Posted on 09/14/2006 1:47:32 PM PDT by WmShirerAdmirer
TRENTON, N.J. - A Princeton University computer science professor added new fuel Wednesday to claims that electronic voting machines used across much of the country are vulnerable to hacking that could alter vote totals or disable machines.
In a paper posted on the university's Web site, Edward Felten and two graduate students described how they had tested a Diebold AccuVote-TS machine they obtained, found ways to quickly upload malicious programs and even developed a computer virus able to spread such programs between machines.
The marketing director for the machine's maker — Diebold Inc.'s Diebold Election Systems of Allen, Texas — blasted the report, saying Felten ignored newer software and security measures that prevent such hacking.
"I'm concerned by the fact we weren't contacted to educate these people on where our current technology stands," Mark Radke said.
Radke also question why Felten hadn't submitted his paper for peer review, as is commonly done before publishing scientific research.
Felten said he and his colleagues felt it necessary to publish the paper as quickly as possible because of the possible implications for the November midterm elections.
About 80 percent of American voters are expected to use some form of electronic voting in the upcoming election, in which the makeup of the U.S. House will be decided, as well as 33 Senate seats and 36 governorships.
The AccuVote-TS is commonly used across the country, along with a newer model, the AccuVote-TSx. While Felten wasn't able to test the new machine, he said he thought much of what he found would still apply.
The machine Felten tested, obtained in May from an undisclosed source, was the same type used across Maryland in its primary election Tuesday, according to Ross Goldstein, a deputy administrator with the state's Board of Elections. Goldstein said he couldn't comment on the report until he read it.
Diebold and other machine manufacturers, including California-based Sequoia Voting Systems Inc. and Nebraska-based Election Systems & Software Inc., have been the subject of lawsuits, claiming the machines are vulnerable to hacking and breakdowns that can assign votes to the wrong candidate.
Election officials in some states have also complained.
Previous studies have claimed hacking vulnerabilities with the machines. But Felten claims his study is the first time that an independent research group has obtained an actual machine and tested it extensively.
Felten and graduate students Ariel Feldman and Alex Halderman found that malicious programs could be placed on the Diebold by accessing the memory card slot and power button, both behind a locked door on the side of the machine. One member of the group was able to pick the lock in 10 seconds, and software could be installed in less than a minute, according to the report.
The researchers say they designed software capable of modifying all records, audit logs and counters kept by the voting machine, ensuring that a careful forensic examination would find nothing wrong.
The programs were able to modify vote totals or cause machines to break down, something that could alter the course of an election if machines were located in crucial polling stations.
It was also possible to design a computer virus to spread malicious programs to multiple machines by piggybacking on a new software download or an election information file being transferred from machine to machine, Felten said.
"I think there are many people out there who have the type of technical ability to carry out the sort of attacks we describe here," he said.
Felten said hacking dangers could be mitigated with better software, more restrictions on access to machines and memory cards, and paper receipts verified by the voter.
Radke said Diebold already has implemented many of those things.
IF it is "possible" to hack a voting machine......
it will be hacked, every single time that it matters.
Personally I think this whole story is BS.
I worked as an election judge this year and there isnt a keyboard or anything like one on these computers. They are programmed before they come to the voting station. They are not hooked together by any wires other than the plug which supplies electricity to the machine.How can you spread a virus when the machines are all separated and not connected? No one could change these machines at the voting precinct without being noticed, the guts of the machine are locked with a key given to the chief Judge.
At the end of the day a paper is scrolled with the figures on it and they are sent to the electoral office.
I am no computer expert , but I feel the only way one of these machines could be tampered with is at the electoral office before their introduction to the precinct.
Stop seeing conspiracies behind every corner. Give the Prof some credit for exposing flaws in our voting machines. Public awareness is one way to encourage change.
The video at the website is pretty convincing.
This should be a trivial problem for the Republicans to wrap up ~ just hire these guys to stand in a corner.
