Slashdot Mirror

← Back to Stories (view on slashdot.org)

Video Shows Easy Hacking of E-Voting Machines

Posted by timothy on from the stick-to-gambling-machines-kid dept.

Mike writes "The Security Group at the University of California in Santa Barbara has released the video that shows the attacks carried out against the Sequoia voting system. The video shows an attack where a virus-like software spreads across the voting system. The coolest part of the video is the one that shows how the 'brainwashed' voting terminals can use different techniques to change the votes even when a paper audit trail is used. Pretty scary stuff. The video is absolute proof that these types of attacks are indeed feasible and not just a conspiracy theory. Also, the part that shows how the 'tamperproof' seals can be completely bypassed in seconds is very funny (and quite disturbing at the same time)."

16 of 254 comments (clear)

  1. Early vote makes your vote count (better chance) by InsaneProcessor · · Score: 5, Interesting

    That is why I always early vote. It is on paper where I vote and that stands a better chance of getting counted correctly.

    --

    Athiesm is a religion like not collecting stamps is a hobby.
  2. Theatre by adpsimpson · · Score: 4, Interesting

    The interesting thing here is that I would expect one of two things. Either physical security should be taken seriously, in which case a 'tamperproof' seal should be just that (not hard to design) or an assumption be made (not unreasonably) that physical attack against the machines is unlikely and easily preventable.

    A supposedly tamper-proof seal which can be circumvented shows either a cynical disregard for physical safety (ie "we know it's a threat, so we'll put in a seal to make people think we've taken it seriously") or another TSA-style "theatre" solution (ie "we don't think it's a threat, but we'll let people believe that it is, and that we've done something about it").

    Both of these interpretations are disturbing. However Hanlon's Razor ("Never ascribe to malice that which is adequately explained by stupidity") may of course apply.

    --
    Is crushing a suspect's child's testicles illegal?
    John Yoo: "No, [if] the President thinks he needs to do that."
  3. Everything is hackable by COMON$ · · Score: 2, Interesting

    The real question is, is this more difficult to spoof than the current paper method? Anyone can fake a paper ballot, it is a small subset who can carry out these electronic attacks, although the consequences of this smaller subset's maliciousness could be worse.

    --
    CS: It is all sink or swim...oh and did I mention there are sharks in that water?
  4. Re:Quicktime? by DurendalMac · · Score: 1, Interesting

    Why? If Quicktime gets the job done quickly and easily, why the hell does it matter? Why does everything have to be based on open standards, especially when it's something as simple as a web video? Quit your whining. What is important to you is NOT important to everyone else. Come to grips with that already.

    God I hate FOSS fanboys. FOSS is all well and good, but don't expect everyone to use it exclusively. I've seen fanboys of all stripes, but nothing can match a FOSS zealot.

  5. Re:paper trail fails? by LWATCDR · · Score: 4, Interesting

    Take a look at the problems in Palm Beach county again. They lost over 3000 votes.

    I swear that they do this just to get attention. Oh and before anybody makes any remarks about Florida or the south let me clue you.
    Very few people in Palm Beach county are from Florida or the south. It is New York south.
    It looks like this is going to a close election. Which means that the looser will without a doubt claim that they didn't and that somebody lost votes or rigged a machine.
    At this point I hope that it isn't close no matter who wins. Well since I am not fond of any of the candidates at this time.

    --
    See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
  6. Wootube link by neokushan · · Score: 2, Interesting

    Uploaded the low-quality version to youtube, here's the link:

    http://www.youtube.com/watch?v=SzYUkXG7Occ

    (Currently processing, it'll be done soon).

    --
    +1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
  7. Open Source by epistemiclife · · Score: 2, Interesting

    I think that any voting software should be open source. If we're to trust our votes to machines, then the software running them should be in an open box, not a black one. Perhaps then we wouldn't have to read about the security holes; we could find point them out ourselves.

  8. Re:Slashdot links to a 100MB QuickTime movie... by Anonymous Coward · · Score: 1, Interesting

    MPEG-4 files are ISO Base Media files. ISO Base Media files are exactly the same as Apple QuickTime MOV files, notwithstanding MOV files might have superfluous but entirely innocuous atoms.

    Apple also uses H.264 and AAC as default output formats, which means not only is the container file the same, so too are the codecs likely the same. I can't tell for sure, because it's Slashdotted.

    Me thinks most of the people who can't playback the file are using Windows, where "MPEG-4" means whatever Microsoft says, and not what the specification says. MPEG-4 support in FOSS land is actually quite robust these days.

    (I have paid copies of most of the 14496 series.)

  9. Re:Gore and Kerry Lost,. Get over it. by Fantastic+Lad · · Score: 2, Interesting

    The Florida Panhandle scheme was dirty and wrong.

    But the claim that voting machines were the result of the "Democrat Political Machine" seems far fetched in the extreme. When I looked into the history, it appears that their implementation was a long and complex process, aided in significant ways by many Republicans, and more importantly, built and programmed by companies with staunch Republican allegiances. So. . , what are you basing your assertion on?

