Dutch Blackbox Voting Pwned

An anonymous reader writes, "In a just-published report (PDF, in English, cached here), the Dutch we-don't-trust-voting-computers foundation (Dutch and English) details how it converted a Nedap voting machine, of a type used in Holland and France, to steal a pre-determined percentage of votes and reassign them to another party. The paper describes in great detail how 'anyone, when given brief access to the devices at any time before the election, can gain complete and virtually undetectable control over the election results.' As a funny bonus, responding to an earlier challenge by the manufacturer, the researchers reflashed a voting machine to play chess. The news was on national television (Dutch) last night and is growing into a major scandal. 90% of the votes in the Netherlands are cast on these machines and national elections will be held in a month." Please create mirrors for the 8.1-MB PDF and post their URLs. You might also try John Graham-Cumming's l8r.org service to tell you when the slashdot effect subsides from any of the mirrors.

FIELD / SERVICE

[achurch]

From the PDF:

4.3 Maintenance mode: "GEHEIM"

The ISS software has a `maintenance mode' that is supposed to be only accessible to members of the "verkiezingswacht", the Nedap election-day helpdesk. You need a password to get the software in this mode. A quick look in the binary revealed this password to be "GEHEIM", the Dutch word for "SECRET".

Hello? Did someone not get the memo about secure passwords? Or better yet, no default passwords at all? Granted, physical access makes the point rather moot, but if this is the kind of security the designer had in mind, it looks like they can give Diebold a run for their money . . .