Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Voting Machine Anyone Can Hack

Posted by samzenpus on from the vote-now-vote-often dept.

Presto Vivace writes about a study published by the Virginia Information Technology Agency outlining just how bad the security of the AVS WINVote machine is. "Virginia election officials have decertified an electronic voting system after determining that it was possible for even unskilled people to surreptitiously hack into it and tamper with vote counts. The AVS WINVote, made by Advanced Voting Solutions, passed necessary voting systems standards and has been used in Virginia and, until recently, in Pennsylvania and Mississippi. It used the easy-to-crack passwords of 'admin,' 'abcde,' and 'shoup' to lock down its Windows administrator account, Wi-Fi network, and voting results database respectively, according to a scathing security review published Tuesday by the Virginia Information Technologies Agency. The agency conducted the audit after one Virginia precinct reported that some of the devices displayed errors that interfered with vote counting during last November's elections."

18 of 105 comments (clear)

  1. Who certified them? by Holi · · Score: 5, Insightful

    How the hell did something like this get certified in the first place? Seriously, there needs to be an investigation into that and heads should roll.

    --
    Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
    1. Re:Who certified them? by OneSizeFitsNoone · · Score: 2

      It matched perfectly customer's requirements, of course!

    2. Re:Who certified them? by PopeRatzo · · Score: 5, Informative

      How the hell did something like this get certified in the first place?

      How, indeed.

      This is not the first time Diebold’s been accused of bribery. In 2005, the Free Press exposed that Matt Damschroder, Republican chair of the Franklin County of Elections in 2004, reported that a key Diebold operative told Damschroder he made a $50,000 contribution to then-Ohio Secretary of State J. Kenneth Blackwell's “political interests” while Blackwell was evaluating Diebold's bids for state purchasing contracts. Damschroder admitted to personally accepting a $10,000 check from former Diebold contractor Pasquale “Patsy” Gallina made out to the Franklin County Republican Party. That contribution was made while Damschroder was involved in evaluating Diebold bids for county contracts. Damschroder was suspended for a month without pay for the incident. Despite the scandal, he was later appointed as Ohio Secretary of State Jon Husted's Director of Elections.

      Diebold was at the center of Ohio’s 2004 election debacle, much of this captured in an article by Free Press Senior Editor Harvey Wasserman and this author, entitled, “Diebold’s Political Machine.” Walden "Wally" O'Dell, chairman of the board and chief executive of Diebold, was a long-time funder of Republican candidates. In September 2003, he held a packed $1,000-per-head GOP fundraiser at his 10,800-square-foot mansion Cotswold Manor in Upper Arlington, Ohio. He was feted as a guest at then-President George W. Bush's Texas ranch, joining a cadre of “Pioneers and Rangers” who pledged to raise more than $100,000 for the Bush reelection campaign.

      Most memorably, in 2003 O'Dell penned a letter pledging his commitment “to helping Ohio deliver its electoral votes to the President.” O'Dell defended his actions, telling the Cleveland Plain Dealer “I'm not doing anything wrong or complicated.” But he also promised to lower his political profile and “try to be more sensitive.” But the Diebold boss' partisan cards were squarely on the table.

      Prior to the 2004 election, Blackwell tried to award a $100 million unbid contract to Diebold for electronic voting machines. A storm of public outrage and a series of lawsuits forced him to cancel the deal. But a substantial percentage of Ohio's 2004 votes were counted by Diebold software and Diebold Opti-scan machines which frequently malfunctioned in the Democratic stronghold of Toledo. It was revealed in 2006 that Blackwell owned Diebold stock.

      Diebold's GEMS election software was used in about half of Ohio counties in the 2004 election. Because of Blackwell's effort, 41 counties also used Diebold machines in Ohio's highly dubious 2005 election.

      Also in the Ohio 2004 election, a whistleblower leaked documents revealing that Diebold had allegedly used illegal, uncertified hardware and software during California election.

      --
      You are welcome on my lawn.
    3. Re:Who certified them? by Anonymous Coward · · Score: 5, Informative

      Howard T. Van Pelt, co-founder of Global Election Systems (now Diebold) became president and CEO of Advanced Voting Solutions in June 2001.

