Slashdot Mirror
How to Hack the Vote and Steal the Election
divisionbyzero writes "Many people have asked for it so that the government will have to deal with it. So here it is: a guide to stealing an election that uses electronic voting machines written by Jon Stokes over at Arstechnica.
From the article:
"In all this time, I've yet to find a good way to convey to the non-technical public how well and truly screwed up we presently are, six years after the Florida recount. So now it's time to hit the panic button: In this article, I'm going to show you how to steal an election.""
I agree that this is perhaps THE most pressing issue right now for Americans, but is it really ethical to distribute this kind of information? At what point do you take responsibility for what you post, and NOT diseminate information that, in the wrong hands, will cause what you are trying to prevent?
But this is slashdot. A slashdoter who didn't build his own computer is like a Jedi who didn't build his own lightsaber!
1. Make sure head of company that supplies voting machines is a vociferous supporter of your party ...
2. There is no step two
"The dew has clearly fallen with a particularly sickening thud this morning"
All germans, please sign this petition:
_ petition.asp?PetitionID=294
http://itc.napier.ac.uk/e-Petition/bundestag/view
It currently has 13748 votes.
Thanks!
Are you the RIAA, going on about "stealing" intangible concepts that cannot be stolen? You can't steal an election, any more than you can steal music.
-- The Diebold P2P Network Team
Please correct me if I got my facts wrong.
It's the only way to be sure...
I'll form my OWN solar system! With blackjack! And hookers!
Can we use this to create a CowboyNeal option in the next election.
X(7): A program for managing terminal windows. See also screen(1).
In other news, the Bush administration has filed a lawsuit against Arstechnica, stating that releasing this information is a "danger to national security". Meanwhile, GOP officials are scrambling to determine who 'leaked' their 2006 Election Strategy to the press.
Since you cannot validate the correctness of the election either way, I'd opt for the path which fixes the situation.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
But people aren't listening because they don't understand the problem.
Explaining how easy it is might help people understand this is a serious problem.
Can you think of a better way to explain how easy it is? and how much of a problem it is?
Its already been done.
From the referenced url: '"Electronic voting machines also caused widespread problems in Florida, where Bush bested Kerry by 381,000 votes. When statistical experts from the University of California examined the state's official tally, they discovered a disturbing pattern: "The data show with 99.0 percent certainty that a county's use of electronic voting is associated with a disproportionate increase in votes for President Bush. Compared to counties with paper ballots, counties with electronic voting machines were significantly more likely to show increases in support for President Bush between 2000 and 2004."'
'Charles Stewart III, an MIT professor who specializes in voter behavior and methodology, was initially skeptical of the study - but was unable to find any flaw in the results. "You can't break it - I've tried," he told The Washington Post. "There's something funky in the results from the electronic-machine Democratic counties."'
"We are all geniuses when we dream"
- E.M. Cioran
How to steal an election in seven easy steps:
1) Put the word Linux on your website.
2) Add copious amounts of Microsoft bashing.
3) Add Socialist blurbs to the website.
4) Call the current astate of affairs evil.
5) Advocating lowering the voting age to 10.
6) Ask KDawson to post a link to your website.
7) Have everyone on slashdot believe you are the |37357 |]()()|] @®0|\||}
Well, it may not work, but most kids here think it will.
Have you read my journal today?
Folks, if there's gonna be wholesale election fraud, a smart fraudster is going to do it where nobody is looking. Don't expect it to take place in the precincts that make the news for irregularities.
Expect it to take place in places where Candidate X carries 70-75% of the vote.
That is, expect it to take place in places where Candidate X carries 75-80% of the vote.
If you don't want anyone to notice you're doing it, do it where nobody will notice; if the election is close enough (which so many of them are,) your candidate will carry the day.
Obliteracy: Words with explosions
(libertarian party coming out as first) and get the system fixed subsequently"
If you really want election reform you have to make it in the best interest of the the Dem/Rep party. The best way to do that would be to have a third party victory. As long as someone in the Professional Politicians Club get's elected, the powers that be don't care about voting accuracy. They have no reason to.
We are all just people.
Yes, you are missing something. The entire article is available. You just have to click through it page by page. The PDF is a convenience for subscribers. You can make your own PDF with just a little work if that's what you need.