    -FL

  10. Re:Quicktime? by jebrew · · Score: 2, Interesting

    More to the point, if you're expecting large amounts of traffic, wouldn't you want to offer it up on YouTube or in a torrent form?

  11. Re:Quicktime? by DurendalMac · · Score: 3, Interesting

    Oh really? How many people have DivX codecs already on their computers as opposed to Windows Media or Quicktime? How many people already have Ogg Theora codecs installed? Your argument falls apart completely when you realize that a lot of open codecs are not preinstalled on systems. Grandma doesn't give a damn about how open your codec is. She cares about being able to watch something without having to download and install more crap.

  12. Re:Quicktime? by jlarocco · · Score: 2, Interesting

    Your argument falls apart completely when you realize that there's no reason they can't host the videos in multiple formats.

    --
    Maybe not
  13. Re:Early vote makes your vote count (better chance by Le+Marteau · · Score: 4, Interesting

    I work as an "Election Judge" every election (they used to call them "Poll Workers". Each year the county hires hundreds of average people, gives them a couple hours of training, and they are the ones who set up the machines, check for ID's, handle the list of registered voters, etc.

    Me, I'm a "Machine Judge." I get to the polling area in the morning of the election, the machines are already there, unassemblede. I check the seals, and set up the machines, activate the machines for the voters during the day, get the results out of it at night, take the results to a central location.

    Low paying? Not where I live. I get $250.00 for the couple hours training and working on election day at one precinct, which is not bad.

    It's well looking into. Take a paid vacation day, get $250 over that, and be the one who protects the democratic process (at least at the precinct you are at).

    They need geeks who are computer literate. You should see some of the geezers try to set up those voting machines. It's sad.

    --
    Mod down people who tell people how to mod in their sigs
  14. Re:Early vote makes your vote count (better chance by Beryllium+Sphere(tm) · · Score: 2, Interesting

    VoteHere had a solution to that, which was a tracking barcode on the ballot which a voter could use to check whether her ballot got scanned at the counting station. Cryptographic High Magic kept the ballot from being linked back to the voter, barring extensive collusion or some edge cases(*). This was field tested in one small county in Washington State, where it met with a lawsuit because state law does not permit any unique marking on a ballot at all and specifies "absolute" secrecy. King County, the big county that includes Seattle, decided against going with that system.

    (*) The system limited the information you could get from someone's tracking code to "it's somewhere in the hundred ballots of batch N". Fine, except if processing is broken down by precinct, and if the precinct has only a few dozen people in it (common in Washington), and if only a fraction of those vote absentee, then the vote won't be lost in a batch of 100.

  15. Re:Early vote makes your vote count (better chance by Abreu · · Score: 2, Interesting

    It can be both mandatory and secret by this simple way:

    -

    Months before the election, you go to the voter registry and get your voter card issued/reissued. This card has your picture, your signature and your thumbprint and is hard enough to counterfeit for it to be considered a valid id by banks and the like. This card is also a proof that you are in the national voters registry.

    On election day, you show up at your assigned voting location, which is in a closed public area (usually a school or a public library).

    Here, before they allow you in, they check your thumbs (see below for the reason) and your voter registration card is verified against the list of voters of your district. This list comes in a "book" form where they have a copy of your voting card, including the picture.

    Once he/she finds you in the list (and checks the picture to see that it is indeed you), an election official crosses out your name from the list and allows you proceed to the next step.

    At the next desk, you are given a paper ballot for each election happening that day (president, state governors, local and federal deputies, etc)

    With these, you step into a booth where thereâ(TM)s a number of black crayons. You use these to cross out the symbol of the party you are voting for on each ballot (or write in another name if you are so inclined).

    You leave the booth with your ballots folded twice and drop them into the designated transparent boxes.

    And finally, your thumb is painted with an enzymatic liquid that makes the skin in your thumb go red-black in about 30 seconds (the color fades away 3-5 days later).

    Then you can go home, feeling happy about fulfilling your civic duty.

    note: Each one of these steps is verified by a representatives of each political party, national and sometimes international observers.

    -

    What country is this, you may ask, with such a sensible electoral system? Why your third-world neighbors here in Mexico!

    While I will admit that its not perfect and we still get voting irregularities (system works great in the cities, less great in the rural areas), I am sure it beats a lot of systems used in the US.

    --
    No sig for the moment.
  16. Re:IRS? by Amouth · · Score: 2, Interesting

    i still think it wouldn't be that hard to shift the resources we have now for voteing and cover the work.

    could it happen over night? no.. government doesn't work that fast..

    could we do it in a year.. i think so if people supported it - and while not perfect i do think it would be better than what we have now..

    everyone should be required to vote.. even if it is a "none of the above"

    --
    '...if only "Jumping to a Conclusion" was an event in the Olympics.'