Security Firm Shows How To Hack a US Voting Machine

An anonymous reader writes: "Three days before the US Presidential Election takes place, California-based security firm Cylance showed the world how easy it is to hack one of the many [electronic] voting machine models that will be deployed at voting stations across the US on Election Day." Bleeping Computer reports that "The machine that Cylance researchers chose for their test was the Sequoia AVC Edge Mk1, one of the most popular models... The technique researchers created modifies the Public Counter, but also the Protective Counter, which is a backup mechanism that acts as a redundant verification system to ensure the first vote results are valid." Physical access is needed to hack the machine, but the hack takes a short time to perform.
FBI Director James Comey said in September that America's voting machines would be hard to compromise because they're not connect to the internet, but these researchers simply used a PCMCIA card to reflash the machine's firmware. Comey also made the reassuring point that it's hard to "hack into" America's voting system because "it's so clunky and dispersed. It's Mary and Fred putting a machine under the basketball hoop at the gym."

physical access to machine?

[OffTheLip]

How do bad actors accomplish that on a large scale?

Re:physical access to machine?

[Zak3056]

They and a few hundred of their friends could register to vote?

Guaranteed physical access to at least one machine per person involved in the conspiracy. Flipping a few key precincts is all you need to have a high probability of changing a US presidential election outcome.

Re: physical access to machine?

Given the Wikileaks' revelations, if I had to guess which part vote rigging could ever come from, I would definitely opt for Clinton. If a person is financed by Goldman Sachs, Qatar and Saudi Arabia, surely ethics isn't really a big deal for her, not to mention that we've just discovered that the same person is allowed to illegally process classified information on a private computer, which used to be a federal crime until few months ago.
I would feel safer and more reassured if voting count was performed by Cosa Nostra, at least they have some sort of "honor" to preserve.

Re:physical access to machine?

[rmdingler]

For the most part, they'd need to be registered in each precinct. Registering with a fake address is one of the easier forms of voting fraud to detect.

Yes. There is also little need to rig the precincts because the two-party system itself dominates the electoral landscape.

Here are your "choices", voters! Aren't you grateful you live in a free Republic?

Re:physical access to machine?

[ArchieBunker]

Break into the warehouse where the machines sit for 4 years...

Re:physical access to machine?

[Geoffrey.landis]

How do bad actors accomplish that [physical access] on a large scale?

Voting machines are stored when they are not in use, and in general, the places they are stored are not guarded by armed guards. (And, more to the point, are not guarded by pairs of armed guards.)

To get physical access to the machines, you just need to get a key to the warehouse that they're kept in. Try the janitor.

There are a large number of people associated with each voting precinct. You just need to insert one person. And you don't need to alter all the machines-- just a few.

Re:physical access to machine?

[TheRaven64]

You don't need to do it on that large a scale, especially for the Presidential elections. In 2012, which wasn't a particularly close election, flipping 63 electoral college votes would have let the Republicans win. Either Washington State or Colorado and California turning red would have changed the election outcome. Changing California red (by one vote) would have required changing 1,507,164 votes. Los Angeles alone had enough votes for Obama that compromising it and making it around 80% Romney would have been enough to flip California. It would probably be quite suspicious if polling were that wrong, but scattering a few attack devices throughout Democrat-voting areas and reducing the majority there would probably not have been picked up, and if it's only two states where the polling is particularly different from the eventual outcome then people won't be too suspicious.

2000 was a lot closer. Changing only 5 Electoral College votes would have changed the outcome. If Al Gore had carried his home state, no one would have been particularly surprised and that would have ensured that he won with a fairly large margin. Rigging the voting machines so that 40,115 Republican votes across the state were counted as Democratic wouldn't have raised any eyebrows, but would have inverted the outcome of the national election. The election was hotly contested because Bush won Florida by a mere 537 votes, giving him all of the state's 24 Electoral College votes. A single compromised voting machine could easily have moved 269 votes from Bush to Gore and changed the election outcome. Of course, some will claim that compromised voting machines did flip around that number in the opposite direction...

Re:physical access to machine?

[hey!]

Except the US government does not have custody of or access to the machines. The machines are owned, operated, and secured by local governments.

Thus an effort to by the US government to hack the machines would entail clandestine physical access to the machines -- a "black bag job". And to throw the electoral college you need to do a lot of burglaries in a big state, or a lot of burglaries distributed across multiple small states. In 2000 it could have been done by hacking a single precinct (about 2500 voters in FL), but nobody could have known it would be quite that close; so you'd really need to hack a lot of machines to be sure, and if you're doing something like that you want to be very sure. It's a cost/benefit calculation: hack too little you risk getting caught and undermining a legitimate victory; hack too much and your risk of getting caught goes up rapidly as more people and places are involved. Nobody could know in 2000 that the margin would come down to 537 out of eight million registered voters.

