How to Steal an Election by Hacking the Vote - repo.zenk-securit...
How to Steal an Election by Hacking the Vote - repo.zenk-securit...
How to Steal an Election by Hacking the Vote - repo.zenk-securit...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
http://arstechnica.com/articles/culture/evoting.ars<br />
<strong>How</strong> <strong>to</strong> steal <strong>an</strong> election <strong>by</strong> hacking <strong>the</strong> vote<br />
By Jon S<strong>to</strong>kes<br />
What if I <strong>to</strong>ld you that it would take only one person—one highly motivated, but only<br />
moderately skilled bad apple, with ei<strong>the</strong>r authorized or unauthorized access <strong>to</strong> <strong>the</strong><br />
right comp<strong>an</strong>y's internal computer network—<strong>to</strong> steal a statewide election? You might<br />
think I was crazy, or alarmist, or just talking about something that's only a remote,<br />
highly <strong>the</strong>oretical possibility. You also probably would think I was being really over<strong>the</strong>-<strong>to</strong>p<br />
if I <strong>to</strong>ld you that, without sweeping <strong>an</strong>d very costly ch<strong>an</strong>ges <strong>to</strong> <strong>the</strong> Americ<strong>an</strong><br />
elec<strong>to</strong>ral process, this scenario is almost certain <strong>to</strong> play out at some point in <strong>the</strong><br />
future in some county or state in America, <strong>an</strong>d that after it happens not only will we<br />
not have a clue as <strong>to</strong> what has taken place, but if we do get suspicious <strong>the</strong>re will be<br />
no way <strong>to</strong> prove <strong>an</strong>ything. You certainly wouldn't w<strong>an</strong>t <strong>to</strong> believe me, <strong>an</strong>d I don't<br />
blame you.<br />
So what if I <strong>to</strong>ld you that one highly motivated <strong>an</strong>d moderately skilled bad apple<br />
could cause hundreds of millions of dollars in damage <strong>to</strong> America's private sec<strong>to</strong>r <strong>by</strong><br />
unleashing a Windows virus from <strong>the</strong> safety of his parents' basement, <strong>an</strong>d that m<strong>an</strong>y<br />
of <strong>the</strong> victims in <strong>the</strong> attack would never know that <strong>the</strong>y'd been compromised? Before<br />
<strong>the</strong> rise of <strong>the</strong> Internet, this scenario also might've been considered alarmist folly <strong>by</strong><br />
most, but now we know that it's all <strong>to</strong>o real.<br />
Th<strong>an</strong>ks <strong>to</strong> <strong>the</strong> recent <strong>an</strong>d rapid adoption of direct-recording electronic (DRE) voting<br />
machines in states <strong>an</strong>d counties across America, <strong>the</strong> two scenarios that I just<br />
outlined have now become siblings (perhaps even fraternal twins) in <strong>the</strong> same large,<br />
unhappy family of information <strong>securit</strong>y (infosec) challenges. Our national election<br />
infrastructure is now largely <strong>an</strong> information technology infrastructure, so <strong>the</strong> problem<br />
of keeping our elections free of vote fraud is now <strong>an</strong> information <strong>securit</strong>y problem. If<br />
you've been keeping track of <strong>the</strong> news in <strong>the</strong> past few years, with its weekly lit<strong>an</strong>y of<br />
high-profile breaches in public- <strong>an</strong>d private-sec<strong>to</strong>r networks, <strong>the</strong>n you know how well<br />
we're (not) doing on <strong>the</strong> infosec front.<br />
Over <strong>the</strong> course of almost eight years of <strong>repo</strong>rting for Ars Technica, I've followed <strong>the</strong><br />
merging of <strong>the</strong> areas of election <strong>securit</strong>y <strong>an</strong>d information <strong>securit</strong>y, a merging that<br />
was accelerated much <strong>to</strong>o rapidly in <strong>the</strong> wake of <strong>the</strong> 2000 presidential election. In all<br />
this time, I've yet <strong>to</strong> find a good way <strong>to</strong> convey <strong>to</strong> <strong>the</strong> non-technical public how well<br />
<strong>an</strong>d truly screwed up we presently are, six years after <strong>the</strong> Florida recount. So now<br />
it's time <strong>to</strong> hit <strong>the</strong> p<strong>an</strong>ic but<strong>to</strong>n: In this article, I'm going <strong>to</strong> show you how <strong>to</strong><br />
steal <strong>an</strong> election.<br />
Now, I won't be giving you <strong>the</strong> kind of "push this, pull here" instructions for cracking<br />
specific machines that you c<strong>an</strong> find scattered all over <strong>the</strong> Internet, in alarmingly<br />
lengthy PDF <strong>repo</strong>rts that detail vulnerability after vulnerability <strong>an</strong>d exploit after<br />
exploit. (See <strong>the</strong> bibliography at <strong>the</strong> end of this article for that kind of information.)<br />
And I certainly won't be linking <strong>to</strong> <strong>an</strong>y of <strong>the</strong> leaked Diebold source code, which is<br />
available in various corners of <strong>the</strong> online world. What I'll show you instead is a road<br />
map <strong>to</strong> <strong>the</strong> brave new world of electronic election m<strong>an</strong>ipulation, with just enough<br />
nuts-<strong>an</strong>d-bolts detail <strong>to</strong> help you underst<strong>an</strong>d why things work <strong>the</strong> way <strong>the</strong>y do.<br />
Copyright © 1998-2006 Ars Technica, LLC<br />
2