Slashdot Mirror

← Back to Stories (view on slashdot.org)

More Diebold E-Voting Vulnerabilities

Posted by timothy on from the good-to-get-the-counties-involved dept.

presmike writes "ok, it looks like Diebold has more to worry about now that it is possible to change votes with a 5 line VB script. 'The vulnerabilities involve the Global Election Management System, or GEMS, software that runs on a county's server and tallies votes after they come in from Diebold touch-screen and optical-scan machines in polling places.'"

22 of 535 comments (clear)

  1. Blimey by ackthpt · · Score: 5, Interesting
    vbs script running in the background, well, they don't say it but it seems obvious that GEMS is running in Windows, the most breakable OS in the world. I'd think with that in mind that little scripts are the lease of their worries. If someone compromises their network and server enough to install and run a script, they've got considerably more at their fingertips.

    "There's 14,375 votes for Bush, 14,374 for Kerry and 2,793,036 for Mr. Magoo, let's tell the public about this 4 years after the election, OK?"

    --

    A feeling of having made the same mistake before: Deja Foobar
    1. Re:Blimey by grub · · Score: 5, Insightful


      If someone compromises their network and server enough to install and run a script, they've got considerably more at their fingertips.

      When you have the CEO of Diebold saying "I am committed to helping Ohio deliver its electoral votes to the President next year." why do you think the evilness has to come from outside Diebold?

      --
      Trolling is a art,
    2. Re:Blimey by AKAImBatman · · Score: 5, Informative

      vbs script running in the background, well, they don't say it but it seems obvious that GEMS is running in Windows, the most breakable OS in the world.

      It's worse than that. From this link:

      She has no way of knowing that her GEMS program is using multiple sets of books, because the GEMS interface draws its data from an Access database, which is hidden.

      Getting a warm and fuzzy feeling yet?

      --
      Javascript + Nintendo DSi = DSiCade
    3. Re:Blimey by ackthpt · · Score: 5, Funny
      Getting a warm and fuzzy feeling yet?

      I think it's nausea.

      You know... Diebold does a lot of work with financial systems. Is this what they call the Harbinger of Doom?

      --

      A feeling of having made the same mistake before: Deja Foobar
    4. Re:Blimey by nightcrawler77 · · Score: 5, Insightful

      Windows security is hard enough to get right when you try. But it sounds like the Diebold flaws would be present regardless of their platform choice.

      Even running the GEMS software on OpenBSD would do nothing to make up for their lousy secuity design.

      --

      "Power corrupts, and absolute power corrupts absolutely." -- Lord Acton

    5. Re:Blimey by Anonymous Coward · · Score: 5, Insightful

      Here is the only way I see this comming to full public attention. Some haxor changes the votes, not for Dem or Rep (that would be argued as America opinion), so that the green party or the american communist party or something like that won in a landslide then you'd open peoples eyes real quick.

      It's kinda ironic that all of us nerds who love technology are the ones saying that this is a really bad idea. If we're saying this technology is bad you'd think they would listen to us....

      NOTE to FBI, election officials and readers: This is not a suggestion on things to do. I am not saying that someone needs to hack the voting system, I'm just saying that if the worste case scenerio occurs people would notice. I don't want someone doing this and me ending up in Gitmo.

      (For the first time in my /. life I will be posting Anonymously, soon I'll be buying my tinfoil hat...)

  2. Amazing by AKAImBatman · · Score: 5, Insightful

    You'd think a company who's been making ATMs since their inception, would have a good understanding of cryptographic security and the "gotchas" inherent in such systems. Yet it seems that this multi-billion dollar company is utilizing nothing more than junior level Microsoft programmers. I mean, who in their right mind would write a national voting system in Microsoft Access?!?

    Maybe they should claim that all their security experts were hired by Google after they took the GLAT. ;-) Then they could get Congress to sanction Google instead! *rolls eyes*

    (BTW, I love the "Politics" section color scheme. Can we do something similar for IT?)

    --
    Javascript + Nintendo DSi = DSiCade
    1. Re:Amazing by Kenja · · Score: 5, Informative

      Given that the ATMs run unpatched Windows XP and have in the past been hit by internet worms I fail to see whats so shocking about any of this. I will not use a Diebold ATM, even if that means I dont eat lunch because there's no other source for cash handy.

      --

      "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    2. Re:Amazing by AKAImBatman · · Score: 5, Informative

      Actually, the Diebold machines were partly responsible for the 2000 election fiasco.

      --
      Javascript + Nintendo DSi = DSiCade
  3. And in a related story... by Weaselmancer · · Score: 5, Funny

    George Bush and John Kerry sign up for MSDN subscriptions.

    --
    Weaselmancer
    rediculous.
  4. Worry by MacGod · · Score: 5, Insightful

    it looks like Diebold has more to worry about

    You mean, it looks like the American people (and the rest of the world) have more to worry about. Diebold has been incredibly resistant to being damaged, no matter how many problems arise with their software.

