Prometheus 6: Diebold

Do not make the mistake of thinking that because my conclusion is the same as another person's that my reasoning is the same

A Good Cause or Two

Click for more info

The Best of P6

The Racism Series The Reparations Series Installing a negro in your head Identity Blogging Where We Stand The LimbaughDiscussion That has Nothing To Do With Limbaugh

Updated when I write something really cool

Local Links

The Attack on Civil Rights Corporate Influence on Government The Development of Race Basic Laws of Human Stupidity Blogger Archives

EMAIL ME AT

Archives

July 25, 2004 - July 31, 2004 July 18, 2004 - July 24, 2004 July 11, 2004 - July 17, 2004 July 04, 2004 - July 10, 2004 June 27, 2004 - July 03, 2004 June 20, 2004 - June 26, 2004 June 13, 2004 - June 19, 2004 June 06, 2004 - June 12, 2004 May 30, 2004 - June 05, 2004 May 23, 2004 - May 29, 2004 May 16, 2004 - May 22, 2004 May 09, 2004 - May 15, 2004 May 02, 2004 - May 08, 2004 April 25, 2004 - May 01, 2004 April 18, 2004 - April 24, 2004 April 11, 2004 - April 17, 2004 April 04, 2004 - April 10, 2004 March 28, 2004 - April 03, 2004 March 21, 2004 - March 27, 2004 March 14, 2004 - March 20, 2004 March 07, 2004 - March 13, 2004 February 29, 2004 - March 06, 2004 February 22, 2004 - February 28, 2004 February 15, 2004 - February 21, 2004 February 08, 2004 - February 14, 2004 February 01, 2004 - February 07, 2004 January 25, 2004 - January 31, 2004 January 18, 2004 - January 24, 2004 January 11, 2004 - January 17, 2004 January 11, 2004 - January 17, 2004 January 04, 2004 - January 10, 2004 December 28, 2003 - January 03, 2004 December 21, 2003 - December 27, 2003 December 14, 2003 - December 20, 2003 December 07, 2003 - December 13, 2003 November 30, 2003 - December 06, 2003 November 23, 2003 - November 29, 2003 November 16, 2003 - November 22, 2003 November 09, 2003 - November 15, 2003 November 02, 2003 - November 08, 2003 October 26, 2003 - November 01, 2003 October 19, 2003 - October 25, 2003 October 12, 2003 - October 18, 2003 October 05, 2003 - October 11, 2003 September 28, 2003 - October 04, 2003 September 21, 2003 - September 27, 2003 September 14, 2003 - September 20, 2003 September 07, 2003 - September 13, 2003 August 31, 2003 - September 06, 2003 August 24, 2003 - August 30, 2003 August 17, 2003 - August 23, 2003 August 10, 2003 - August 16, 2003 August 03, 2003 - August 09, 2003 July 27, 2003 - August 02, 2003 July 20, 2003 - July 26, 2003 July 13, 2003 - July 19, 2003 July 06, 2003 - July 12, 2003 June 29, 2003 - July 05, 2003 June 22, 2003 - June 28, 2003 June 15, 2003 - June 21, 2003 June 08, 2003 - June 14, 2003 June 01, 2003 - June 07, 2003 May 25, 2003 - May 31, 2003 May 18, 2003 - May 24, 2003 May 11, 2003 - May 17, 2003 May 04, 2003 - May 10, 2003 April 27, 2003 - May 03, 2003 April 20, 2003 - April 26, 2003 April 13, 2003 - April 19, 2003 April 06, 2003 - April 12, 2003

« I was going to leave a comment | Main | Check the last line »

January 29, 2004

Diebold

You can just jump to the extended text if you want.

Security Poor in Electronic Voting Machines, Study Warns
By JOHN SCHWARTZ

Electronic voting machines made by Diebold Inc. that are widely used in several states have such poor computer security and physical security that an election could be disrupted or even stolen by corrupt insiders or determined outsiders, according to a new report presented today to Maryland state legislators.

Authors of the report — the first hands-on attempt to hack Diebold voting machine systems under conditions found during an election — were careful to say that the machines, if not hacked, count votes correctly, and that issues discovered in the "red team" exercise could be addressed in a preliminary way in time for the state's primaries in March.

"I don't want to beat people up," said Michael Wertheimer, the security expert who ran the attack team for RABA Technologies, a consulting firm in Columbia, Md. "I want to get an election that people can feel good about in March."

…A representative of Diebold said the issues raised by the new report had already been addressed by the company. "There is nothing that has not been or can't be mitigated" before the election, said David Bear, a spokesman for the company.

…Maryland has bought more than $55 million worth of the machines. Georgia has chosen Diebold machines for elections statewide, and they have been chosen by populous counties in California and Ohio, among other states.

The authors of the report said that they had expected a higher degree of security in the design of the machines. "We were genuinely surprised at the basic level of the exploits" that allowed tampering, said Mr. Wertheimer, a former security expert for the National Security Agency.

William A. Arbaugh, an assistant professor of computer science at the University of Maryland and a member of the Red Team exercise, said, "I can say with confidence that nobody looked at the system with an eye to security who understands security."

The latest study found that some issues discovered last July in the Johns Hopkins study had not, in fact, been corrected, and that other issues that had not been discovered in other studies were equally troubling. The report can be found at www.raba.com.

In the security exercise, members of the attack team said they were surprised to find that the touch-screen machines used by voters all used the same physical key to the two locks that protect their innards from tampering. With hand-held computers and a little sleight of hand, they found, the touch screens could be reprogrammed to make a vote for one candidate count for an opponent, or results could be fouled so that a precinct's tally could not be used.

Advertisement

In addition, they said, communications between the terminals and the larger server computers that tally results from many precincts do not require that machines on either end of the line prove that they are legitimate, an omission that could allow someone to grab information that could be used to falsify whole precincts worth of votes.

And the server computers do not have the latest protection against the security holes in the Microsoft operating systems, and they are vulnerable to hacker attacks that would allow an outsider to change software, the group found.

The authors of the report also said smart cards that are shipped with the system for voters and supervisors to use during elections have standard passwords that are easily guessed. That problem was cited in the original Johns Hopkins report, and it could allow anyone with a hand-held card reader and small computer to get the access of an election official. The company said that it has provided the capability for election officials change those passwords and increase security, though it still ships the products with the easily broken password.

Mr. Wertheimer said the application of security was inconsistent, with encryption applied in some places without the accompanying technology of authentication to ensure that the machines that are communicating with each other are the ones that are supposed to be communicating and that an interloper has not jumped in. "It's like washing your face and drying it with a dirty towel," he said.

Though individual members of the attack team said that they found the original Johns Hopkins study, which called for the state to abandon the machines, to be alarmist in tone and written in the kind of sound-bite language to grab the attention of the news media, Mr. Arbaugh said this team's results "vindicate" the work of the leader of that effort, Aviel D. Rubin, who goes by Avi, and showed that Diebold did not do enough after the report to fix the problems that he identified.

"Avi told them the door was wide open and unlocked," Mr. Arbaugh said. "They closed the door, but they didn't lock it," he said.

Posted by P6 at January 29, 2004 06:53 PM
Trackback URL: http://www.niggerati.net/mt/mt-tb.cgi/177
Comments