Slashdot Mirror
Electronic Voting Machine Cracker Challenge
An anonymous reader writes "In the ongoing debate on the security of electronic voting, an Atlanta area programmer has confronted Georgia election officials on the potential for fraud in its statewide electronic voting system. She claims that she can be prepared to crack the system within a week, and officials have accepted the challenge." What makes this even more interesting is that the election officials are encouraging the woman, so that any possible exploit can be found and remedied.
The Diebold system does have major flaws. I was just at the Crypto2003 conference where one of the talks was on the faults in this system. Amongst other things, when they pointed out the major errors in code, the company replied back calling DES (or DSA, I forget) a compression scheme, and they implemented an algorithm from Handbook of Applied Crypto for purposes of encryption with a value listed in the book that says explicitly "Do not use this for cryptographic purposes"
This is a change from the Kevin Mitnick days when ppl would be incarcerated for even *thinking* about cracking a gov system.
Mad props to Georgia for being cool about this.
SCO's Intellectual Property and Trade Secrets are embedded within the Georgia voting system, and my lawyers assure me that this programmer will be vehemently prosecuted under the full extent of Georgia Law if this "crack" attempt is successful.
Darl McBride
Chief Executive Officer
Caldera International, Inc.
1. Accept the challenge.
2. Make her win.
3. Fix holes.
4. Put her to jail on DMCA basis, or Patriot Act, or for desire to live and love for the country, or whatever.
5. ???
6. PROFIT!!!
(Hope #4 won't happen.)
Moreover, they said, paper ballots can be tampered with more easily than electronic ones, and they're harder to tabulate.
Sorry, don't believe that. A few locations in memory are easier to change than thousands of paper ballots. Hanging chads notwithstanding...
Nice comeback at the end -
Asked Williams, the computer security expert: "Are you saying there's no such thing as a secure and accurate computer? Do you fly on airplanes?"
I think I'd counter that by asking if he knew of any airplane where all members of the general public were allowed access to the terminals used by the pilots? And if so - does he fly with them?
I don't think I'm very happy. I always fall asleep to the sound of my own screams.
And unlike the US there was never a Florida voting scam.
And paper is much more immune to fraud: the election sheets are stored for a certain time, so any questions and be sorted out by a recount without any paper pebbles dropping from the holes. And if a fraudelent government wants to pull off a voting scam they have either to forge election sheets, which would be noted afterwards, or they have to destroy sheets, which would be noted, too.
So why use a high-tech solution which isn't immune to fraud and other problems instead of a low-tech solution which hasn't these problems ?
Owner of a Mensa membership card.
She cracks it, reveals the expoit to them, they thank her, put fixing it on a "to do list", then knock her into prison with the mighty DMCA!
I can already hear the local news station:
"Computer hackers are trying to steal your votes! Politicans are asking that if you know ANYONE who both likes computers and is interested in voting that you report them to the police immediately. Film at eleven."
The US Army: promoting democracy through unquestioned obedience
God, this is stupid....
Instead of doing such a media hype just open the source code for the public and let about 10'000 people have a look at it.
Idiots.
He put the odds of corrupting the software undetected at 1 billion to one. I'll put $50 on it.
Maybe partying will help...
Please will at least everyone keep in mind that when she wont succeed in cracking the machine that doesn't prove it's security.
You can't prove a product is secure, only showing that it's insecure...
Alan Perlis once said: "A language that doesn't affect the way you think about programming, is not worth knowing"
He put the odds of corrupting the software undetected at 1 billion to one.
If you make a statement like that you are asking for trouble. It's like walking into a bar and saying 'No one here could win in a fight with me.'
Of course, this is assuming Ms Jekot fails to find weaknesses in the voting system.
Even if she does find exploitable flaws, will she find all of them? Probably not, in my opinion.
Am I being cynical and paranoid? Hell yes.
I'll probably turn out okay for her. Remember: the last time anyone was found to have rigged an election, you made him president.
Although it's good to have an independant security audit of the hardware/software, it's still a far cry from what I would call development of a secure system.