Security through obscurity doesn't work for long. I'd feel pretty safe at guessing that by now more than a handful of people with the capability have also figured out what to do and probably some who even had intentions at the next election. The bad guys have the tools already, even if it's only one than that's enough, your argument protects and shields only that bad guy and ensures that he gets full cooperation of the voting machine when it comes round to the election.
The lack of ethics problem going on is with the people responsible for not fixing the issue when first alerted. And to put a tinfoil cap on I myself why would people on purpose install and setup machines with a known configuration that enabled a fixed election even after being notified of the issue, it's beyond a simple little hole like IE problems or something. somebody has gone out of their way to ensure that the election can be fixed, that is who you are currently putting your trust in, i myself would advise against that.
The best thing that can possibly happen for this country and secure elections would be for Buggs Bunny to win 100% of the vote in at least one, preferably multiple districts. Until people see these results come in on election night, they'll never believe that it can really happen.
Hotels across the United States reported an alarming shortage of hotel bar keys.
What if the Hokey Pokey really is what it's all about?
In an article that exposes flaw after flaw in the electronic voting system, the one thing that really made my jaw drop is that the master vote tabulation is stored in an Access database. To my mind, Access is crippleware designed for quick-n-dirty solutions on small data sets for people that don't know any better. Putting it into a production application is madness. Madness!
perl -e 'foreach(values %SIG){$_="IGNORE";}while(){}'
The incorrect presumption here is that voting matters. Does it really matter if you vote for a Demopublican or a Republicrat? Either way they're going to pick your pocket and line their own. No matter who you vote for, the government always gets elected. Funny how that works.
Don't piss off The Angry Economist
Hannibal is brilliant by all accounts (especially his own...) and one of the few people who understands technology and communication well enough to be able to put esoteric subjects into terms understandable to an intelligent lay person, but he's not anything close to the only person to be able to figure this kind of thing out - especially since he probably didn't spend a whole lot of time on this article compared to the amount of time someone who wanted to actually steal an election would.
If Hannibal can do this then someone who wanted to steal an election, and could spend a trivial amount of money on doing it could absolutely do the same. It is utterly absurd to think that the analysis he did in the course of researching and writing a single article couldn't be done (and probably was done a long time ago) by any one of hundreds of other organizations if they had a small team working on it for months or years.
The result? The only people for who this is news are the people who don't have a vested interest in stealing an election - and those are the people who need to know about it. Bravo to my favourite tech site for doing this.
- ------- There are ten kinds of people in the world. Those who understand binary, and those who... Huh?
It's better that many bad guys know of a "hack" that doesn't work anymore, than that a few know of one that still does.
FRA: STFU GTFO
In this case, having one bad guy with the directions really isn't any better than 10 bad guys with it.
In fact, the more bad guys that have it, the more likely the problem will get fixed, thus it's actually better that the most 'bad guys' possible get it. If only one person knows how to rig the election, chances are higher they'll be able to get away with it. If 100 people know and all try to rig the election, chances are none of them will get away with it, because the tampering will be too obvious.
Frankly I think the best thing to happen would be for someone to utterly steal the next election; make "Mickey Mouse" or "Elvis" get 100 seats in Congress or something. The cost of having to repeat a single election is certainly much smaller than continuing for decades with a flawed process, where nobody can tell whether the vote is being rigged or not.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Ventura, California, Buena High School, 1988 Class President election:
It was the first year of electronic voting, done on a room full of Apple IIe's.
Some kind of voting program was running. I simply made a break in the program, figured it which variables belong to which candidate and bumped the variable count up for my favorite. After that, i simply continued the program and then logged my official vote.
My favorite was Todd Turner. I hear he won by a landslide. No one contested the results. Lucky Todd.
And Todd, if you happen to read this, don't get mad at me, ok? I mean, you probably would have won anyway, right?
Ideally, for the layperson you would simply explain that each pricinct's votes are stored in a small database, and that it can simply be edited with a piece of software commonly included in Microsoft's popular Office suite. Then, show a screenshot of access with the GEMS database opened, highlight the vote tally for some candidate, and explain that you simply click in the box and change the number. Then explain how it would be impossible to know what the vote count could be due to the lack of paper...relate it back to punched ballots (just save the ballots and recount em if necessary), optical scanners (again you have the ballots and usually there is a paper log that prints each vote as it is scanned), etc.
