Slashdot Mirror
The Voting Machine Anyone Can Hack
Presto Vivace writes about a study published by the Virginia Information Technology Agency outlining just how bad the security of the AVS WINVote machine is. "Virginia election officials have decertified an electronic voting system after determining that it was possible for even unskilled people to surreptitiously hack into it and tamper with vote counts. The AVS WINVote, made by Advanced Voting Solutions, passed necessary voting systems standards and has been used in Virginia and, until recently, in Pennsylvania and Mississippi. It used the easy-to-crack passwords of 'admin,' 'abcde,' and 'shoup' to lock down its Windows administrator account, Wi-Fi network, and voting results database respectively, according to a scathing security review published Tuesday by the Virginia Information Technologies Agency. The agency conducted the audit after one Virginia precinct reported that some of the devices displayed errors that interfered with vote counting during last November's elections."
ever tried shoupping?
https://www.youtube.com/watch?...
Troll is not a replacement for I disagree.
windows? diebold you can do better and does this work on there windows based ATM's as well?
How the hell did something like this get certified in the first place? Seriously, there needs to be an investigation into that and heads should roll.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
The name of the company that made these, was Shoup. I guess they would have changed that password to "AVS", but their (ridiculously easy) passwords are actually hardcoded, so it was too much work I guess...
Violence is the last refuge of the incompetent. Polar Scope Align for iOS
I take it was running on WinXP of course, didn't it?
Advanced Voting Fraud Solutions
It's our new feature "DBS" or "double bluff security" to protect against brute force attacks. You see, no one would think we'd be stupid enough to secure a voting machine's admin account with the password "password" so they'd never try it. Ergo it's unhackable. (Also "WinVote" - that's an appropriate name: the machines let you "win" extra votes...)
English please?
whether it's possible to produce a viable internet voting system
The big problem is creating a system where votes are both verifiable (alone, easy: PGP sign them) and where the secret ballot is maintained (alone, easy: use TOR). Nobody's yet come up with a viable way to combine these two required features.
In Canada we use paper ballots and we know the outcome of an election in less than 24 hours.
What the fuck are you U.S.A.sians doing?
Get free satoshi (Bitcoin) and Dogecoins
and how hillary will get elected...
Can't we remove the sillyness of the middleman and just directly go to auctioning off people in politics.
Large companies pay more in party contribution than in taxes anyway, so they have a right to buy the laws.
Don't fight for your country, if your country does not fight for you.
Internet voting sounds good in theory. But at the same time, I really feel that at least some effort should be made on behalf of the voter to actually cast a vote.
Honestly, there are many time periods to vote (early polls as well as voting day.) If people cannot be bothered to do this, do you really think that they will investigate any issues before voting? Heck, I still don't like that you can just check one box to vote a party in for all seats on the ballot.
We are already seeing the system rigged by busing voter blocks to the polls while offering food and other incentives. Why make it easier by not even requiring a physical presence?
That said, I think I'd be more in favor of electronic voting if we had more than two viable parties as it would be harder to game.
Considering the company gave $32M to various democratic campaign orgs during the 2012 election cycle, this should come as no surprise.
It is absolutely no coincidence that VA and PA, both reddish states, and both critical to Obama's re-election, somehow fell to the blue category using these voting machines.
I'm not even a USAian, but even I can see that your election system is a total fraud.
gotz v0ting rites too, knowwhatimsayin
"and does this work on their windows based ATM's as well?"
This is about as bad as software development can get, never mind software that's supposed to have basic security. It all points really to a package written by rank amateurs who had no idea what they were doing designing software, far less having the beginnings of a clue about hardening their software to attack.
I mean, hard coded passwords? Really? Hard coded passwords that are this obvious? It's staggering incompetence. Was this written by a self-taught hobbyist over the course of a weekend?
Well lets get a grayhat team over there and make sure Virginia votes entirely for Mickey Mouse.
It's about time we had a rodent American in office.
"If any question why we died, Tell them because our fathers lied."
The biggest problem with designing an electronic voting system is how the voter and election officials are supposed to verify that it's running the correct system on election day. Let's say they did develop a perfect system that was proven to work. How do I verify that said system is even running on the computer when I walk up to it on election day? It could be any system that just shows the proper screens to verify that it is a legitimate system. The only way for me to be sure that my vote was counted correctly would be to be able to check later on some secondary system, which would remove the secret ballot feature.
