How to Steal an Election by Hacking the Vote - repo.zenk-securit...
How to Steal an Election by Hacking the Vote - repo.zenk-securit...
How to Steal an Election by Hacking the Vote - repo.zenk-securit...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
http://arstechnica.com/articles/culture/evoting.ars<br />
Casting (<strong>an</strong>d cracking) a vote on <strong>the</strong> Diebold Accu<strong>Vote</strong> TS<br />
In a previous section, we went over <strong>the</strong> basics of voting on a DRE. Now let's step<br />
back a bit <strong>an</strong>d look at a picture of <strong>the</strong> entire voting process using <strong>an</strong> Accu<strong>Vote</strong>.<br />
1<br />
2<br />
3<br />
4<br />
5<br />
Figure 3: Electronic voting using a Diebold Accu<strong>Vote</strong> TS<br />
Here are <strong>the</strong> steps described in detail:<br />
1. After showing proper identification, <strong>the</strong> voter is issued <strong>an</strong> activated smart<br />
card. This card enables <strong>the</strong> voter <strong>to</strong> vote one ballot <strong>an</strong>d one ballot only.<br />
2. The voter inserts <strong>the</strong> smart card in<strong>to</strong> <strong>the</strong> machine. Once inserted, <strong>the</strong><br />
smart card tells <strong>the</strong> Accu<strong>Vote</strong> which races <strong>the</strong> voter is authorized <strong>to</strong> vote<br />
in. The Accu<strong>Vote</strong> <strong>the</strong>n loads <strong>the</strong> ballot definition file (BDF) that's<br />
appropriate for that voter. The Accu<strong>Vote</strong>'s internal software uses <strong>the</strong> BDF<br />
<strong>to</strong> display <strong>the</strong> ballot on <strong>the</strong> <strong>to</strong>uchscreen.<br />
3. The voter votes <strong>by</strong> <strong>to</strong>uching his selections on <strong>the</strong> screen. Once <strong>the</strong><br />
electronic ballot is complete, <strong>the</strong> machine asks <strong>the</strong> voter <strong>to</strong> verify his<br />
selections before recording <strong>the</strong>m directly on<strong>to</strong> <strong>an</strong> internal s<strong>to</strong>rage device.<br />
The Accu<strong>Vote</strong>'s internal s<strong>to</strong>rage device is a PCMCIA Flash memory card.<br />
4. The voter removes <strong>the</strong> smartcard, which is now deactivated <strong>an</strong>d c<strong>an</strong>not be<br />
used again until it is reactivated.<br />
5. The voter returns <strong>the</strong> smartcard <strong>to</strong> <strong>the</strong> poll worker, who <strong>the</strong>n reactivates it<br />
for issuing <strong>to</strong> <strong>an</strong>o<strong>the</strong>r voter.<br />
The voting process described here is vulnerable <strong>to</strong> multiple types of retail fraud at<br />
almost every point. Because <strong>the</strong> focus of this article is on wholesale fraud, I'm only<br />
8