Most vote machines lose test to hackers

[Clark Kent]

Most vote machines lose test to hackers
By ping898 - Sun, 29 Jul 2007 18:22:31 GMT
Originally Posted at: Nephrites Citadel
====================

Not very surprising to me....
http://www.sfgate.com/cgi-bin/articl.../28/VOTING.TMP

Quote:

State-sanctioned teams of computer hackers were able to break through the security of virtually every model of California's voting machines and change results or take control of some of the systems' electronic functions, according to a University of California study released Friday.
The researchers "were able to bypass physical and software security in every machine they tested,'' said Secretary of State Debra Bowen, who authorized the "top to bottom review" of every voting system certified by the state. Neither Bowen nor the investigators were willing to say exactly how vulnerable California elections are to computer hackers, especially because the team of computer experts from the UC system had top-of-the-line security information plus more time and better access to the voting machines than would-be vote thieves likely would have.

......


The study was designed to discover vulnerabilities in the technology of voting systems used in the state. It did not deal with any physical security measures that counties might take and "made no assumptions about constraints on the attackers,'' Bishop said.
"The testers did not evaluate the likelihood of any attack being feasible,'' he added.
Some county elections officials in the state were among the most critical of the study, saying they worry that they could be forced to junk millions of dollars in voting machines if Bowen decertifies them for the February election.
Letting the hackers have the source codes, operating manuals and unlimited access to the voting machines "is like giving a burglar the keys to your house,'' said Steve Weir, clerk-recorder of Contra Costa County and head of the state Association of Clerks and Election Officials. The study also determined that many voting systems have flaws that make it difficult for blind voters and those with other disabilities to cast ballots.


...

"The vendors appeared to have designed systems that were not high assurance (of security)," said Bishop, a recognized expert on computer security. "The security seems like it was added on.''
In my experience, the last part is typical of most systems


Read More...


------------------------------------
Nephrites Citadel - SciFi/Fantasy/Anime and More!

 

[Sukerkin]

Not to be a scare-monger but, bearing in mind that I've been an enthusiast of computer systems since the old 8-bit days and that I am what is considered to be a professional in the field, I have no faith in computer security at all.

The only safe system is a non-connected one.

Oh and the comment made about handing a thief the keys to your house is a valid one ... except that the response would be "No thanks, I don't need them!".

 

[Bob Hubbard]

It's nice they are just figuring this out. The geek community has been reporting it for over 3 years.

 

[Gordon Nore]

...The only safe system is a non-connected one.

Oh and the comment made about handing a thief the keys to your house is a valid one ... except that the response would be "No thanks, I don't need them!".

I'm a fan of the paper ballot in the folded-up cardboard box with a seal. Scrutineers representing the candidates observe election staff making their counts. It's slower, but it's all out in the open. That's how they do it federally and provincially here.

For municipal elections in Toronto, they give us a ballot where you pencil in beside your candidates' names and that goes straight into a scanner. The ballot is kept, though, for recounts

A system where there is electronic data that cannot be observed is as worrisome, to me, as the dimpled chad.

 

[Ping898]

The only safe system is a non-connected one.

Sadly not even that is tru because people take something like a usb that has been on a connected system and plug it into a previously non-connected on. Seriously the only safe system is one that is never plugged in....

 

[DavidCC]

back in the 90s I worked for a company the sold ballot counting systems.

The machines worked by couting paper ballots. "Use your #2 pencil to fill in the oval..." it was a spin-off of the SAT scoring technology actually.

We would receive the stack of ballots for a particular county. You may not realize it but every county has a number of possible ballots. Think of all the things being voted on: state legislature, sewer district issues, national elections, city elections... each has it's own jurisdiciton. Superimpose each of those jurisdictions on a map of the county, it makes a mosaic of interlocked "splits" as they call them.

State Leg District 3, Sewer District 1, inside city limits
State Leg District 3, Sewer District 1, outside city limits

have different ballots.

Some counties have 100s of ballots.

anyway, we programmed a chip that was plugged into the motherboard of the counting machine so it knows how to recognize and score each piece of paper.

On election night the paper ballots are gathered and brought to the courthouse and then counted. The machines printed a report of results, and could save the results to a tape. That was all. No electronic inputs of any kind.

Customers often asked for interface to their PC but the answer was always NO because we felt the security was mroe important. That was 15 years ago they may have changed their mind by now...

We never could get certified in Florida because our biggest competitor was based there, and in fact their Secretary of State has old ties with the company... I guess we all know how well that system worked LOL.

 

[14 Kempo]

I agree with most, the only safe system is one that the power is turned off. It doesn't matter what you do, if you sit it down in front of a room full of hackers, they will find a way in ... to me, being in the industry, it is only obvious ... a human built it, a human can break it ... nothing is truly safe.

 

[Kacey]

The more parts something has - hardware or software - the easier it is to jimmy the system.

The more someone says "it can't be done", the more someone out there is going to want to do it.

These 2 concepts make me very nervous about computerized voting.

 

[Mr. E]

The push for computer voting systems became popular due to the problems with the 2000 elections and the idea of hanging chads, correct? Well it looks like whoever gets elected using computers will always be accused of monkeying with the programming by someone.

And Americans should realize that the real threat probably is not the Republicans or the Democrats trying to steal the election by hacking the system.

There are millions of computer users all over the world that hate America and would do what they could to give it grief. And that is not even taking into account the idea of Chavez or someone like that organizing bands of hackers to try to change results, or at least cause some damage.

With all the trouble we see with computer viruses, we have to admit that there are people that like to just cause trouble for as many people as they can. And this would be the Holy Grail for them.