Compare this to a paper ballot system, where everything is completely transparent. I can watch them seal the empty box at the start of the day, watch my ballot go into the box, and then watch all the ballots be counted at the end of the day. It's easy enough for a 10 year old to understand exactly what's happening. There is very little ability to mass game the entire system. You might be able to put a couple extra votes in a few boxes, but it would take a huge conspiracy to vastly shift the vote across multiple polling stations. With voting on computers, it could be done quite easily.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
The logic has already been figured out, and a computerised version would be far simpler to use, and just as effective.
They don't want to have basic security. They want them to be easily broken into. They want it that way so they can get the results they want. The software works perfectly to that end.
Remember: it's not the voters that count, it's who counts the votes.
And it's too complicated, at least for jurisdictions allowing universal sufferage. The means of voting has to be understandable by the incredibly stupid: if they're not capable of understanding the voting process then they are in effect being denied the vote. Putting a cross next to the name, photo and symbol of the candidate you like is about the simplest possible means of voting. Numbering candidates on a single paper, as is done in some voting systems, is a bit harder but still within the mental capacity of just about everyone. The ThreeVote system you linked is significantly more complicated to explain to someone, both conceptually and in terms of instructions for what they should do when they arrive at the polling station. It also requires a trusted authority to verify that the ballot has been cast correctly in order to avoid significant problems with multiple voting, which further undermines the transparency and trustworthiness of the system. I still prefer a paper ballot.
Its fairly obvious these are features built in on purpose. Its never a mistake when a profesional that specializes in a field suddenly produces a product with problems such as buffer overruns in key security components that were magically not vetted. Look at Ohio and how Bush got a presidency, and the machines in place.
This was done on purpose, using crap, making it easy, and hard to track when it happens. Surprise our experts didn't think of that, right!! Its all smoke an mirrors to abuse a system that still to this day doesn't have stringent "you go to prison laws" that prohibit the production of such crap and its tamper resistance requirements.
Problem is who is paying to have this continue? Find the money and you find the people making this happen.
Its my firm hope that Americans will get out their Go Team mentalities taught in Highschool and start thinking about things other than themselves. It is a hope, and if I'm hoping, I'm hoping big.
http://www.paul-robinson.us/index.php/2008/10/25/the_robinson_method_a_really_simple_way_?blog=5
This would solve all of these problems, but most people don't seem to be able to understand something so simple. Why?
Unless this was a stripped-hown, hardened version with nothing but a custom kernel and custom-everything else with all unnecessary bits stripped out and hardening put on top of it, I wouln't trust it unless it had a voter-verified, human-manually-coutable paper ballot as part of the voting process for every vote.
Wait, what am I saying? Even if it was stripped and hardened, I wouldn't trust any voting system that didn't have a way to print a ballot that the voter actually saw which could be examined in a manual recount.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Only people can hack it?
A real voting machine should be hackable by a chimpanzee.
I see at least the following problems:
1) It's too complicated. Most people won't be able to vote using this method.
2) People can be coerced to remember or otherwise store the serial numbers of all three ballots, allowing for vote coercion and selling.
2b) Several fixes have been suggested, including printing the serial numbers on the ballots after voting, disclosing only one, but see the next point.
3) Designing a machine that tests the three ballots and only casts them when consistent, and prints a receipt to boot, that isn't potentially as exploitable as a regular voting machine is probably as good as impossible.
4) Under realistic circumstances statistical methods can be employed to reconstruct most of the three ballot sets. This causes the same issues as point 2.
These problems are essentially independent of the medium, so they will remain no matter whether you use paper or a computer. Using a computer of course adds whole new classes of vulnerabilities.
If any electronic voting system is going to work, it would be a system that prints what you've voted so the voter can see what he/she voted. And then you have a separate electronic counting of those pieces of paper.
That way you have faster counting of votes and still everything on paper as back up.
Now I know in the past they had some what similar systems in the US and they had problems with printers not working, so I don't know if they'll ever get it right.
There are also a whole lot of people who use terms like math/encryption or blockchain.
So far I haven't seen a system that works.
It does however make for interesting presentations:
http://media.ccc.de/browse/con...
New things are always on the horizon
There have been allegations in the UK of voter intimidation after postal ballots became easy to obtain: people would require dependents to hand over their ballots, fill them all in, and post them back. Now, it may be that this didn't happen or wasn't statistically significant, but if people are not required to turn up and vote in such a way that they can't prove to someone else how they voted then there's the potential for doing this on a large scale.