All of that is understandable to even the layperson. Most people understand what Microsoft Office is. Most people have heard of a database and understand thats how businesses store all their information. Most people have seen a spreadsheet and a screenshot of someone editing an access database looks almost the same.
Repeat this process for http://www.senate.gov/general/contact_information
After about a thousand folks do this, a staffer might actually go print out the story and hand it to their congresscritter in a brief.
I'd also like to ask the Ars Technica people to make an exception for this story and make the PDF available to non-subscribers, as it would really help to disseminate this story to the right people. I'm not really sure how to go about contacting them.
Here's my letter (slightly munged of course by slashdot):
Done with slashdot, done with nerds, getting a life.
The quickest way to get the system changed is to create a scandal by actually stealing an election. I would suggest making a Libertarian, Green, or other 3rd party win the govenor's race. That should make it pretty obvious. Then the person who hacked the election should send letters detailing what they did to a major newspaper and the state election board. I would also suggest backing up the real results so that no real harm is done. That should get us secure voting machines by the 2008 presidential elections.
what sig?
The premium PDF is an identical copy of the actual article. You aren't missing anything.
Here's my prediction. The control of the House of Representatives in the coming election (which is after all, the most important thing, considering it would give Bush's opponents subpoena power to investigate all the sleazy crap he's pulled), will come down to one extremely close race. This close race will be decided, after a recount, and the Republican candidate will win by less than .01% of the votes.
It will be a virtual repeat of the 2002 and 2004 elections. You see, all this nail-biting, down to the wire, razor-thin margin bullshit gives the idiots who watch TV the feeling that, well "it MUST be legit because it was so darn close" and "if there was anything crooked going on, they'd win decisively".
Wednesday, the 8th of November, we will hear how the "values voters" pulled together at the last minute and despite the fact that all the exit polls showed the Dems winning by a huge margin, the Republicans yet again pulled a miracle out of the hat and retained power. Rush Limbaugh will explain that all the prayers of the good Christian Conservatives is what turned the tide.
Because of the clear crookedness of our electoral system (and did you notice that the regions that the Republicans pulled their upsets in during the last elections were the ones that had Diebold machines?), it is probably too late to expect elections, op-ed columns or clever blogs to make a damn bit of difference.
No, I'm afraid it's going to take people, lots of people, in the streets, being decidedly ill-behaved if we're going to keep this nation anything like the beautiful experiment that the Founding Fathers produced. If the principles of the Enlightenment are going to survive, we're going to have to act the way the heroes who created this country acted: badly. Civil disobedience and mass demonstrations, general strikes and boycotts. There's going to be some fighting before this power-grab by the Authoritarian Right who have masked themselves as "Conservatives" will end.
Despite my general laziness and particular enjoyment of online games like Eve-Online, I am prepared to fight, and if necessary, die, for my country. Even if it means that it will be other Americans that I will have to fight to protect the United States of America.
It's going to take a tamper-proof margin of victory in 11 days if this sleazy little tin-pot dictator in the White House and the crooked pricks who are pulling his strings are going to be stopped. It's the only chance we have to put a little oversight on these bad actors.
You are welcome on my lawn.
Well, you know the old rule: "keep your friends close, and your enemies closer"...
Stallman wouldn't want to execute Raymond too early; it would just precipitate a civil war. You know, BSDers blowing themselves up in LUG meetings, contamination of the Cheetos supply, and caffeinated-beverage shortages. You know, basically all the worst parts of the Bible.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I remember election night in 2000, I was watching CBS I believe. They called Florida for Gore.
The influence of the provably biased media on elections as they are occurring should be a shameful thing to us and disallowed. I know people who were standing in (a long) line in Florida and heard it'd been called for Gore and so didn't bother to vote (for either candidate) after that - talk about sanctioned disenfranchising.
That's what blogs are for.
It needs to have enough supporting evidence that someone can blog it as fact. When blogged, it will inevitably get taken out of context and dumbed down to the level that the average Joe will understand, with the substance behind TFA's link.
Give this a few days to make it around the Internet. I can see this becoming a big stink.
:(){
(c/o Matt Blaze)
I [may] disapprove of what you say, but I will defend to the death your right to say it.