  2. Actually that is the easiest one... by Ecuador · · Score: 2

    The name of the company that made these, was Shoup. I guess they would have changed that password to "AVS", but their (ridiculously easy) passwords are actually hardcoded, so it was too much work I guess...

    --
    Violence is the last refuge of the incompetent. Polar Scope Align for iOS
  3. Re:Paper trail by PopeRatzo · · Score: 2, Insightful

    What the fuck are you U.S.A.sians doing?

    Rigging elections keeps us free. Aren't you paying attention?

    --
    You are welcome on my lawn.
  4. Advanced Voting Solutions by Anonymous Coward · · Score: 5, Interesting

    Considering the company gave $32M to various democratic campaign orgs during the 2012 election cycle, this should come as no surprise.

    It is absolutely no coincidence that VA and PA, both reddish states, and both critical to Obama's re-election, somehow fell to the blue category using these voting machines.

    I'm not even a USAian, but even I can see that your election system is a total fraud.

  5. Re:Paper trail by CastrTroy · · Score: 4, Interesting

    I love the Canadian paper voting method and I hope it never changes. However, there are some differences between the Canadian System and the US system. In Canada, we usually only have one thing on the ballot. Either it's a federal election and you vote for your MP. If it's a provincial election you vote for your MPP. If it's a municipal election, there maybe be three things you can vote for, like mayor, city councillor, and school board trustee. But that's about as complicated as it gets. Compare the US election ballot with a Canadian election ballot. You could see why they might want to use a computer so they can lay things out a little more clearly. Ask one question per screen and it becomes a little less daunting. However, I think that if they are going to use computers to make the voting easier, it should really just be used to enter and print out your ballot, which is then deposited into the ballot box and counted manually.

    Really though, I don't think computers should be used at all. I've heard too many stories of polling locations not having enough machines and people having to wait hours in line to vote. The greatest part about the Canadian system is that It's never taken me more than 10 minutes to vote, and I've never had to travel more than 10 minutes to vote. I usually just stop by on my way home from work. I once lived in a highrise apartment that had it's own polling station. They basically have one in every school. It's so effortless. And yet we still don't have enough people voting.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  6. Rank Amateurs by gsslay · · Score: 2

    This is about as bad as software development can get, never mind software that's supposed to have basic security. It all points really to a package written by rank amateurs who had no idea what they were doing designing software, far less having the beginnings of a clue about hardening their software to attack.

    I mean, hard coded passwords? Really? Hard coded passwords that are this obvious? It's staggering incompetence. Was this written by a self-taught hobbyist over the course of a weekend?

    1. Re:Rank Amateurs by benjymouse · · Score: 2

      As I read it, it was not an issue with the developed software (although there may be issues there as well), but rather an issue with the *setup* of the machines. It was not the developers who failed (passwords not hardcoded) but rather the admins deploying the machines were braindead and the auditors obviously clueless. For something like this they shold have used an randomly generated password or simply shut themselves out of the system (which is possible on Windows).

      --
      Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
  7. Re:Paper trail by blane.bramble · · Score: 2

    Why not do what the UK does and use a separate piece of paper for each, and maybe vote on fewer things at any one time?

  8. Re:I'd Like To See Electronic Voting Work by CastrTroy · · Score: 5, Insightful

    The biggest problem with designing an electronic voting system is how the voter and election officials are supposed to verify that it's running the correct system on election day. Let's say they did develop a perfect system that was proven to work. How do I verify that said system is even running on the computer when I walk up to it on election day? It could be any system that just shows the proper screens to verify that it is a legitimate system. The only way for me to be sure that my vote was counted correctly would be to be able to check later on some secondary system, which would remove the secret ballot feature.

    Compare this to a paper ballot system, where everything is completely transparent. I can watch them seal the empty box at the start of the day, watch my ballot go into the box, and then watch all the ballots be counted at the end of the day. It's easy enough for a 10 year old to understand exactly what's happening. There is very little ability to mass game the entire system. You might be able to put a couple extra votes in a few boxes, but it would take a huge conspiracy to vastly shift the vote across multiple polling stations. With voting on computers, it could be done quite easily.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  9. Re:Paper trail by Noodles · · Score: 2

    Apples and Oranges. How many races on a UK or Canadian ballot? Two? Go ahead and hand count those. Americans typically have dozens of races.

