Want To See How Easy It Is To Hack An Election?
from the have-a-look-see dept
It seems like every few months, well respected security researchers come out with yet another report about just how insecure various e-voting machines are. The amazing thing is how hard the various e-voting companies have fought against allowing these researchers to look at their machines, always insisting that the federal certification process (the one that's were later shown to have not done a very good job testing the machines) was fine. Of course, even the Government Accountability Office has admitted that the federal certification process sucks.One of the complaints that the e-voting firms have had about having independent security researchers testing the machines is that those tests are not in real world conditions. In fact, we had a commenter from one of the e-voting companies who insisted that these independent tests were useless because:
The point people often miss, which is left off of the conspiracy blogs, is that all of these 'hacking' attempts that are requested are made to do so in some sort of vacuum. In some obscure room where a gang of hackers get together and try to penetrate the system with unlimited resources. In any election, paper or fully electronic, there are procedural and security measures taken that complement and supplement the security features of the system itself. This is in addition to internal and system-independent, pre- and post-election audit features.That's really rather meaningless, because if it were true, then that info would also come out in those independent research reports. However, even that comment turns out to be untrue. As a few folks have submitted, some security researchers at UCSB have demonstrated not just how insecure Sequoia's e-voting systems are, but they've shown how easy it is to hack an election with a pair of videos that you can watch right here (if you're in the RSS feed, click through to see them):
The video also shows why paper ballots are hardly a solution, as the second video shows how the malware included in the software can be set to void out legitimate votes and replace them with fake votes, in a variety of different scenarios, almost all of which are likely to go undetected. This is a hugely damning report -- and it comes against a company that has fought so hard against having its machines tested by independent security experts. While some may say that this shows why they didn't want it tested -- it should concern anyone who believes in free and fair democratic elections that we're using such insecure voting machines.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: e-voting, security, vulnerabilities
Companies: sequoia
Reader Comments
Subscribe: RSS
View by: Time | Thread
The Dem's have a rule: Either we Win or you cheated, be it debates, elections...
Notice that they only whine about cheating when they lose,
The Dem's won for the most part in 2006, and suddenly all the concerns about voter disfranchisement and voting machines magically evaporated into thin air.
[ link to this | view in chronology ]
Re: The Dem's have a rule: Either we Win or you cheated, be it debates, elections...
Since when were dems the corrupt ones and not both sides?
Man, wake up from your political vacuum.
Meanwhile, I believe it was Ohio or Florida that says that they are not going to change their voting machines regardless. Not that it matters anyway since electoral college decides the vote, not the people.
[ link to this | view in chronology ]
Re: Re: The Dem's have a rule: Either we Win or you cheated, be it debates, elections...
That's a load of manure
Who complained the loudest in 2000, 2004?
[ link to this | view in chronology ]
Re: Re: Re: The Dem's have a rule: Either we Win or you cheated, be it debates, elections...
[ link to this | view in chronology ]
Re: Re: Re: The Dem's have a rule: Either we Win or you cheated, be it debates, elections...
Who gives a shit? I do!
[ link to this | view in chronology ]
Re: Re: The Dem's have a rule: Either we Win or you cheated, be it debates, elections...
Yes, election success or failure depends on electoral votes, not the popular vote, and yes it is *possible* that electoral votes can be cast differently than the popular vote within the electoral college district. However, the hanging chads and other recounts would seem to defy that assertion. Individual votes *do* count and the people ultimately decide the electoral votes (at least given our current system and precedents).
[ link to this | view in chronology ]
Re: Re: The Dem's have a rule: Either we Win or you cheated, be it debates, elections...
I suggest the mature among us do not allow ourselves to be baited off-topic with immature and pointless diversionary tactics like this. The voting machines are in question, regardless of the winners of the elections. AFTER you address the inequities and known security lapses, THEN you follow who benefited and try to establish motive, scope and follow the trail to who should be held accountable for alleged illegal acts. I'm not saying there WAS any criminal culpability, but if there turns out to be (regardless of whom or how high reaching), rest assured I will be among the most vocal to seek the justice that this country's principals and reputation dictate.