Of course one solution would be to allow individuals to vote repeatedly but only count their last vote, though if you capture someone else's voting credentials then it's very easy to vote en mass with everyone's details at one second to the closing deadline...
I am TheRaven on Soylent News
If the state's Technologies Agency is equipped to produce damning reports, why wasn't it engaged to do so before the machine went into service ? The state can't make the case it was hoodwinked and simultaneously show it has the chops to uncover what was wrong.
Nullius in verba
Here's been my idea from day 1. Log everything to dot matrix printers. They're a great way to keep track of write only continuously streaming information, brain dead simple to operate, and highly reliable. Keep a running tally of vote counts on the printers. It easily reveals tampering if you see errant counting anywhere in the chain. And the total number of votes at the end of the day should equal the number of voters that have been logged in and logged out.
If any electronic voting system is going to work, it would be a system that prints what you've voted so the voter can see what he/she voted. And then you have a separate electronic counting of those pieces of paper.
Now I know in the past they had some what similar systems in the US and they had problems with printers not working, so I don't know if they'll ever get it right.
There are also a whole lot of people who use terms like math/encryption or blockchain.
So far I haven't seen a system that works.
It does however make for interesting presentations:
http://media.ccc.de/browse/con...
Good lord, that did not make the problem better, you just have all the problems of both and none of the advantages.
And a photo of any such paper would allow you to prove how you voted which is antithetical to the secret ballot. Conversely a photo of a marked paper ballot is not proof of how you voted since it's not counted until it is invisible in the ballot box or optical scan. The voting machine makers tried to do something like that with a rolled continuous paper ballot printer the voter could see. However these tape ballots which were longer than a football field proved impossible to manipulate for recounting. With cut sheets it's easy to divide them into piles for any race and then have the observers help you recount the piles. takes very little time to sort and recount fixed page paper ballots for any given race being recounted. Not so with the toilet paper rolls. Furthermore, paper jams and printer malfunctions made these unreliable. paper ballots don't have that problem and if the opscan jams they can be counted later after putting them in a locked ballot box.
finally when a machine does go down or a church bus shows up to vote all at once, long lines ensue. When pen breaks on a paper ballot you get more pens, and you can have as many voting stations as you like.
Finally, which record is the actual record in case of a discrepancy? the electronic one or the paper one? ideally you want one tracable to the voters makrking action not her click-through glance at a printed paper ballot. With DRE's the errors happen during the clumsy touch screen process. (e.g. if you can't make a fist with one finger extended (people with R. Arthtrhitis can't) then you can't use a touch screen accurately. the touchscreens get out of calibration and programming errors result in incorrect recording of votes. pens on paper are generally more accessible (even though DREs can offer some handicap accessible features) and record the voters intent directly.
p>That way you have faster counting of votes and still everything on paper as back up.
faster? no slower. precint counting is not the slow part. the optical scans of paper count instantly. the rate limits are how may voters can vote at the same time (paper ballots win) and the protocols for collation to central tabulation of the precints (for which there's not any difference between opscan and a DRE voting machines).
Some drink at the fountain of knowledge. Others just gargle.
Why does a voting machine need wifi? Did they put a usb port right on the front as well.
I once asked a man visiting us at work from Norway what voting system they used. "Paper and pen and then we count them.", he said with a facial expression as if I'd asked him how he normally cooked his offspring for consumption.
You only need voting machines for one thing: FRAUD. Fuck the corporate-owned networks wanting a winner two minutes after the polls close; if it takes a few days to count manually marked paper ballots openly, fully, and properly, SO BE IT.
From the wiki article you cite:
Broken Encryption
The encryption system used in the three ballot was broken by a correlation attack devised by Charlie Strauss[5] who also showed how it could be used to prove how you voted [6]. Strauss's attack relied on the fact that not all receipt strips can pair with all cast strip pairs since proposed triplets with 3 or 1 vote cast in any race on the ballot (not just one race of interest) can be rejected since the strips could not be from the same ballot. Since there are far more vote patterns on a typical United States precinct ballot than there are ballots cast in a precinct, statistically nearly all of the ballot pairs cast can only be paired uniquely with one receipt strip kept by the voter. This allows a the voters votes to be known by anyone with the receipt. Furthermore a voter conspiring to prove their vote (for money, coercion, or posterity) could mark all the strips in a unique previously agreed pattern that would assure recovery. Rivest et all, acknowledged this logic error in their concept[1], and revised the schema to require tearing off each race individually (destroying the correlation of the races) and having theoretically traceable tracking numbers on each race-level receipt. While this did restore the unbreakable aspect of the scheme, arguably the proliferation of receipts and chopped ballots rendered the mechanics of processing the votes or for a voter reviewing a receipt significantly complex, thus defeating its intended simplicity.