I agree with the general consensus among slashdoters that voting machine schematics and source code must be open to the public for inspection. I also think that we can improve election security, while still retaining an anonymous ballot, by allowing voters to check to make sure that their own vote was properly counted. Here's my plan:
To begin with, the regular voter verification process happens at the door. You go into the polling booth, select all your options, and a confirmation screen comes up for you to check and make sure you selected everything properly. When you confirm, a small piece of paper is printed out that has a serial number and a dynamically generated decryption key on it. Your vote is then sent along to a tabulation server. Your unencrypted vote is added up with the other votes, and the pair of your serial number and your encrypted vote is stored at the same time.
Later in the day, you can go home, and log onto a special government website. You enter your serial number, along with your decryption key, and the verification server shows your vote back to you. The only identifier attached to each vote is a serial number, and it requires the proper decryption key to view the vote. Nevertheless, it allows individual voters to check to make sure that their vote was counted. As long as source-code can be publicly inspected, we can verify that counting is not being "faked" by saving an individual user's vote for verification purposes but not actually adding it to the overall tabulation, thus preventing fraud by under-voting.
To prevent fraud by over-voting, the tabulation server will keep track of the total number of votes it receives from each machine. Local election officials will keep a hand-tally of the number of voters who visit each poll. At the end of the day, the hand tally is checked against the server's tally to make sure there is no discrepancy.
Anonymous Luddite: "What do you think of the dehumanizing effects of the Internet?"
Andy Grove: "Not Much."
It's a SECRET vote. That means nobody has the right to know how you voted. INCLUDING the mobsters and union bosses you are so sure are stealing the election. That's why you should never expect a receipt with the vote you cast on it (though you should, IMHO, be shown evidence that your vote has been recorded correctly before you leave the polling place, such as a paper tape with a print out of your vote on it rolling past a window on its way to a lockbox, where it should later be tallied and compared with the computer record to ensure that they are consistent).
Yup, and anyone using this to aid the GOP will be given the Presidential Medal of Freedom.
Unbelieveably, Diebold actually has an ecommerce site where you can buy all their electronic voting machine products online, including memory cards, security tape, and access keys. I'm really hoping they verify that you're an elections official before they actually ship the stuff to you:
http://www.diebold.com/nasadmk/cgi-bin/desi_cata log.pl?section=9
Here you go - buy a dozen keys, for you and your friends:
http://www.diebold.com/nasadmk/cgi-bin/desi_cata log.pl?section=9&id=163
On a funny/sad note, the front page of their election products site as a glaring coding error (%=rs("newsdate")%):
http://www.diebold.com/dieboldes/
Well, there's an argument to be made that whether it was the Republicans or Iranian intelligence, the result would still be the Republicans in power. After all, the current administration has been a boon to recruitment. According to our own intelligence estimates, more terrorists are being recruited than are being killed. It does seem that Osama shows up on TV at just the right time to help the Republicans get elected. So, either he's totally clueless about how we react (admittedly, a possibility), or he *wants* Republicans in power (also a real possibility for the reasons just mentioned).
Ben Hocking
Need a professional organizer?
Which is that we don't have an independent media anymore. Rupert Murdoch is as likely to be a whistle blower as Karl Rove is.
Unless we have a real free press, with real media outlets (read: TV, radio, internet, magazine, newspaper, etc.), then we don't have a democracy.
Personally, after watching 911mysteries and other films on related topics, and reviewing the scientific facts for myself, I'm convinced that we already live in 1984, and the only solution is the bloody ugly one that Thomas Jefferson and most of our other founding fathers completely supported.
You did mention the "liberal" media, so you touched on it, but really, when 3 channels are quoting each other with created facts by obvious pundits who are clearly party members.....
You don't have freedom of the press anymore, and it's game over for democracy.
It's been that way since Kennedy got whacked, and on a related issue, that was also our last real election.
rhY
I hold very few opinions. I hold information based on observation and fact. If you wish to disagree, please use facts.
Here is the simplest way:
Hi, I am running for president. If I win, I promise to do one single thing. I will create and sign an executive order to split the gold in fort knox equally among the workers, friends and families of those those work at the companies that make the voting machines. Included in the order will be a clause that gives them complete immunity from ALL prosecution for any crimes they ever commit, and also they get first in line for heart/liver transplants, etc.
That's not obscurity, that's security through irrelevance.