[ link to this | view in chronology ]
Re: Re: Re: The Dem's have a rule: Either we Win or you cheated, be it debates, elections...
A long diatribe filled with vindictive statements should make everyone question your maturity.
[ link to this | view in chronology ]
Re: Re: Re: Re: The Dem's have a rule: Either we Win or you cheated, be it debates, elections...
[ link to this | view in chronology ]
Re: Re: Re: Re: The Dem's have a rule: Either we Win or you cheated, be it debates, elections...
Democrats haven't won an election since these were put in use, but let me be the first to tell you that after they win the upcoming election, there will be no less attention paid to the problem that is electronic voting machines.
2006 you say the dems won and we forgot about these problems... Again, words can't describe how stupid you sound. This is 2008 and we're reading an article about the same problem you said was dropped 2 years ago... The american people are complaining, not the democrats, and they have every reason to. There's absolutely no reason why something so critical couldn't be open sourced and examined for flaws, faults, bugs, and exploits by the whole world....
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: The Dem's have a rule: Either we Win or you cheated, be it debates, elections...
The bastards sold us out.
[ link to this | view in chronology ]
Re: Re: Re: Re: The Dem's have a rule: Either we Win or you cheated, be it debates, elections...
Or, you could prove your assertions, rather than just making unsubstantiated claims.
For example, you could cite a peer-reviewed study profiling 1,000 or so races (local to national) and correlating claims of malfeasance with party affiliation.
Until you supply such proof, though, you have no basis for griping about others' comments regarding your at-present baseless claims. Provide proof.
[ link to this | view in chronology ]
Re: The Dem's have a rule: Either we Win or you cheated, be it debates, elections...
This here is a non-biased, factual report, on the inadequacies of electronic voting machines. And you sir, again, are a complete douchebag.
[ link to this | view in chronology ]
Re: Re: The Dem's have a rule: Either we Win or you cheated, be it debates, elections...
[ link to this | view in chronology ]
Re: The Dem's have a rule: Either we Win or you cheated, be it debates, elections...
[ link to this | view in chronology ]
Re: The Dem's have a rule: Either we Win or you cheated, be it debates, elections...
The talk about insecure voting machines is a year round discussion. For anyone in the security field, it is more than a discussion and goes well beyond partisan views.
Anyone making this out to be an issue of partisan has their priorities mixed up. The point, period, is that your vote could be compromised. I understand many people could care less, or that many people think it doesn't matter much due to the electoral college - but to many people, it is a big deal that their vote is counted, and counted correctly.
The party you belong too (if any) doesn't matter on an issue such as this. So please, stop making it out to be that way. It does nothing more than make you look ignorant and under educated. Rather than a political debate, I would rather see secure voting boxes.
Heh.
[ link to this | view in chronology ]
Re: The Dem's have a rule: Either we Win or you cheated, be it debates, elections...
[ link to this | view in chronology ]
please don't use knee jerk partisanship to subvert an important discussion
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Did you actually read the article, or did you just come in here to stir up some partisan dredge? Go back to digg or fark or wherever it is you came from. The grown ups are talking.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Ans to "Why only when dems win?"
p = democrat cheat machine
q = republican cheat machine
r = republican win
d = democrat win
If the republican always cheats, then they can never complain since it will also show their attempt or actual cheat.
There is no discussion of what happens when both cheat. It is probably that last one loaded that conquers. So, call it 50-50 chance which way the machine goes. Hence if p&q then no cry to complain.
If the democrat always cheats and the republican does not, then democrat wins. I.e., if p & not q then d. Republicans could complain, and maybe does.
If the republican always cheats and the democrat does not, then the republican wins. I.e., if not p & q then r. Democrats could complain, and often do.
Now look at the recent history and see what matches the logic best. You decide.
[ link to this | view in chronology ]
Re:
The onus should be on both sides to clean this crap up.