And in 2016 the risk/benefit math is dominated by this fact: if you add up all the safe states for each candidate, Clinton has to win just 18 EVs from the remaining contended states; Trump needs to win 107. If Clinton wins just one of the five largest contested states she wins the electoral college; this amounts to five rounds of single elimination for Trump. On top of this there is a massive disparity in ground game. Trump only started to organize get-out-the-vote (GOTV) infrastructure in the final weeks of the campaign, making it difficult for him to score upsets over polling. Clinton has been preparing her ground game for years.

So it makes no sense for Clinton (supposing she had friends in the FBI or CIA to help her) to risk undermining the legitimacy of an election she is very, very probably going to win.

All that said, voting machines DO pose a serious threat to the legitimacy of local elections. Also, voting machine malfunctions could well throw the presidential election one way or the other.

Re:Best solution I ever heard

[Joe_Dragon]

and your boss can force you to vote their way with that as well.

Re:Best solution I ever heard

[CajunArson]

Scantron is fine since it combines a simple, reliable, non-networked and relatively hard to hack scanner at each polling location with easy to read paper ballots as a backup in case of mischief. That combines the basically instantaneous and accurate results of a machine with the

The receipt of who you voted for is a disastrously bad idea though. First of all, there's no way that receipt could ever be used in a recount for obvious chain-of-custody reasons so it doesn't reduce fraud at all. Second of all, it makes it so that a black voter in Philly better show that he voted for Hillary or else -- or that a white voter in rural Alabama better show he voted for Trump or else. Nobody (ok, nobody with any integrity) wants that.

Re:Bullshit defense

[dywolf]

its not ignorant just because you don't understand the point being made.

theyre making the point that because we don't have a uniform centralized system controlled from the top down anyone who actually wants to attack the electoral process would have to expend a tremendous amount of resources to have any affect.

my county uses paper ballots, that go into a scantron type scanner permanently attached to a large pelican case. the scanner is non-networked. the next county over still uses punch cards (hopefully of a better quality than Florida's). in both cases the final tally is only accessibly by authorized personnel who must physically transcribe the number, with multiple person verification, onto a form that's reported to the sec state.

the clunky and dispersed nature of the system IS a form of security, rather than a lack of it.
an attacker might be able to exploit a flaw in the machines or even the people used by one county, but that's it. the attack can't proceed any further than that one county. to scale up requires an equal level scaling up in the size of the conspiracy and it simply becomes unworkable and unreasonable to actually pull off.

Re:Best solution I ever heard

*Sigh* - the voting system shouldn't have a receipt you can use to prove who you voted for. This leads to (a) vote selling and (b) coercion. This is a simple basic requirement of the voting system. Please don't make recommendations until you learn the basics.

Paper...

[JasterBobaMereel]

The paper and pencil voting system with manual counting is even more unhackable, and easily verifiable whilst still being anonymous and immune to vote selling ad coercion ...and is used all over the world with no real issues ....

Coins for Hillary

[Geoffrey.landis]

This woman won 6 of 6 coin tosses to beat Bernie in Iowa.

That is incorrect information that was pushed by the media in initial frenzy of reporting, but completely debunked. Here's the Iowa Register story, which I would the most accurate source for information in Iowa: http://www.desmoinesregister.c...

According to the Register, the report of Hillary winning six coin flips came from social media. Of the seven coin flips to break ties that were actually officially reported through the voting app, Sanders won six, and Clinton one. http://www.cnn.com/2016/02/02/...

Here's a more interesting question: since Clinton did not in fact win a majority of coin tosses, what are the statistical chances that coin flips that happened to get reported in on social media would suggest that she did?

Another link: http://www.theatlantic.com/pol...

Secret ballot is important

[Geoffrey.landis]

An abusive spouse is just one of thousands of scenarios of voting coercion.

The U.S. adopted secret ballots for a reason: to make it harder to implement vote buying and coercion. Maybe you're thinking that in modern times when everybody is trustworthy and nobody had bad motives, we don't need this safeguard.
But nevertheless, there is a reason for the secret ballot, and we shouldn't undermine it.

Re:Bullshit defense

[jez9999]

Comey is the guy who's come out and said Hillary Clinton is basically innocent of any criminal wrongdoing. You'll forgive me if I don't have too much faith in his opinion.