  10. Re:Paper trail by Bob+the+Super+Hamste · · Score: 2

    Yet here in Minnesota we can still use paper ballots where one just fills in the bubble and sends them through the scantron like machine. We are able to get results shortly after polls close unless a hand recount is needed, the machine is very accurate at counting ballots, and there are paper ballots that in case of a recount or other questions can be manually inspected by anyone with at least one functioning eye.

    --
    Time to offend someone
  11. Windows you say? by davidwr · · Score: 2

    Unless this was a stripped-hown, hardened version with nothing but a custom kernel and custom-everything else with all unnecessary bits stripped out and hardening put on top of it, I wouln't trust it unless it had a voter-verified, human-manually-coutable paper ballot as part of the voting process for every vote.

    Wait, what am I saying? Even if it was stripped and hardened, I wouldn't trust any voting system that didn't have a way to print a ballot that the voter actually saw which could be examined in a manual recount.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  12. Re:Huh by Bob+the+Super+Hamste · · Score: 2

    Unfortunately that would be easily recognized as a glitch. Really what people should do is rig it so that 3rd party candidates start winning entire precincts and make the existing 2 major parties minor parties. For example in Minnesota if your party falls below 5% of the vote in a statewide election it looses major party status. This means it doesn't get automatic ballot access (state law), and also won't be included in any debates(rules setup up by the local media).

    If you are going to hack democracy why not really hack it.

    --
    Time to offend someone
  13. now you have two problems. by goombah99 · · Score: 2

    If any electronic voting system is going to work, it would be a system that prints what you've voted so the voter can see what he/she voted. And then you have a separate electronic counting of those pieces of paper.

    Now I know in the past they had some what similar systems in the US and they had problems with printers not working, so I don't know if they'll ever get it right.

    There are also a whole lot of people who use terms like math/encryption or blockchain.

    So far I haven't seen a system that works.

    It does however make for interesting presentations:
    http://media.ccc.de/browse/con...

    Good lord, that did not make the problem better, you just have all the problems of both and none of the advantages.

    And a photo of any such paper would allow you to prove how you voted which is antithetical to the secret ballot. Conversely a photo of a marked paper ballot is not proof of how you voted since it's not counted until it is invisible in the ballot box or optical scan. The voting machine makers tried to do something like that with a rolled continuous paper ballot printer the voter could see. However these tape ballots which were longer than a football field proved impossible to manipulate for recounting. With cut sheets it's easy to divide them into piles for any race and then have the observers help you recount the piles. takes very little time to sort and recount fixed page paper ballots for any given race being recounted. Not so with the toilet paper rolls. Furthermore, paper jams and printer malfunctions made these unreliable. paper ballots don't have that problem and if the opscan jams they can be counted later after putting them in a locked ballot box.

    finally when a machine does go down or a church bus shows up to vote all at once, long lines ensue. When pen breaks on a paper ballot you get more pens, and you can have as many voting stations as you like.

    Finally, which record is the actual record in case of a discrepancy? the electronic one or the paper one? ideally you want one tracable to the voters makrking action not her click-through glance at a printed paper ballot. With DRE's the errors happen during the clumsy touch screen process. (e.g. if you can't make a fist with one finger extended (people with R. Arthtrhitis can't) then you can't use a touch screen accurately. the touchscreens get out of calibration and programming errors result in incorrect recording of votes. pens on paper are generally more accessible (even though DREs can offer some handicap accessible features) and record the voters intent directly.

    p>That way you have faster counting of votes and still everything on paper as back up.

    faster? no slower. precint counting is not the slow part. the optical scans of paper count instantly. the rate limits are how may voters can vote at the same time (paper ballots win) and the protocols for collation to central tabulation of the precints (for which there's not any difference between opscan and a DRE voting machines).

    --
    Some drink at the fountain of knowledge. Others just gargle.
  14. Norway by ThatsNotPudding · · Score: 2

    I once asked a man visiting us at work from Norway what voting system they used. "Paper and pen and then we count them.", he said with a facial expression as if I'd asked him how he normally cooked his offspring for consumption.

    You only need voting machines for one thing: FRAUD. Fuck the corporate-owned networks wanting a winner two minutes after the polls close; if it takes a few days to count manually marked paper ballots openly, fully, and properly, SO BE IT.