[ link to this | view in chronology ]
-- Joseph Stalin {Iosif Vissarionovich Dzhugashvili}
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Oh no, Not again!
So the arguement that paper is superior is ridiculous. If someone has full access to machine they would also have full access to the paper ballot and be able to switch out results as they see fit. This is just a scare tactic which is utilized in politics.
This is not an internet hack. Where someone 3 countries away can remote into the system and hack it. The network is entirely stand alone. And requires a hacker to get up close and personal with a machine. While it can be done. The chances of success are a gigantic longshot. If you want to play the odds game.. Your more and likely going to encounter fraud with paper ballots. Because any fool can swap out paper ballots. This hack requires some kind of a skill set. So your chances for fraud a greater for paper.
[ link to this | view in chronology ]
Re: Oh no, Not again!
With paper there's a trail, or evidence of some sort. You can't just magically pull ballots out of thin air, swap them with votes for the opposing candidate, and then make the swapped votes disappear.
So tell me, do you work for the voting machine companies, or the republicans???
[ link to this | view in chronology ]
Re: Re: Oh no, Not again!
Yeah, and the Maytag repair man can fix the election machine too! Has anyone seen that commercial? It just started playing, and I can't find a link anywhere. Youtube link, please! It's hilarious!
[ link to this | view in chronology ]
Re: Oh no, Not again!
No one said they were. The report, rather clearly, noted that for the attack to work, all someone would need to do is get an infected USB drive into the collection of startup USB keys.
If you don't think it's possible for someone looking to hack an election to get access to wherever the keys are stored sometime in the days before the election, you are quite naive.
The video shows someone who has full access to a machine and is able to access what ever they like.
Actually, no, it doesn't. The only people who have full access to the machines are those who are election officials. The entire surreptitious part is just in getting an infected USB key into the pile of USB keys. That may not be easy for anyone to do, but it's absolutely possible.
How are you going to drop a key file in the machine? By getting out your tools pulling the machine out of the voting booth, hooking up to the system, running your script, and then manipulating the results. They are not going to just let you pull apart a voting machine and do what ever you want.
Clearly, you did not watch the video. The whole point is that the hacker DOES NOT need to do that. All they need to do is get the infected USB key into the pile of USB keys that the election officials have in their offices. That could be done by an intruder or, say, a corrupt election official.
So the arguement that paper is superior is ridiculous.
Only if you're lying about it. Which you appear to be.
So the arguement that paper is superior is ridiculous.
As if anyone claimed it was? My goodness.
And requires a hacker to get up close and personal with a machine.
No, it doesn't. You can repeat it over and over again, but it's false.
While it can be done. The chances of success are a gigantic longshot. If you want to play the odds game..
This isn't a random roll of the dice as you imply. As was clearly shown in the video -- though, apparently you missed it -- is that all you need is ONE corrupt official with access to the pile of USB keys or ONE intruder to drop the key in in a SECOND. You don't think that's possible?
Your more and likely going to encounter fraud with paper ballots.
Did you miss the post the other day? The difficulty of creating *massive* fraud with paper ballots is high. But something like this can create widespread fraud with just a split second of access -- and it's impossible to catch.
This hack requires some kind of a skill set.
Another misleading statement. Did anyone imply that it wouldn't be skilled people hacking the election?
Your comment makes little sense and is either willfully ignorant or deliberately misleading.
[ link to this | view in chronology ]
Re: Re: Oh no, Not again!
Iam ignorant? I am misleading? Your whole arguement is based on a high security risk that these machines are going to hacked. But then you admit that it is not easy. Here lets use your own words to prove my point.
My Words: The video shows someone who has full access to a machine and is able to access what ever they like.