...? What are the logging/auding possibilities? How secure is the data transmitted? How secure is that data stored?
...
Did an independant auditor (or security specialist) audit the design - both hardware and software - from a security point of view? Where there independant audits/reviews of the coding or assembly of the hardware? Can you trust the developers or factory workers? Who is monitoring the deployment, development, good working,
Who will monitor the people who are in charge of the system?
Ultimately, you have to trust someone. And putting trust in the wrong kind of people is the biggest security risk there is
http://blog.astyran.sg
This is obviously a hoax. Everyone knows that there are no women in computer science. :)
I've been in college for a few years and I haven't seen a women since I stopped taking Gen. Ed. classes.
that the companies that manufacture voting machines are not mandated to publish full specifications including technical drawings and listings of firmware, for anyone to look at, any time, for free. It's like they are trying to say mere mortals are not supposed to know the processes by which their representatives are elected.
And don't give me the hand-wringing "important proprietary secrets" crap. Firstly, all companies would be required to show their "secrets", so nobody would be gaining any unfair advantage. Secondly, what the hell is so secret about adding up a bunch of numbers anyway? And thirdly, what corporate secret is more important than the due processes of democracy?
If these companies are not prepared to let the general public - who are, after all, the rightful owners of "Government" property - scrutinise their products, thenthat alone is a good enough reason why the public should reject their products.
Je fume. Tu fumes. Nous fûmes!
have destroyed the record of the 2002 election, in defiance of federal law. they have stated that the election went smoothly.
Right before the election, an uncertified patch was installed to all the voting machines in Georgia. There were some stunning upsets in the race. Saxby Chambliss and Sonny Perdue won in dramatic, come from behind fashion.
the Libertarian party candidate has issued a formal request for the voting records, the ones that have been destroyed.
photosMy Photostream
This only PROVES their ignorance. If one person fails in one week, that's far from showing that the system is secure.
Open Sourcing it won't make it secure either, but it would probably be the fastest way to fix a ton of the most obvious holes.
Better yet, if they want good PR, they should hire Mitnick to have a go at it. Lord knows he's probably rusty, but his name alone would end the debate one way or the other.
I resent your implication that we're all slack-jawed, inbred, wife-beating neanderthals.
Indeed, the very idea is preposterous
But while I'm thinking about it, you've got a pretty mouth... why don't YOU get me another beer, before I make you squeeeeal!
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
What they mean is that they would be able to look at the system after she has had it and then figure out whether or not every vote was a valid one. They gave her the equipment to work with so she will be able to add authorized votes and unauthorized ones. Only she will know which are the unathorized ones. The state will then examine the system to determine if they can detect whether any of the votes are unauthorized. Presumably each vote is digitally signed in such a way that the state feels that she will not be able to duplicate the signature. Then after the state determines which votes were unauthorized she'll turn around and tell them if they erroneously counted invalid votes as valid ones. Presumably because she figured out how to duplicate the digital signatures. Then she'll show them how she did it and why they weren't able to detect them.
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
or some other cracker conference. Sort of like electing the King and Queen of the County Fair. Just announce that at Defcon you're going to elect the Evil Overlord of All The Crackers, and you're going to use Diebold machines to count the votes. That should lead to some amazing exploits :).
Sorry to burst your bubble, but paper voting is rife with fraud, that is one of the major reasons it took so long to rid many of it.
Going to digital introduced a whole new system, whereby the exploiters of the previous lost their investment and are forced to start again.
Voter authentication needs to be taken further with the requirement of a picture ID, as it stands now, many dead vote on paper ballots, and many votes that are for one party or another are either lost or damaged so as to become invalid.
If Florida proved anything, it proved just how dangerous paper ballots were, and even how more dangerous subsequent handling of them was. Seems to me many stories of how the same box of ballots yieleded different results depending on who looked at them!!! How is that not an easier source of fraud? Especially when people start introducting "interpetation of intent" into the mix!