Bite the hand.
Ok, cracks about my (in)famous lack of humility aside, you have a great point. This article took me a week from concept to execution, and over half that time was spent making the diagrams. Ultimately, I did a little over two days of basic technical research for this (including email correspondence with security experts in this area). I am not an infosec expert and I don't pretend to be--I'm just good at digesting tech info and turning it into a form that a non-specialist audience can grasp.
There are many Slashdot readers who could get up to speed on how to really steal an election in about half a day (or less) using publicly available documentation. The hardware isn't that complex at all, and the vulnerabilities in Windows (for the GEMS server) and WinCE (for the machine) are very well-known.
What I've described here is very, very low-hanging fruit for anyone with real security expertise.
Senior CPU Editor | Ars Technica | http://arstechnica.com/
Using the internet and its almost unlimited capacity to copy data around, I'm designing a system that aims to be simple and trustable.
It's easy yet disturbing. We can obtain a secure system if we remove anonymity. Then it's almost simple, distribute around the vote database and allow anybody to check the results.
In that kind of context, verification is mostly a technicality and could rely on consensus.
To regain some bit of anonymity, there can be a system of reinscription on the electoral list using a pseudo. Simple too, and while the person/pseudo relationship is private, everything else remains public and verifiable.
There are three basic stones in such a system:
* P2P servers
* electoral list
* PGP signatures
Simple, basic, strong.
I'm trying to construct such a system using Ruby on Rails, here is my project: http://leparlement.org/
You can also come discuss security here: http://leparlement.org/security
It's a moderated forum *and* a mailing list. Please, come and test it!
There were lots before OS-X, Not sure how easy it is to find info about them, since they were pre-internet, but they exist, passed mostly by floppies.
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
More likely, if Gore had won, Saddam would still be in control of Iraq, but we'd have captured Osama. There wouldn't have been a "War on Terror", but rather a "War on the Taliban/al Qaeda". Perhaps I'm giving Gore too much credit, but this much I'm sure of: it wouldn't be any worse than it is now.
Ben Hocking
Need a professional organizer?
You did mention the "liberal" media, so you touched on it, but really, when 3 channels are quoting each other with created facts by obvious pundits who are clearly party members.....
When I hear or read of the liberal media I ask what liberal media. But nobody bothers to reply. ABC? Disney owns ABC. CBS? It used to be owned by Viacom but after the split it's owned by CBS Corporation. And National Amusements is the majority owner of CBS Corp. NBC? NBC is owned by GE. Fox is owned by Murdock's News Corp. Are Disney, National Amusements, News Corp, and GE liberal? Well there's PBS but as it's government it's controlled by government wich is currently run by Bush. There are others but these are the major media organizations that broadcast over the airwaves.
FalconShould there be a Law?
Well, what do you think it would do to American politics and the respectability of the American president if the terrorists could cause the election to go to a Libertarian? First off, it would show the election to be a sham, secondly, if we honored the results, the Libertarian would probably leave them the hell alone, stop supporting the despots we love to hate, etc
Hey any terrorists who rig an election so libertarians win need to be supported.
FalconShould there be a Law?
" China and India, the two most populus countries in the world, had high population growth, but now that their economy has dramatically improved their birth rates are dropping."
Do you actually have a reference to support this or did you pluck it out of your....
Amoung others Foreign Policy magazine had an article on this. Unfortunately as their online archives is subscription based and I don't have a subscription I can't provide a link. I have to admit though you pointed out something I left out about China, that China has a one child one couple policy. And while rural areas don't directly feel the economic boom in China more and more people are moving from the countryside to cities. Wish I could find one article from "Foreign Policy" but they had an article on one of the fastest growing cities in central China that said thousands of Chinese are moving to every day. This releases some of the economic pressure on rural areas. As for India, farmers are experiencing hardships with many committing suicide. They don't have open access to the industrial nations such as the US and EU, and the US and EU can import into India agricultural products relatively cheaply. That's a big reason the WTO meetings failed in Europe this summer. Because the EU wouldn't talk about opening their markets to imports and the massive subsidies the EU gives to farmers the Indian representative walked out.
If China and India weren't benefitting from an economic boom then neither would be able to finance the US national debt, and China and India are the biggest buyers of US Treasury bonds and notes respectively.
FalconShould there be a Law?