Your Words: Actually, no, it doesn't (ACTUALLY YES IT DOES.. GEEZ GET A CLUE). The only people who have full access to the machines are those who are election officials (Your now speaking about a live election process here. Not the hack on the video). The entire surreptitious part is just in getting an infected USB key into the pile of USB keys. That may not be easy for anyone to do, but it's absolutely possible (AGAIN I EMPHASIZE EVEN YOU ARE SAYING THAT IT IS NOT EASY FOR ANYONE TO DO..
My Words: So the arguement that paper is superior is ridiculous.
Your Words: As if anyone claimed it was? My goodness.
Well then whats your point!!!! Good Grief If electronic voting is superior why spend time knocking it!!!! Electornic Voting my not be perfect. But does it not makes sense to move to something superior?
Yeah, I am the ignorant one.. Get a clue. Your just arguing to argue. Your unable to recognize reason. I was simply making statement in much of my writing. I was not contradicting anyone.
I Said: This hack requires some kind of a skill set.
You Said: Another misleading statement. Did anyone imply that it wouldn't be skilled people hacking the election? (Misleading??? HOW IS IT MISLEADING WHEN YOU ADMIT THAT I AM TELLING THE TRUTH. OMG YOUR A TARD!!!!!!!!!!!!!!!!!!!!!!!
My Words:And requires a hacker to get up close and personal with a machine.
Your Words: No, it doesn't. You can repeat it over and over again, but it's false.
GOOD GRIEF YOUR JUST ALL AND OUT TELLING THE BIGGEST WHOPPER OF A LIE EVER! YOU CAN NOT REMOTE INTO THESE SYSTEMS AND HACK THEM. THATS WHAT THE GENERAL PUBLIC THINKS IS HAPPENING. HOW DO YOU DROP A KEY FILE IN THE MACHINE WITHOUT SOME KIND OF INSIDE SCAM GOING ON. YOU CANT.
[ link to this | view in chronology ]
Re: Re: Re: Oh no, Not again!
Your Words: Actually, no, it doesn't (ACTUALLY YES IT DOES.. GEEZ GET A CLUE).
I have a clue. You, on the other hand, apparently do not. It does not "someone who has full access to a machine and is able to access what ever they like."
As the video clearly shows, the ONLY think those who want to distort the election need to do is get a USB key into the pool of USB keys used to begin the election process. At no time in the video did anyone other than an election official have access to the machine.
The entire surreptitious part is just in getting an infected USB key into the pile of USB keys. That may not be easy for anyone to do, but it's absolutely possible (AGAIN I EMPHASIZE EVEN YOU ARE SAYING THAT IT IS NOT EASY FOR ANYONE TO DO..
*sigh* Is it that hard to understand the difference here. The point is not that *anyone* can do this, but that there are many people who *could* do this. All you need to do is get the USB key into the pile. As we've explained, that's not very difficult.
Well then whats your point!!!! Good Grief If electronic voting is superior why spend time knocking it!!!! Electornic Voting my not be perfect. But does it not makes sense to move to something superior?
Um. We're not knocking the entire concept of e-voting, but pointing out the security flaws with the current implementation. Is it really that difficult to understand that it's possible to point out ways to improve the current system without trashing the entire concept?
Yeah, I am the ignorant one.. Get a clue. Your just arguing to argue. Your unable to recognize reason. I was simply making statement in much of my writing. I was not contradicting anyone.
Except that so far, you have been shown to be factually incorrect, and when called on it, repeated the outright falsehood that this hack requires folks to have full access to the machine. It does not.
Misleading??? HOW IS IT MISLEADING WHEN YOU ADMIT THAT I AM TELLING THE TRUTH. OMG YOUR A TARD!!!!!!!!!!!!!!!!!!!!!!!
Always nice to talk to someone who can express their opinions in a calm and refined manner.
Anyway, the way it is misleading is that you implied that because the system requires some skill to hack that means that it's not worth understanding the security vulnerability. That, on the face of it, is a troublesome statement. Just because there's a smaller group of people who can hack an election it doesn't mean this isn't a concern worth worrying about.