A university that employs a death's head SS Totenkopfverbände cheerleader on its faculty has its own serious issues to consider.
"Felten said he and his colleagues felt it necessary to publish the paper as quickly as possible because of the possible implications for the November midterm elections."
Beeeeeeep!!!! Busted.
Without Peer review, my 10 year olds theseis on thermal dynamics in a swimming pool is just as credible as this report.
"Watch the video on the website: http://itpolicy.princeton.edu/voting/ "
I was looking at a web site yesterday where karl Rove was seen on a secret camera going into the World Trade Center. The date on the botton of the video said 9/10/2001.
He got out of a Black Helicopter that had a Texas flag on the door.
So it must be true.
It was meant to be. They produced it. Sorry I cant get Video's with this sorry dial up. I live in one of the area's of the United states where Verizon advertises it and cant produce it.
So that he could advise the Democrats on how to tamper with the election results.
I have,and will continue to oppose all-electronic voting as being more amenable to fraud,and undetctable fraud at that. than paper ballots.
Diebold and others simply see this as a lucrative captive market for over-priced machines.
Indiana has been using a heavy paper ballot which the voter blackens a space to indicate his choice ;the paper is fed into a machine which counts and stoes the ballot as well.If problems are suspected the paper ballots are there to be hand-counted and oor run through another machine.
I will never have greater confidence in a system that exists only as stored electrical charges.
definition of sneakernetting:
(jargon.) Refers to the channel by which electronic information is transmitted from one computer to another by physically carrying it stored on a floppy disk, CD or other removable medium. This play on words stems from the idea that a person is using their feet, i.e., sneakers, to transfer data instead of through the Internet or an organization's intranet.
The floppy disks ARE the medium of transmission, the poll supervisor is the (witting or unwitting) mode of transmission.
Democrats are deathly afraid of electronic voting precisely because it makes it much morbe difficult to rig votes. That's why you hear this bogeyman in the press all the time.
One oddity. They say the software can delete itself at the end of the day. But they also say it can spread by infecting memory cards.
But if you infect a memory card that is being passed around, how are you going to get the software OFF the memory card to wipe out the trail? All you need is a diebold memory card checker, to run all your cards through at the end of the day. You find malicious software, you know someone is hacking.
Of course, you can't know WHAT they hacked. Oh well.
The real problem is treating the machines differently than unmarked ballots.
Oh, also, you could have a random number of votes entered in each machine at the start of the day -- with it set as a real election. You would then check, and if anything comes up bad you know someone is committing voter fraud.
I would say have one half the machines voted on for a few minutes and check them, then reset those half. Anybody putting software on would have to pick which machines to infect, and then guess whether they are a machine that will be run ONCE, or TWICE (or maybe THREE times), so they know which time to start faking data.
Of course, I presume Diebold simply fixes the software holes to prevent this stuff.
If you allow an individual to have access to ANY voting machine by themselves without supervision, you have made a BIG mistake.
In any good voting system, electronic or otherwise, all operating parameters (including all software, if any) and vtes must be stored using indelible media. OTPROMs marked with serialized holographic seals from both parties would be good, especially if the seals were designed to change visibly if hit with an excessive amount of radiation. If data in OTPROM is protected by a suitable checksum, any alteration will be detectable (simplest checksum: for each record, simply store the number of programmed bits as a binary number). Vote storage media would have to be replaced every election, but OTPROMs could still be cheaper than paper ballots.
I thought it was illegal to steal voting machines.
Started reading their technical paper. Stopped when they started to explain the OS, Windows CE.
When you're sitting in the back room for hours with the machine? When they let you take the machine home the day before the election? Before the polls open when nobody else is around? With current practices all over the country it would be easy for thousands of machines to get infected using the window of a little over a minute.
I've followed Felten for a long time. He's good, but he's no god-like hacker. Many others are capable of this, and in fact his grad students probably did most of the work.
And if you stick a wire coathanger in the computer running the system you might well be electrocuted.
What does that have to do with anything?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.