday, Sep 29, 11 @ 8:27 am
And we were worried that Beck would not have a global disaster to rant about between his gold scam commercials.
Thanks Capt Fax
We will route this to The Blaze and urge usage on radio show
Comment by CircularFiringSquad Thursday, Sep 29, 11 @ 8:40 am
We’ve squandered gazillions of dollars on this. Way past time to give it up.
Optical scanning. So totally retro, it’s cool!
We’ve all been darkening ovals since high school.
Simple. Cheap. Familiar. Proven. And, at no extra cost — a paper trail!
Next!
Comment by Dooley Dudright Thursday, Sep 29, 11 @ 8:54 am
I’d like to hear from David Orr, the Cook County Clerk. Does he dismiss or ignore the vulnerability of his machines? Or has he taken appropriate security measures?
Comment by reformer Thursday, Sep 29, 11 @ 8:58 am
==You could still catch it on audit if the paper trail (the printed votes) didn’t end up matching the count the machine provided. But that is a big if and most of the machines are not audited.
The counts are audited every election in the vast majority of districts so this happens already–the problem comes in if the hacker is switching votes instead of adding votes.
The best option are optical scan ballots. The counting machines can still be tampered with, but you have direct voter actions determining the paper trail to check it with. They also have a lower error rate than touch screens.
Part of the issue why local agencies have moved towards the touch screen is HAVA requires ADA compliance and visually impaired individuals are best served by the touch screens. Some minor tinkering and you could fix this issue though.
Comment by ArchPundit Thursday, Sep 29, 11 @ 9:10 am
I am gad they caught this.
It seems like an simple fix, weld the device closed and line it with lead or someting to block radio signals. This way it can not be opened up, and even if it was a radio signal would not be able to penetrate/operate within the device.
Of course tin foil hats help block radio signals as well….
Comment by Ghost Thursday, Sep 29, 11 @ 9:13 am
I was looking at a brochure from David Orr’s office last Saturday and noticed that they claim to randomly audit a sample of precincts each election by hand. I understood it to mean they checked the paper votes by race against the machine votes and not a simple count total.
Comment by MikeMacD Thursday, Sep 29, 11 @ 9:19 am
This does not reveal any new information, nor does it propose any solutions.
It is not hard to make the externals tamper resistant after an inspection. I wonder why it has not been done anyway.
All systems can be tampered with. Paper ballots can be stuffed, electronic systems compromised. Where do we go from here/
Comment by Plutocrat03 Thursday, Sep 29, 11 @ 9:25 am
The equipment is turned in pretty quickly after the polls close (by a pair of poll workers - one D and one R).
The added gear inserted into the machines ought to be found when the machines are serviced following the election. The video assertion that the added gear could be removed after teh election and leave no trace is dubious - unless all of the poll workers were involved in the conspiracy and there are no non-conspirator pollwatchers at the polling place.
The level and breadth of the conspiracy needed to pull off stealing an election in this fashion is such that it is unlikely to occur - and if it did, it would be enough of a conspiracy to be able to steal an election regardless of the system used.
Comment by titan Thursday, Sep 29, 11 @ 9:48 am
In the 45th Ward 30 votes separated the two candidates. The loser declined to challenge because Illinois law is draconian. The loser has to pay ridiculous costs, including the other side’s legal fees.
While Illinois does have a paper record of elections, I’m not aware of the paper record ever being bounced against the electronic record.
Illinois should implement a system of spot checks, by *an outside auditor* to make sure there are no hiccups.
And there should be a margin of victory that triggers an automatic recount at no cost to the other side.
BTW, the guy I was supporting won in the 45th Ward, but still, it seemed like the other guy was entitled to a recount, if only to assuage his paranoia.
Comment by Carl Nyberg Thursday, Sep 29, 11 @ 10:14 am
Plutocrat3–I agree.
There will never be a tamper-proof system. As long as someone wants to manipulate it, they’ll find a way.
However, if it only costs a few bucks and a junior-high knowledge, it’s far too easy.
Comment by Regular Reader Thursday, Sep 29, 11 @ 10:23 am
The optical scan machines do work well, however, a change in law a year ago or so required the machines to kick out the ballots if undervoting occurred, even though a person can legally cast an empty ballot. This now requires the Election Judge to manually override the undervoted ballot so the machine will accept it…a real pain in a busy election. So, electronic machines have become the favored method in voting because it eliminates the need for manually doing anything, since the touch screens will tell you if you’ve undervoted or overvoted, and allow for correction or casting the ballot as is…which can be hacked…
Comment by Captain Illini Thursday, Sep 29, 11 @ 10:29 am
Another great idea from the fertile mind of Al Gore! Seriously, for all of the complaints leveled against punch card ballots that method of voting was cheaper and more efficient than all of the electronic systems. Pat Quinn may be serving as governor because the computers could not be reprogrammed to remove Schillerstrom from the GOP primary ballot after he withdrew as an active candidate. Maybe Dillard would have picked up a few votes from Du Page that were miscast and Brady would not have been nominated.