Sorry, digital voting will one day be the only true way to avoid fraudelent voting, however for that to come about we will had to shed some of our mickey mouse vanities. Something must be done to not only protect our vote from a fraud at the machine but to protect our vote from fraudelent voters (ie, the dead, the multi-voters, etc)
* Winners compare their achievements to their goals, losers compare theirs to that of others.
I don't think even 1/2 of Georgia state can use a computer, much less be a cracker.
Thats where your wrong, because they are all crackers.
She's a webmaster with an interest in carnivorpus plants. She did this site.
N ote the fucked up links on the bottom of the page. They point to c:.
http://www.cumbus2002.org/eco_rescue.htm
She does not even have a web site for her web design business! AWEBPLACE.COM is registered to her company Southern Belle Software. Search for some of her posts to newsgroups for more dismaying info.
How about posting the code here, Roxanne? A 'few of your expert friends' will be happy to help you out.
The latest Slashdot meme.
At least in a paper voting world, there needs to be some semblance of a paper trail record to be available for recounting.
While such systems can be manipulated, it takes quite a lot of people in the loop to do so. Voter early, vote often; run a steel rod through any Republican ballots in Democratic areas...
The move to scannable ballots using sharpie markers is a bit better but physical security of those are questionable as they allow thermal printouts and often have the covers open at the polling places.
Right now, if I want to steal an election, I probably have to bury my opponent in the places that I control the entire polling apparatus with my political party hacks. It looks crude and messy to anyone who watches.
Now if we have all the local precincts reporting frequently into a central computer system with two way back door communications; we can easily determine the number of manufactured ballots needed and allocate them over a greater number of precincts without drawing any attention at all.
An example of this is a weighted average cost bid, I have personal experience with this. If we know that there are two items on the list; one says it will buy a million of an item and the other says it will buy 3 of the item but the quantities are reversed. I can make my evaluated bid much lower and rape the buyer by biddin no cost for the first item and $10,000 for the second item (assuming both are worth $1000); however the bid will look really, really abnormal compared to the other bidders and they are going to smell a rat even if they don't know the real quantities to be bought.
However, were I to just shade the bid a bit by lowering the cost on one and raising on the other I could win the bid, have higher margins and no one be any the wiser. OK, the example of a million vs 3 is too extreme but so is the ballot count for Democrats in these key urban areas coming in higher than the total number of living and dead there.
If the election comes in as the controlling power wishes, there is no need to do anything. If it is off track, they can certainly round up people on buses to vote but they can also create some new ballots that will be totally untraceable.
All electronic balloting is not to be trusted.
Computers do many wonderful things, counting elections is not one of them.
D
Curious for more about this story, the best background I found was here.. Also, this bill seems to be starting down a better path toward a publicly viewable system. Not sure about the paper trail part though.
The potential for fraud is only part of the problem with electronic voting. The biggest problem is the lack of a hard paper trial to use in the event of a recount or if the machine crashes. Suppose you have a group of booths in a busy voting district that suddenly decide to blue-screen. Potentially, thousands of votes could be lost. The lack of a paper trial has been brought up many times, but proponents of the system have so far dismissed it as unneccessary. This is just asking for trouble.
Even worse is cases like those in Florida where the state purchased new electronic voting machines with the provision that their warranty would be immediately canceled if the state ran tests to verify their performance. Egads! This has fraud and disaster written all over it.
Our system of democracy is very important our liberties. As voters, we should insist that our voting system be beyond question. That means it should be secure, verifiable, and robust. The best way to accomplish this is through open-source peer review of the code and hard-copy backup of voting results for auditing purposes.
When all else fails, run.
" Asked Williams, the computer security expert: "Are you saying there's no such thing as a secure and accurate computer? Do you fly on airplanes?" "
That would be the most insane statement in the whole article. There is no such thing as a secure and accurate computer. Only one way to completely secure a computer. Turn it off, encase it in a 30ft concrete tomb. Very few will get to it, yet it still isn't totally secure, I'm sure there's a bunker buster out there that'll destroy it.
