Wednesday, June 01, 2005

Hacked Three Ways 

It goes without saying that computerized touchscreen voting is a patent menace to democracy: because the machines offer no paper trail, there is no possibility of a recount, and vote-tampering, should it take place, can never be detected. The disturbing news is that paper ballots are not necessarily safer. Bev Harris and the Black Box Voting team have recently demonstrated that Diebold's optical-scanning machines are frighteningly susceptible to data manipulation by hackers. The fact that paper ballots exist is no defense against fraud, because state regulations often prohibit election officials from undertaking a hand recount:
"Are we having fun yet?"

This is the message that appeared in the window of a county optical scan machine, startling Leon County Information Systems Officer Thomas James. Visibly shaken, he immediately turned the machine off.

Diebold's opti-scan (paper ballot) voting system uses a curious memory card design, offering penetration by a lone programmer such that standard canvassing procedures cannot detect election manipulation.

The Diebold optical scan system was used in about 800 jurisdictions in 2004. Among them were several hotbeds of controversy: Volusia County (FL); King County (WA); and the New Hampshire primary election, where machine results differed markedly from hand-counted localities . . . .

The Black Box Voting team proved that the Diebold optical scan program, housed on a chip inside the voting machine, places a call to a program living in the removable memory card during the election. The demonstration also showed that the executable program on the memory card (ballot box) can easily be changed, and that checks and balances, required by FEC standards to catch unauthorized changes, were not implemented by Diebold -- yet the system was certified anyway.
Three simple hacks, all demonstrated onsite by the Black Box team, that could swing -- and may have already swung -- an election:
1. An altered memory card (electronic ballot box) was substituted for a real one. The optical scan machine performed seamlessly, issuing a report that looked like the real thing. No checksum captured the change in the executable program Diebold designed into the memory card.

2. A second altered memory card was demonstrated, using a program that was shorter than the original. It still worked, showing that there is also no check for the number of bytes in the program.

3. A third altered memory card was demonstrated with the votes themselves changed, showing that the data block (votes) can be altered without triggering any error message . . . .

None of the attacks left any telltale marks, rendering all audits and logs useless, except for hand-counting all the paper ballots.

For example, Election Supervisor Ion Sancho was unable to tell, at first, whether the poll tape printed with manipulated results was the real thing. Only the message at the end of the tape, which read "Is this real? Or is it Memorex?" identified the tape as a tampered version of results.

In another test, Congresswoman Corrine Brown (FL-Dem) was shocked to see the impact of a trojan implanted by Dr. Herbert Thompson. She asked if the program could be manipulated in such a way as to flip every fifth vote.

"No problem," Dr. Thompson replied.
Elsewhere, our venerated colleague Avedon Carol strongly recommends that you have a look at this.

| | Technorati Links | to Del.icio.us