Some drink at the fountain of knowledge. Others just gargle.
Why should a company like Diebold care about security when they know they're guaranteed a no-bid contract?
What person in their right mind thought giving these things any kind of network connectivity was a good idea? Have we not learned from stupid decisions by SCADA system architects/administrators? If a network exists, the scale of a breach that will occur goes up drastically. A human being needs to be involved to physically relocate a certified write-once component from each machine to a central aggregator and then seal those removed components for audit verification. If I can have a hash verified write once knoppix dvd, why can't they build a verified write once voting machine OS/Application?
What do they imply by "even unskilled people" can hack them. Do they think it's ok for skilled professionals to be able to hack these machines? Those are the ones to worry about.
I see no reason why a voter can't receive a receipt containing a signed hash for each vote and a website that allows a hash to be verified against the votes cast. They still have no idea who the hash belongs to, but if there is a hash that doesn't match a recorded vote in the database, uh-oh.
The problem is that not all areas have equal difficulty. Not everyone can get (or afford) time off to vote. Those factors make it too easy to manipulate the results on a demographic basis.
I'd agree if we didn't have early voting
That's not all that universal either. We have it where I am, but only at one location in the county. There is also absentee ballots, but if you're already accepting ballots by mail, why not internet?
If anyone can hack it, then voting machine got truly democratic.
The voting process is just a bit skewed: the last to cheat votes for everyone, but at least it can be anyone.
Of all the major and massive technoogical achievements of mankind (roads, the engine, the computer, rockets, the power of the atom, quantum physics, Higgs boson), we can't come up with a sure fire way to fucking electronically vote.
It is this problem, that I think, is a sign more than anything else, of how little America really gives a fuck about the democratic process. We should just let Walmart run the country for fucks sake. Make Apple the official religion. And just stop thinking, cause, ya know... Google already knows more about us than we do...
Holy fucking shit... Following this thought through, I'm not sure which is more terrifying, the current state of affairs... Or the thought of every single vote being completely and 100% certain... Imagine Americans having the power to vote with the click of a button, on any issue, from the comfort of their nearest internet connection... It would either be a paradigm shift of a total nightmare...
how are you proposing to salt your hash so that idenitcal votes are not identical hashes? And also does your scheme allow vote selling?
Some drink at the fountain of knowledge. Others just gargle.
Salting is a simple enough matter, just a few random bits, much like the salt in a password hash.
As for the rest, I suggest facilitating the process of selling bogus votes. That is, any polling machine can be used to freely generate a bogus voting receipt which will appear to validate at the website but has a void flag set. For extra fun, someone validating a bunch of voided ballots (that they cannot see are void) will trigger an investigation.
The void flag is just a second election key mixed in with the hashed data. A real vote will have the correct election key hashed in. Election officials WILL be able to distinguish a void vote from a real one.
It wouldn't prevent all problems, but it would leave a great deal of evidence behind distributed among the voters so that it would be quite difficult to make it go away.
I can imagine other schemes which would be more air-tight but would put too many technical demands on the voters.
how would I know my vote was counted if it might have been given a void key?
Salting isn't trivial. if it is simple one can pre-generate all likely ballots with all salts. then you can know the ballot from just it's hash.
Some drink at the fountain of knowledge. Others just gargle.
The simplicity of a salt isn't the issue, it's the size. More salt confounds the process.
As for the question of your ballot being void, you can't know. Any more than you can know that your ballot didn't somehow end up in the river or burning in someone's fireplace before it made it's way to be counted (as I said, not perfect).
However, the election officials and press observers can know if a lot of void ballots get checked from residential addresses (remember, validating void ballots triggers an investigation). Presumably, the large number of void ballot validations after the election might cause such measures as enabling voters to check if their ballot is void or not (now that the election is over and the controversy is starting to boil).
At that point, nobody will be able to prove that their particular ballot was meant to count but was issued void, but there will be enough people complaining that it becomes evident something is wrong and likely of a criminal nature.