Accurate? Hardly. A computer will tell you what you program it to. If someone can change it's purpose (or results) you've no longer got accuracy. Note how the comment doesn't question the accuracy of input/output to the computer?
And finally, flying on airplanes. I think history has shown that there is no such thing as a failure-proof aircraft. However, I will still fly on them, because I hope that procedures ensure that it's not Williams flying it with a computer only.
Vip
Are they implying that a computer system is to be considered reliable just because one hacker/group did not find any (more) flaws in one specimen (not even "in the wild") at one given moment in time?
Auguste Kerckhoffs tourne dans sa tombe...
Whether she succeeds or fails does not prove a thing.
Since when do we attribute the most "l33t sk1llz" on earth to the first attacker, and then just assume we're safe to vote happily ever after?
The only route to go for the code that could finally make someone president is full disclosure. "Elected on Open Source" sounds a whole lot better than "four years under the rule of a computer glitch."
That was a practical and honest solution to the percieved problems with the voting machines.
Also, I noticed a tidal shift in which American states were now most enlightened this winter, when talking to a California Cousin, he noted that at least his governor kept the power on. Seeing as keeping the power on is a GIVEN down South, I started wondering which states were truly the most advanced in US.
HenryJamesFeltus.com
I wouldn't do that. The next headline will be, "Cracker goes to jail for showing flaws in electronic voting system"...I mean, this is America...home of the patriot act and indefinate imprisonment without cause.
-- A cat is no trade for integrity!
if an expolit is found and patched, are we supposed to feel our voting is safe?
Do you feel safer every time MS patches their stuff with claims of fixing an exploit? Or how many patches does it take to make the public feel safe?
If a politician or political group wanted to exploit such a system, wouldn't they consider hiring someone familiar with cracking such a system? How would you advertise for such a job and even test the applicants?
If I vote electronicly, does that mean I can also participate in a jury electronicly?
I'm sure I can come up with all sorts of other perspectives but doesn't it all come down to simply controlling what the media reports anyway, and that it can eliminate or bypass any electronic counting system? (i.e. with all the media talking down on the Dixie Chicks, how is it that they are the top selling country band? Or how SCO has been so much in the Media lately about stupid stuff... who should believe the media anyway, no matter what the truth is.)
Point being, what verification do I as a voter get?
A: NONE!
I am expected to believe what someone else tells me the results of an election is.
Don't politicians as a profession lie? Especially in campagining for election? And haven't past elected politicians been found to lie to the public?
Doesn't this really all add up to cheating is OK so long as you do not get caught, or can't talk you way out of it?
There was a delay in responding to the olympic park bombing in 1996. The delay was caused by the program of the then new 911 system. It would not allow an assignment of a call to an officer(s) without inputting a valid address. Problem was, nobody thought to give the park an address, though everyone knew where it was, cept the 911 computer program. The call finally went out over old style walkie talkie to those officers who still had such a device. The delay time was perhaps long enough not to have saved those who died.
Point is, humans are smarter than programs. What we make we can break.... Electronic voting is just another place to manipulate the voting process. Another tool to perhaps convince people to vote for someone that is more likely to do something the voter would not approve of anyway.
But if such a systemn could be validated, then I think it could be used for more than just voting a politician into office, but could also be used to handle the day to day decissions of what politicans and their company do..... like slashdot moderation.... but better, more accurate and perhaps more verifiable to the adverage joe..
I tried posting a story about the EVM2003 project a couple weeks ago, but unfortunately it was rejected. I'll try again soon, I suppose. So this note is a little less complete (not all the background URLs and the like). The project comes out of several years of background work by some well known computer scientists, political scientists, lawyers, elections officials, and political activists. But the demo (to be written in Python, btw), is just starting development.
Anyway, the short story is that I am involved in a project to create an open source voting system, with the extra twist that the machines also produce printed ballots. That is, the electronic part makes selection more clear, and prevent overvotes and other errors, but after using the touchscreen (or mouse, or blind accomodation), voters can visually verify their ballot for accuracy before submitting it to the ballot box.
Read an announcement of the project at http://gnosis.cx/voting-project/announce.html.