GOOD GRIEF YOUR JUST ALL AND OUT TELLING THE BIGGEST WHOPPER OF A LIE EVER! YOU CAN NOT REMOTE INTO THESE SYSTEMS AND HACK THEM. THATS WHAT THE GENERAL PUBLIC THINKS IS HAPPENING. HOW DO YOU DROP A KEY FILE IN THE MACHINE WITHOUT SOME KIND OF INSIDE SCAM GOING ON. YOU CANT.
No one ever said that you could "remote into these systems." What was said, and clearly demonstrated, was that you just needed to get a USB key into the pile. That does not require full access to the machine. It just requires access to the pile of USB keys that are used to initiate the election. And, as I said, that can easily be done by a single corrupt election official, or via a janitor, or via a breakin. All of which are perfectly reasonable scenarios.
You, on the other hand, falsely insisted that it required full access to the voting machines. That's simply untrue. Watch the video. The only time a "hacker" was involved was for about 2 seconds at the beginning when they dropped the USB key.
[ link to this | view in chronology ]
Re: Re: Re: Re: Oh no, Not again!
The USB device could even be placed by a nefarious person at a polling place. In the 2000 and 2004 elections they had to bring in representatives from both Dem and Publican parties, create new precedents of counting "dimpled" "pregnant", or "hanging" chads. Another person mentioned sudden "findings" of thousands of mailed ballots in the WA Gubernatorial Election.
So new precedents of what counts as a vote were created even outside of the normal polling process. What I get out of the articles is that the process lacks chain of custody and this can easily be circumvented. If chain of custody isn't maintained, or incorrect counts occur, it causes chance of error. Anything less than 100% accuracy is unacceptable in an election.
Elections shouldn't be seen as the penny dish at your local convenience store. Maybe I am wrong here, but this should be a system of absolutes.
[ link to this | view in chronology ]
Re: Re: Re: Oh no, Not again!
[ link to this | view in chronology ]
Re: Re: Re: Oh no, Not again!
[ link to this | view in chronology ]
Voting machines weed out the undeserving plebes
[ link to this | view in chronology ]
Where's the Beef?
404 - Page Not Found Error at UCSB Link.
Maybe it's just a mislinked page, and I hope it's not a Cease and decist.
I for one would be very interested in knowing how outsiders without systems knowhow, could tamper with these machines.
My area has used Sequoia Machines for over 15 years. I have a right to know.
[ link to this | view in chronology ]
How'd this get partisan?
In Washington State, Rossi won the first two counts, and lost the last. There were reams of evidence of dead people voting, felons voting, ad naseum.
It really doesn't matter because both parties do something even worse- gerrymandering. That's the real problem, and only when that is addressed will voting matter.
[ link to this | view in chronology ]
There is no absolute secure method
Build a machine that takes the person votes, then prints out their vote, simply tell them to look at that paper and if it's correct then the paper goes into a second box.
If the electronic results are contested then count the paper votes, if they differ then the paper results win. Any fool that did not verify their paper results to be accurate has no grounds for arguing.
For those too stupid to read print pictures.
[ link to this | view in chronology ]
I Think It's Great What UCSB Is Doing
The very fact that they can publish this information without being thrown in jail is a testament to how great civilized nations like the USA are.
Now that these vulnerabilities are out in the open, the people that make the initializing USB keys can somehow encrypt them or make them unique in some manner that will eliminate the possibility of accidentally using a compromised USB key. Maybe some type of unique, hard to reproduce holographic sticker/emblem with an RFID tag in it. Remember when there was the home run record being set by Bonds? They used special identifiers in each ball, so no one could falsely claim they had the record-setting ball, when they actually didn't.
As these security vulnerabilities are published, the people that established these procedures for setting up the machines can knock them down, one by one.
[ link to this | view in chronology ]
Fix it
A person does this calibration thing right? So, there is an obviously a point of possible corruption. Also, there is the possibility of someone getting a usb key by an official that is not corrupt, as previously stated.
However unlikely you think that is, who cares. There's a vulnerability - fix it.
