Diebold Shows Anyone How To Break Into Their E-Voting Machines

from the yikes dept

Well, this is just fantastic. Following the claims that there’s no real problems with e-voting machines, almost immediately followed by reports of massive fraud with e-voting machines in Brazil, Alex Halderman is pointing out that Diebold, in their infinite wisdom, are making it ridiculously easy to break into their machines. Halderman was a part of the team that showed that Diebold’s locks on their e-voting machines used a default key that was common to many hotel minibars and could be found easily in many places. However, the researchers who noted this were still careful never to show the actual key, preferring not to help anyone who seriously intended on breaking into the machines. Diebold, on the other hand, isn’t so careful. The company, that has continually played down reports of security flaws is apparently selling the very key you need to break into their boxes on their online site… with a picture of the key. You need to be a Diebold account holder to buy it, but anyone can look at the key and then figure out how to make their own copy — and, in fact, that’s exactly what someone did. He used the picture to cut his own keys and sent the keys to Halderman, who found that two of the three keys opened the Diebold locks with ease. The guy who discovered this notified Diebold a month ago, but Diebold did not respond and has not removed the image of the key from their website.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Diebold Shows Anyone How To Break Into Their E-Voting Machines”

Subscribe: RSS Leave a comment
angry poll worker says:

have you bothered to think.

Ok first off, having worked the elections with the acuvote systems I can tell you that they can not be fooled the way many people seem to think they can.

1. as this is a tech new site I’ll assume that many of you know what a CRC/HASH check is. the first action done by the systems bois is a hash check on the CARD and ROM if they fail the system will not boot.

2. the only people with access to the machines that can set the CRC/HASH are your county election staff. not state or national, just the county.

3. the machines are not updated using memory cards. they are plugged in via a Ethernet connection for a push network wipe. I am sure many of you are used to this technology as you use it every time you do a network install of windows.

4. they use a 256 bit floating encryption scheme to protect the results on every machine. that means that a card from one machine would not be able to be accessed by any other machine. they are paired at the election office before ever going to the poll location.

just a thought, but in a lab I can change almost anything to make it look like it will function just as I want it to. however with it being a federal felony with mandatory 5-10 years for election fraud it’s funny reading the misinformation being spread.

angry american voter says:

Re: have you bothered to think.

OK as this is a tech site, let’s just spew out nonsense and hope that everyone is intimidated.

You can say anything you want about 256 floating bit encryption and CRC/HASH all you want.

It seems to me that you’re whining because people think you’re a moron and/or a Diebold employee.
(Jury is still out on that…)

You think that any of these so-called security features are valid? Are you actually trying to tell us that the machines are safe and tamper-proof?

Wake up, get out of bed and tell me what color the sun is in your world.

It’s been proven time and time again that you’re WRONG. The machines have been ‘adjusted’, can and easily be hacked, by many people.

And you think any of your statements about a felony and 5-10 years mean jack to people? Are these the same people that are sending US soldiers over to die for oil?
Or the same a@@holes that send me SPAM from bots and hijacked machines? – oh wait there is really good security on those machines as well- couldn’t possibly be any SPAM now could there?
Go back to sticking your head in the sand and keep toting that party line.

Enrico Suarve says:

Re: Re: have you bothered to think.


Angry Poll Worker – is it not the least bit disturbing to you that in all the areas independent people have looked at there have been significant security flaws

I would suggest that not only country election staff have access to machines – I am supposedly the only person with access to my house, it didn’t stop me being burgled (by someone with a lot less to gain than a fixed election)

Relying on the security of some automated CRC check and just sitting back smuggly and stating “its all OK then” is maybe a little blind

At the end of the day the physical security on the machine is built to the same standard as a mini-bar, what exactly does that infer about the rest of the security?

Maybe you do update your machines by network –
Is that the same everywhere?
Would it remove a malicious program already present on the machine?
Are you sure?
Have you tested?
How utterly confident are you that there is never one person alone with a machine for over a minute on the entire of election day?

