Slashdot Mirror

← Back to Stories (view on slashdot.org)

Election Officials And Crackers Challenge Diebold

Posted by ScuttleMonkey on from the give-it-the-harri-hursty-test dept.

Rick Zeman writes "The Washington Post is reporting that election officials in Florida have manipulated election results in controlled tests. From the article: 'Four times over the past year Sancho told computer specialists to break in to his voting system. And on all four occasions they did, changing results with what the specialists described as relatively unsophisticated hacking techniques. To Sancho, the results showed the vulnerability of voting equipment manufactured by Ohio-based Diebold Election Systems, which is used by Leon County and many other jurisdictions around the country.'"

2 of 219 comments (clear)

  1. Insanely poor program architecture by James_Duncan8181 · · Score: 5, Informative

    Windows XP + network connection + data held in an *Access DB* and then transferred by memory card with no crypographic checksum.

    If I prepared work like that for a client, I'd expect to get chucked out by security.

    I'll also note the following:
            a) Diabold say that a paper trail is not needed for security, but provide one on their own ATMs. Apparently independent verification of election results is less important then $$$ transactions.
            b) Both local and remote vulns have been demonstrated on their voting machines, but the ATMs have not been pwned.
            c) Diabold refuses to let the source code be reviewed, and chose to run on Windows XP so neither the program or the OS of the box can be verified safe.
            d) Diabold machines can have the vote totals rewritten on their memory sticks as they do not cryptographically sign or encrypt the totals. That's plain text on a card that can be removed from the machine and has a standard file format.
            e) Diabold security is fucked whether or not they put the same code they have tested on the box. With tested, verfied boxes they cannot add XP security patches for known flaws after te verification date (and if there is one thing worth keeping an 0-day for...). If they do add security patches etc then we are trusting closed source biaries to be added to election counting machines without the possibility of review. One bad actor and the elecetion is up for grabs.

    No thanks. I'm not usually a conspiracy theorist but is is as if they were designed to be broken into.

    Would a BSD box with one simple program, output to the framebuffer, a results paper trail and a constant SSH tunnel to the FEC be that hard? *sighs*

    Fuck Diabold.

    --
    "To any truly impartial person, it would be obvious that I am right."
  2. Someone already is. by KingSkippus · · Score: 5, Informative

    There's an organization called the Open Voting Consortium whose mission is "the development, maintenance, and delivery of open voting systems for use in public elections." They are directly opposed to the shenanigans that Diebold has engaged in.

    Problem is, they spend their donations on actually developing the system, not in paying off Congressmen to give them lucrative exclusive contracts. Still, one can hope that it changes someday. (And donate to support the effort...)