My personal opinion is that these things are too important to not be open to much more scrutiny. The more a system is banged on, the more likely you are to find possible exploits and fix them. But that part is at least debatable.
As for which party benefits? I don't think that had anything at all to do with the article, but if a voting machine is hacked, the voters didn't benefit. That should be the issue.
If there is going to be a debate about this, shouldn't it be on the best course of action to get voting machines to a trustworthy state and maintain them there.
[ link to this | view in chronology ]
Re: American voting system
[ link to this | view in chronology ]
My thoughts
On a side note:
6 exclamation points, 4 question marks, caps lock, and poor use of the English language show immaturity. I can accept that perhaps public schools are no longer teaching the nuances of words like 'you're' and 'your' or simple use of an apostrophe, but "OMG YOUR A TARD" has no business in a serious discussion. Go troll lolcats.
[ link to this | view in chronology ]
Re: The Dem's have a rule: Either we Win or you cheated,
However Republicans never deal with, and in fact go out of their way to avoid, any actual facts of the situation, whatever that may be.
The truth is that The Republicans and their corporate whorefriends DID INDEED rig BOTH the 2000 and the 2004 elections in their favor, and there's LOTS of evidence that they did so (http://www.truthout.org/article/ten-ways-gop-is-now-stealing-ohio-vote and http://www.freepress.org/departments/display/19/2004/810, among MANY MANY other documented FACTS).
Of course, when presented with these facts, the Republicans will just start their usual rant about 'biased liberal media', despite the fact that over 90% of the media is owned by large corporations that are owned AND run by staunch republicans.
That the Republicans have been so successful is only due to the fact that they are a hive mind and stick together out of a bizarre manifestation of some sort of football-fan mentality, "our team right or wrong," while most democrats make an attempt to sound reasonable and to approach the subject rationally, which ends up only making them look weak, especially after another hefty dose of right-wing Rove-ian spin.
Republicans only come in two flavors: Incredibly stupid, ignorant sheep, or just plain evil.
[ link to this | view in chronology ]
Arguing on the internet, duty calls.
There is no way to win an argument on the internet.
[ link to this | view in chronology ]
Re: Arguing on the internet, duty calls.
[ link to this | view in chronology ]
Anything can be won.
The Obama Campaign should search for the email I sent them.
[ link to this | view in chronology ]
Re:JustTheFacts
Unless you've personally met and interacted with every single Republican in the country, you can't say they're all one thing or another thing. You can only say what you've encountered directly in your own personal experience. Anything more is baseless generalization and blanket statements.
Just so you know, I don't belong to either party, nor have I ever voted in any election. The system is broken, and the only way it can be fixed is if someone defies that very system, an independent who takes no contributions, entertains no lobbyists, does not rig votes, and uses no flowery, false prepared speeches. Someone who is not a politician, but a public servant, which is what holders of public office are supposed to be. George Washington warned in his farewell address against having political parties, but we didn't listen. And every generation since then has suffered for it.
[ link to this | view in chronology ]
Ugg
[ link to this | view in chronology ]
Focus on the facts
I'm not a Dem, but I am a security expert, and these machines scare the living crap out of me. They barely work, they aren't even close to secure, and they could be used by anyone, probably on the local level, to affect the outcome of an election.
History shows that elections may be falsified by a number of processes beyond the recording of a single person's vote. It shows that there are people who will subvert the system. Usually, it has little to do with technology.
The electronic voting machines are supposed to make most of the historic methods impossible, but they don't. Most of them, maybe, but certainly not all. Further, it makes it easier to create a mass vote modification attack possible for those same people and those even less intelligent because now you need one person to write the code and any number of people who are ignorant or easily bribed or righteous or have any other excuse, to insert the illegal fob into the controlled flow of the USB keys. It could be inserted any place from the creation of the original keys at the point of initiation to the final ballot places as seen in the first video.
We the people need to force a change to the current electronic voting machine processes, regardless of who wins!
[ link to this | view in chronology ]