Check out the sourceforge page for EVM2003. We also have a mailing list archive.
Buy Text Processing in Python
The difference is that she didn't try to hack it first. She made a challenge and they accepted. This is how normal society acts. Hackers have made a bad name for themselves by doing things without other people's knowledge or permission---often to show off their "superior skills". Hackers may feel this is no big deal or some sort of "good work", but normal people feel very threatened and violated. Hence people like Mitnick go to jail.
If Mitnick had asked and recieved permission like this woman, there would have been no problems.
Brian Ellenberger
I'm not concerned if the system is secure or not (well, I am, but it is a side point). What I'm concerned about is that I can't audit the computer system without a paper trail. This is the most important issue. One can have a "secure" voting system which purposefully gives the wrong results on election day. Also, just beacuse one hacker can't crack it doesn't mean that other hackers won't.
Another poster says "at least this is a change from the Kevin Mitnick days" (or something similar)
That poster is mistaken. We had a recent story on slashdot where someone was threatened with legal action for revealing a bug in some code.
IMHO there should be standards for how and when you are allowed to attempt to break into a piece of software or system to demonstrate its vulnerability. I suppose one way to go is:
It's a rather round-about process since you'll usually have to break in (secretly!) in part one to be sure that it really is vulnerable. But you can't let them know you did that or they'll prosecute you in step two. Suggestions?
Furry cows moo and decompress.
Fair amount of money at stake if she wanted to auction off her knowledge...
When all of your wishes have been granted, many of your dreams will be destroyed - Marilyn Manson
I know everyone is convinced that chads are the work of the devil, and caused all the problems in the 200 election, but I have to say that everyone is wrong.
There was *no* problem with "hanging chads". The voter's selection had a stick pointed in it. The stick made an indentation, or a partial hole, or a complete hole, or no impression whatsoever. The chad may or may not have been detached. Big woof if not.
The "spectacle" of judges peering at the cards was just that: spectacle. The votes were easily discernable by anyone who was not *trying* to make a fuss. The 'publicans were making a huge, screaming (literally) fuss at the counting tables. There was a non-Republican and a Republican counter at each table, so the validity of the recount was beyond question. If the voter made two choices, or none at all, it was invalid. All others were counted.
The paper ballots worked just fine. It was just politically expedient to pump confusion and hysteria into a normal recount process in order to invalidate the process in the minds of the public.
If Gore had won the initial count, the screams for a recount from the Bushies would have been deafening. This isn't a guess: the political strategy for a close race was already decided. Question the vote. Question the validity of the election, and of the man who won. They had plans for endless lawsuits.
Since Bush won, they used the opposite strategy. And they won not only a cancelled recount from the Supreme Court (well, a half-hour time limit to finish the count is a cancellation), but now the Diebold company, a major Republican player, is replacing a solid and auditable paper system with a system that is emminently cheatable -- and with no recount possible, and no audit trail.
Anyone who's even halfway suspicious of human nature would choke with laughter at the introduction of a private computer system replacing an auditable paper system.
Okay, I ain't seen it yet. I cannot resist ....
Is Roxanne a Georgia Cracker?
Someone must of asked already, but I did not see the Q&A.
Ain't it funny, how the meaning of words and phrases change with time?
Things always seam to get better.
OldHawk777
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
Avi Ruben was probably a fool for not divesting or disclosing his interest in a pseudo-competitor, but why isn't anyone screaming about Senator Chuck Hagel's ownership of Diebold? here's a version of the story. But where are the mainstream media accounts of this in relation to Hagel's unprecedented win in Nebraska using election machines his own company sold! And then he apparently failed to disclose this for years.
Frankly, if voting is going to be electronic and this insecure, I'd prefer to vote via the web. Better yet, I'll go vote via Taco Bell.
