How to Steal an Election by Hacking the Vote - repo.zenk-securit...

More documents

Recommendations

Info

http://arstechnica.com/articles/culture/evoting.ars inserted. The newly infected machines would in turn infect other cards, which would infect other machines, and so on. In this way, the vote stealing "Princeton virus" could travel across an entire precinct or county, given enough time. The viral nature of the Princeton attack is one way to commit wholesale undetectable vote fraud, but there are others that are even more efficient and require no physical access to a machine at any point. Specifically, if any one of the institutions responsible for loading software onto the AccuVote (or any other DRE for that matter) has been compromised, either by an internal mole or an outside cracker who has hacked into the company's internal network, then something like the Princeton virus could be planted in the firmware, operating system, or system software build that goes on machines across an entire county or state. In other words, you know how Apple just accidentally shipped a few thousand iPods with a Windows virus embedded in them? If you replace "Apple" with "Diebold" and "iPod" with "AccuVote," then you've got a recipe for wholesale election theft. Think about that for a moment, and let it sink in. To have confidence in the results of an election using DREs, you no longer have to put your trust solely in the security practices at the Board of Elections. Now, you have to have confidence in the security of the DRE vendor's corporate networks, and in their human resources departments, and in the security practices and personnel of anyone else who touches the software that goes into a DRE (i.e. a third-party software vendor). To give you some perspective on the level of security at voting machine companies, there have been actual incidents that involve intruders breaking into the internal networks of three DRE vendors and gaining access to sensitive information: 1. A hacker penetrated VoteHere's intranet in 2003. 2. Diebold was also the victim of a hacker in 2003, in a highly publicized intrustion in which thousands of internal company emails were stolen and made public. 3. ES&S was burglarized in 2003, and sensitive information, including voting software, was stolen. The company didn't notify the public until three years later. Figure 6 gives you a visual breakdown of the three main institutions that contribute layers to the AccuVote's software stack: the county Board of Elections, Diebold, and Microsoft. Again, one well-placed bad apple in any one of those institutions, or an unauthorized intruder with access to the right network, could steal a state-wide election in Georgia, Maryland, or any other county or precinct that relies on the AccuVote TS. Copyright © 1998-2006 Ars Technica, LLC 12
http://arstechnica.com/articles/culture/evoting.ars Figure 6: The Diebold AccuVote TS software stack In some cases, the BOE isn't actually involved in creating the ballot definition file. The county's election workforce is so understaffed and starved for volunteers, and the rollout of DREs before an election is so rushed, that some counties and just let Diebold come in and handle the entire election—BDF creation, certification, logic and accuracy testing, set-up, tear-down, the works. The whole election is just handed over the private sector to run, with the county providing practically no oversight because they don't even really know how to use the systems without hand-holding. Logic and accuracy testing One of the last lines of defense against the kinds of intrusions described here is the logic and accuracy (L&A) test. The idea behind the L&A is that voting machines are put through a mock election by county officials, and their outputs are compared to their inputs to confirm that the machines are faithfully recording the totals. There are a few problems with the L&A as a barrier against election fraud. First, the Princeton virus can tell when the machine is doing an self-run L&A test, and it will produce correct results under those conditions. Second, it's not at all difficult to imagine how a Trojan programmer would detect that an L&A test is being carried out: check the system clock to see if the voting is taking place on election day, or on some other day; see if the number of votes cast is less than the expected number; see if the polling lasts for a shorter period of time than expected; and so on. Finally, each L&A test takes time, which is why it's impossible to fully test every single DRE before an election. If you could ensure that all of the software on a pool of DREs is exactly the same, then you could fully test one DRE in a realistic mock election and be done with it. Such a testing protocol would catch any Trojan embedded in the software stack that was written by an author who's not creative enough to fool a really thorough L&A test. But even the most rigorous and realistic L&A test couldn't thwart a "knock attack." B D F 13
Page 1 and 2: http://arstechnica.com/articles/cul
Page 11: 3 http://arstechnica.com/articles/c
Page 15 and 16: 1 2 3 http://arstechnica.com/articl
Page 19 and 20: Voters Votes http://arstechnica.com
Page 23 and 24: Postscript http://arstechnica.com/a
Page 27: Inside the Machine An Illustrated I

How to Steal an Election by Hacking the Vote - repo.zenk-securit...

Create successful ePaper yourself

Delete template?

Save as template?