The same problem exists for challenges to candidates with faulty nominating petitions. If the legal challenges eat up too much time, the election authorities cannot reprogram the computers and can only “suppress the votes.” This means that voters can enter the polling booth and cast votes for candidates who were either disqualified or withdrawn, but their names are still on the machines. In essence, votes end up being wasted on scratched candidates. Under the old system, a printed label or a piece of electrical tape was all that was needed to fix the ballot book.
Comment by Esquire Thursday, Sep 29, 11 @ 10:33 am
Nothing new.
You don’t need to line them with lead, just some of the special paint that defeat RFI emissions (it was used on the plastic case of the original PC Jr). Similar paints are part of the Stealth technology; it’s just expensive.
Given the current state of the technology and desire for low cost, multiple seals pre-election and immediate post-election inspections are the way to go.
Comment by Retired Non-Union Guy Thursday, Sep 29, 11 @ 10:45 am
It’s not a bug in the system, it’s a feature.
Comment by 47th Ward Thursday, Sep 29, 11 @ 11:03 am
The Bush Justice Department spent eight years looking for vote fraud to justify implementing measures to disenfranchise voters who tend to vote Democrat.
What did they find? Some registration fraud and that was about it.
Now, have we ever had the Justice Department scrutinize Florida in 2000? Ohio in 2004? The GOP wave of disenfranchising voters across the country since the 2010 elections?
Comment by Carl Nyberg Thursday, Sep 29, 11 @ 11:09 am
It’s not a flaw, it’s a feature.
Comment by Bluefish Thursday, Sep 29, 11 @ 11:11 am
Folks. It’s a computer. Of course it can be compromised. It shouldn’t be this easy tho. But, it’s unlikely that anyone will be able to guarantee a computerized system won’t be hacked.
Comment by sal-says Thursday, Sep 29, 11 @ 11:12 am
Oops, didn’t see 47th’s snark before I posted.
Comment by Bluefish Thursday, Sep 29, 11 @ 11:12 am
Illinois requires a paper trail for the voter can check who they voted for.
Without the software to actually cast the votes how do we know what they say is correct.
Not a true test of the system…..
Comment by Feed up Thursday, Sep 29, 11 @ 11:14 am
Great minds, Bluefish.
Comment by 47th Ward Thursday, Sep 29, 11 @ 11:16 am
@ Ace
I’m surprised no one else has asked this yet, but could you provide documented evidence of vote fraud? We always hear about how this is an epidemic, yet never see the actual cases. I’m all for making sure we have secure and valid elections, but rumormongering partisan accusations in no way helps the situation.
Comment by Colossus Thursday, Sep 29, 11 @ 11:18 am
So if some teen with $20 can pull this off, I guess we can look forward to the administration of Pres. Seymour Butz.
Comment by wordslinger Thursday, Sep 29, 11 @ 11:20 am
Or the election and street naming for beloved mayor Harry Baalz…oh wait.
Comment by Happy Returns Thursday, Sep 29, 11 @ 11:29 am
Word — I believe that, when he runs, he will use the more dignified S. Monkey Butz.
Comment by soccermom Thursday, Sep 29, 11 @ 11:31 am
Saw Johnston at an IEEE meeting last year where he showed off some of his group’s very creative, but usually quite mundane, hacks on voting machines and other systems. Not surprised by their latest discovery. Are voting system manufacturers required to at least follow the NIST recommendations on voting system security? No system will ever be foolproof, but there needs to be somebody knowledgeable looking over the manufacturers’ shoulders to double-check things to make sure they’re at least putting forth a good faith effort at securing the votes.
Comment by Stimson Thursday, Sep 29, 11 @ 11:39 am
Use touchscreen to print a paper ballot that gets deposited in the ballot box.
The day after every election randomly select a certain percentage of precincts to do a complete hand count to ascertain whether touchscreen totals match hand count totals.
Comment by Bill White Thursday, Sep 29, 11 @ 12:01 pm
Electronic voting machines should be banned, period. Unless there’s a paper trail there’s no way to actually count the votes. The systems that let people darken a circle, then let a machine scan it offers the best of electronic systems, while keeping a physical paper trail.
Comment by Downstate Illinois Thursday, Sep 29, 11 @ 12:03 pm
I have it on good authority that the Cook County Board recently authorized a series of no bid contracts with Radio Shack to purchase universal TV remote controls and miscellaneous electronic components.