No one is saying get rid of touch screens, we are saying PUT PAPER IN THE PRINTER which is already built into Diebold and every other touch screen machine. Print ballot, voter verified, it goes in a ballot box, you've got evidence of the vote. Explain why: 1) A person in a wheelchair, or a muscular or neurological difficulty, who can vote on a touch screen suddenly cannot vote on a touch screen if you have paper in the printer. 2) A person who is blind, and uses the headphones to vote, suddenly cannot vote on a touch screen using headphones if you have paper in the printer. This is a prepared talking point sent out by the voting machine industry. Bev Harris Black Box Voting
But web site design is in no way the same thing as C++ coding and database design.
The Diebold system uses the Windows operating system. It has a customized and never-examined Windows CE interface on the touch screens. They send their results in to the county server, which is on Windows NT 2k. At the touch screen level, they appear to have taken out many of the security features in order to make information transmission backward-compatible with Windows 95 and 98 machines, so they could sell the system to counties that had their old systems.
The county machine uses Microsoft Access and, in the program I ran, which was GEMS 1.17.17, the the only version listed as currently certified for use, the security features are disabled, including disabling the autonumbering feature on the audit log.
The MS Access database is constructed without referential integrity.
The newest Diebold touch screen system, the TSx, substitutes wireless communications for land line modems.
It is these issues that will be explored, not how to design a web site.
But thank you for playing. Bev Harris Black Box Voting
If she fails, the vendor, and possibly the election officials, will cite this as "proof" that the system is secure.
Professional wrestlers & dead men elected to office, controversy in NJ and Fla last year, not to mention Fla contributing to Dubya's overthrow of Gore (even if everything WAS kosher, the family link requires far more conclusive results for appearances sake), and now the freak show in California (Clinton faced impeachment w/o leaving office; Calif. should require something more serious than being left holding the bag post-Enron) but you're worried about *potential* issues in *future* elections? Mod me down all you want, but the bigger issue here is the fact that, realtively speaking, GA is a non-issue...
When all of your wishes have been granted, many of your dreams will be destroyed - Marilyn Manson
Here is a link to my comments on a bug I found in the Palm County butterfly ballot tabulation.
s sa ge/95?source=1
Looking closely at actual results can be revealing.
http://groups.yahoo.com/group/NotMyPresident/me
From: "Bob Spence"
Wed Jan 03 23:21:20 2001
Subject: A bug in the Palm County tabulation software
The undervotes in Florida are now being examined by the media. I
believe there is strong evidence that the overvotes must also be
examined to understand what happened in Palm County. There is
evidence that the tabulating software used there was faulty.
An examination of the publicly available overpunch data reported by
the Palm County election board the night of November 11 shows that
there were some legal votes rejected by the computer tabulation. Two
of the rejected votes, one with the combination of holes 2 + 3 and
another with holes 2 + 4 punched, are worth special consideration.
Hole 2 on the ballot was not assigned to any candidate. The voting
machine did not allow the voter physical access to punch hole 2. Only
holes 3 through 11 and hole 13 were exposed. How the voter managed to
punch out hole 2 on the ballot might be a mystery, by having a hole
there should have no legal significance. This hole was not assigned to
anyone in any race, so should not have been considered in evaluating
the ballot. These ballots must be counted as legal votes for Bush
(hole 3) and Buchanan (hole 4). The fact that some ballots contain a
selection in hole 2 is an indication of voter confusion, but it also
exposes a bug in the tabulation software.
A complete count of overpunch combinations will reveal even more about
what happened in Palm County.
A complete count of the overvotes reported by Palm County is at:
or
My web page analyzing the known overpunch data may be found at:
The only Florida law I can find in this area is Title IX Electors and
Elections, Chapter 101, Voting Methods And Procedures, 101.011 Voting
by paper ballot.
"4) If the elector marks more names than there are persons to be
elected to an office, or if it is impossible to determine the
elector's choice, his or her ballot shall not be counted for the
office; but this shall not vitiate the ballot as to those names which
are properly marked, and nothing in this code shall be construed to
prevent any elector, at any general election, from voting for any
qualified candidate other than one whose name is printed on the
ballot."
Bob Spence
I can brag to others: "My girlfriends cracks the voting system... lets see your big-breasted girl do that"