It would probably be unreasonable to seriously respond to Prinston’s plea of “We urge public officials to address these issues promptly” http://itpolicy.princeton.edu/voting far more sensible would be stick your fingers in your ears al-la “La, la, laa i’m not listening”

Finally there ARE people out there who fund campaigns (legally) to the tune of millions to get political advantage and there ARE criminals who work for a lot less than this and risk similar penalties. Is it that big a leap of imagination to combine the two?

Enrico Suarve says:

Re: have you bothered to think.

Dear Angry Poll Worker
Sorry if I was a little harsher earlier – the face of the polling worker around 16min 20secs on this video has softened me slightly and rightly humbled me http://www.youtube.com/watch?v=fKs12idbZ_I

She has just learnt that the Diebold system she has been responsible for overseeing is vulnerable to a hack and votes can be realistically altered. This is the face of a true believer and stalwart of democracy finding out the security on her systems is not secure

I would urge you to watch the clip and decide – the gentleman supervising the test is not a tin-foil hat man – he is one of Florida’s senior election officials

I think when dealing with a technology like this which can be messed with this is always going to be the problem – Diebold have always stated their systems are secure and denied all problems allowing presidents, congressmen, senators etc to be selected using them. They still don’t admit any problems with the optical system in use in the test – what aren’t they telling you about the system you currently use?

Anonymous Coward says:

Open sourcing

So, people have been whining and moaning that e-voting machine companies should release their sourcecode as a means to make them more secure and this makes a lot of sense to me. The more people know how the code works the easier it will be to detect and trace and fraud. What’s the complaint here? So people can make a key to get into a machine. Do you all honestly believe that a person can stick a usb memory stick into one of these boxes and alter human history? We do not live in a hollywood movie. Sometimes I think this site needs to take “Tech” out of it’s name.

mc123 says:

If you’ve seen “Hacking Democracy” you would know that it doesn’t matter what type of security features the machines themselves have. The vote counts on the machines can be altered simply through the memory cards. All the memory card has to do is start with a negative total for one candidate. It actually seemed like a very simple process. It clearly doesn’t matter who has access to the machines because the big shots at Diebold (who promise that elections will have certain outcomes in certain states, go figure) just have to provide pre-determined memory cards and an election can be fixed. Kind of scary knowing that your money probably comes out of an ATM with Diebold’s name on it and our country votes in political leaders using Diebold machines.

angry Poll worker says:

Re: Re:

LOL I guess no one here realizes that the paper votes you cherish so much have been being counted my machines for over 40 years. it used to be that to throw an election you had to loose the paper ballets, while feeding the counting machines.

now it’s easier to secure the votes are accurate and everyone is claiming they are less accurate.

I guess time will tell.

Enrico Suarve says:

Re: Re: Re:

I can’t be bothered to point out that it’s going to be a lot easier to commit fraud if you can automate it – oops

Ah well guess we’re back to “la la la i’m not listening then”

PS: time did tell – it already happened, some people are trying to point out it might be nice if it didn’t happen every time? you know like you went back to having a democracy and stuff?

Proud Brazilian says:

Brazilians don't use Diebold machines

All the totals are printed in the voting room in at least 5 copies before closing the machine. So, it’s very easy to detect if someone messes up with the data.

Come to visit Brazil, when you want to learn how to do an election with more than 100 million voters and give the results in less than 24 hours, instead of months of paper counting like US did in Bush junior’s first election.

CJ says:

Hacking Democracy

If you’ve seen Hacking Democracy, you’ve seen an unchecked group of random thoughts converted conveniently into “facts” by biased documentary makers. I’m not claiming Diebold’s machines are hack-proof, but a friggin’ HBO documentary is not evidence or proof of anything — it serves only to muddy the waters. People who get their alleged “news” from entertainment TV need to rethink where their loyalties should lie. Letme guess, you also believed Oliver Stone’s JFK…

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...