Comment by Cook County Commoner Thursday, Sep 29, 11 @ 12:09 pm
@Downstate Illinois - under federal law, each polling place has to have at least one electronic device (for purposes of handicaped accessability in the voting process - the electronic devices have the headphone systems for the blind and the sip & puff systems for the paralyzed)
Comment by titan Thursday, Sep 29, 11 @ 12:36 pm
Thank God there are articles and videos about how to rig these things. I’m sure the County Clerk offices still using dial-up will get right on this problem…
Comment by Dirty Red Thursday, Sep 29, 11 @ 12:45 pm
All the HAVA cash has long been spent. What we’ve got now is what local governments are going to have to live with for a really long time.
And not only that, the costs for all these “electronic marvels” are outlandish.
As it is, with provisional ballots and all the other nonsense, the average election cycle has a minimum potential two week ‘tail’ beyond election day itself.
I’m not near as concerned about the hacking of these machines. First off, you got to get access to the units, and then open up the boxes, and then patch in the components. Sounds simple, but it’s not in most places.
I’m personally much more concerned with somebody using Neodymium Magnets to scramble the brains of a unit on election day (or worse, what if they screw up/MUNGE (Mashed Until No Good) 8-10 units at all different locations).
Can see it now - Homeland Security outlaws Neodymium Magnets as being a National Security issue.
Comment by Judgment Day Thursday, Sep 29, 11 @ 2:15 pm
Like most commenters I don’t see what the big deal is. This is why the law also requires a hard copy of the vote, so that it can be double checked and verified the days after the vote, right? If someone “hacked” the system so their candidate would win, it would only take a couple days to realize the fraud, right?
Comment by Just Me Thursday, Sep 29, 11 @ 2:17 pm
‘Scuse me for a minute while I polish up my tinfoil hat. Ah, yes, fits as tight as I remember.
These machines, and any voting machines that are computerized and that do not involve an actual piece of paper on which a voter physically inscribed their choices, are a massive danger to our democracy and should be forever banned. There are no shortage of examples demonstrating the ability of votes to be hacked on these things. Personally, I would like to see a pure paper ballot system, where the voter marks their choices and then human beings count the results by hand, with representatives of all parties observing the process. Sure, maybe we’d have to wait a few days for results, but that seems a small price to pay.
The head of Diebold sent a fundraising letter in 2004 in which he told Ohio Republicans that he was committed to delivering Ohio’s electoral votes to President Bush. Bush won that state by a squeaker, and we got four more years. Nope, nothing to see here. Right. That should scare the hell out of everyone.
Republicans haven’t seemed to mind these machines much, since any election irregularities caused by these things seem to benefit Republican candidates (Google it). But the message of the corruptability of these machines needs to be shouted out by everyone of all parties, and they need to be sent to the garbage pile. If not, elections won’t reflect how people voted; they’ll reflect who was better that cycle at manipulating the technology.
Comment by TwoFeetThick Thursday, Sep 29, 11 @ 2:19 pm
Hmm Diebold? Don’t they make ATMs as well. Banks and ATMs can track and transfer millions and billions of dollars accurately and securely but they/we can’t do the same for voting systems…
Comment by WAK Thursday, Sep 29, 11 @ 3:18 pm
@twofeetthick - Illinois does not permit any voting machine without a papertrail.
Comment by titan Thursday, Sep 29, 11 @ 10:34 pm
Equally disturbing is that this hack took place at Argonne Lab, located in DuPage, the same county considered one of the worst places to vote in America according to Black Box Voting.
Prior to the DuPage County Election Commission’s vote of the Diebold TSx touch-screen machines in 2005, citizens showed up in droves to give public statement against the machines. Not a single citizen was in favor of these machines, stating that they were not secure, not accurate, not properly tested, premature and most of all, not transparent. Hundreds of letters were sent from people unable to attend the weekday board meetings. The Election Commission receptionist refused to transfer phone calls from citizens concerned about the Commission’s intentions.
The vote for the Diebold TSx touchscreen passed 3-0. After their vote, the Commission made a statement to the press that our concerns of citizens were based on “rumor and innuendo.”
Dozens of Illinois counties followed DuPage’s lead and also voted for the Diebold touch screen.
Later we learned that the DuPage County Election Commission chairman, Rick Carney, was close friends and crony with the Diebold distributor at that time. This distributor had made campaign contributions to Carney while he was the county recorder, including $9,000 toward Carney’s lavish retirement party held just one year prior to the Diebold vote.
Comment by Anonymous Friday, Sep 30, 11 @ 9:14 am
Just ask the DuPage Election Board’s contracted spokesperson, Dan Curry, to ease your fears. He’s probably working on a smear campaign against Dr. Roger Johnston at Argonne this very moment.
Comment by Anonymous Friday, Sep 30, 11 @ 9:54 am