    --
    "Reality is merely an illusion, albeit a very persistent one " -Albert Einstein
  5. Priceless by TheJavaGuy · · Score: 5, Funny
    From Yakov Shafranovich's blog:

    Microsoft Windows 2000: $200
    Microsoft Access 2000: $200
    PC: $500
    Hiring an embezzler to put in three set of election results into your voting software controllable by a hidden combination of keys known only to you: $60,000 Changing the election results in favor of your candidate: priceless

    "Of course, there are some elections that money can't buy. For everything else, there is Diebold."

    --
    Opera Watch - An Opera browser blog.
  6. uh-oh by ch3ch2oh · · Score: 5, Funny

    President CowboyNeal?

  7. Re:change to our type by DAldredge · · Score: 5, Insightful

    IOW, you don't know shit about them and you still think they are safe.

    We are fscking doomed!

  8. Nice Diebold quote by Anonymous Coward · · Score: 5, Funny
    "Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty."

    Yeah, that's why there's never been any vote fraud in this country...I gotta remember to keep my shotgun loaded this November, that's when the dead people come out to vote in Chicago...

  9. obligitory plug for blackboxvoting.org by dogas · · Score: 5, Informative

    black box voting has 5 (!) different demonstrations on how easy it is to hack these things. There is also an online book (in PDF format) all about how bad the situation really is.

    This is serious. Not only are they using a microsoft access (!!) database to store your vote, they are using a non-password protected access database.

    Not only are they using a non-password protected access database, you can gain access to the .mdb by hitting a certain key on the touch screen and manipulating at will. Are we living in crazy world?

    --
    'When the going gets weird, the weird turn pro.' -HST
  10. Re:Get rid of E-Voting now! by Paulrothrock · · Score: 5, Interesting
    The Scientific American article I posted about says that paper ballots are even more subject to jamming than punch card ballots. And while they're human readable, they take much longer to count than electronic ballots.

    Their solution: A dual-method system. First, the person fills out a card with their choices. Then they put the card into a slot which reads it, so they get a chance to review their choices. If they want to make changes, the old ballot is stamped with "Void" and shredded, and a new one pops out, ready to use. If they accept the choices, the ballot is placed in a bin *and* recorded electronically.

    --
    I'm in the hole of the broadband donut.
  11. 2 brothers will count 80% of the vote by puke76 · · Score: 5, Interesting

    I submitted this in April, crack mods rejected it.

    Two brothers will count 80% of the vote.

    In a country where no-bid contracts and the VP's corporate relationships aren't questioned, this is worrying.

    --
    London's finest organic fairtrade coffee
  12. What do you want your money going to then? by TiggertheMad · · Score: 5, Insightful

    I don't want my tax dollars bankrolling OSS dev efforts. If you wan't such a system, go ahead and create it. Put a paypal link on your sourceforge page, maybe someone will send you a buck.

    Do you want to pay for buggy, easily exploitable software then? I can understand your desire not to waste money on "fantasy vapor product that doesn't exist..", but you are paying for Diebold's mess. And you are paying for paper voting, recounts, and all the supporting infrastructure. Personally, since money is being spent regardless, I'd like to see it go towards a rock solid solution that will last awhile. It seems that OSS would be an excellent candidate.

    --

    HA! I just wasted some of your bandwidth with a frivolous sig!
  13. Diebold Execs: Stupid or Crazy? by Paulrothrock · · Score: 5, Interesting
    Diebold spokesman David Bear said by phone that no one would risk manipulating votes in an election because it's against the law and carries a heavy penalty.

    WTF?!? Murder is against the law and carries a heavy penalty and people still do it, numbnuts.

    Diebold is saying essentially what the Bush administration and, really, all NeoCons. "Trust us, we'll do what's right. Why shouldn't you trust us? We're respected people in power."

    Hell, that was an argument a White House attorney made in front of the Supreme Court! When asked whether a chief executive could falsify documents he said something to the effect of "Yes, but *this* chief executive wouldn't do that."

    Why not create a system with ways to keep people from doing things that we don't like, instead of *trusting* people you *don't know* to do the right thing. We could call it something like "checks and balances."

    --
    I'm in the hole of the broadband donut.
  14. Brazil's Voting System by gihara · · Score: 5, Informative

    Why not simply license Brazil's Voting System? I am working as a volunteer in Brazil's city elections this years. The machines are simple and reliable, here are the specs. CPU: Geode National - 200 MHz. RAM: 64mb on board. 2 USB and 1 parallel on board. IDE and Floppy interface. 2 30mb flash disks - one for program and the other for the results. 1 floppy disk drive - sadly that's how we deliver the votes... but its quite error free because the votes are also printed. and theres also the flash disk. 9,4" LCD Here's the new model http://www.procomp.com.br/projesp.asp The only real bug in Brazil's votting system is the elector heehe... We elected a drunk last election for president... well... better than Bush... but still a drunk... ehehee

  15. Bullshit! by natoochtoniket · · Score: 5, Insightful
    Jefferson added that he doesn't believe that the vulnerabilities show deliberate malice... But the vulnerabilities do show incompetence and indicate that Diebold programmers simply don't know how to design a secure system.

    I call bullshit!

    I'm sure the Diebold people do understand security, very well. Security is their main business. Clearly, the absense of security in the voting systems is not a result of accident, oversight, or incompetence. I am sure the absense of security is absolutely intentional.

    These machines are designed, from the start, to rig elections.