Want To See How Easy It Is To Hack An Election?

from the have-a-look-see dept

It seems like every few months, well respected security researchers come out with yet another report about just how insecure various e-voting machines are. The amazing thing is how hard the various e-voting companies have fought against allowing these researchers to look at their machines, always insisting that the federal certification process (the one that's were later shown to have not done a very good job testing the machines) was fine. Of course, even the Government Accountability Office has admitted that the federal certification process sucks.

One of the complaints that the e-voting firms have had about having independent security researchers testing the machines is that those tests are not in real world conditions. In fact, we had a commenter from one of the e-voting companies who insisted that these independent tests were useless because:
The point people often miss, which is left off of the conspiracy blogs, is that all of these 'hacking' attempts that are requested are made to do so in some sort of vacuum. In some obscure room where a gang of hackers get together and try to penetrate the system with unlimited resources. In any election, paper or fully electronic, there are procedural and security measures taken that complement and supplement the security features of the system itself. This is in addition to internal and system-independent, pre- and post-election audit features.
That's really rather meaningless, because if it were true, then that info would also come out in those independent research reports. However, even that comment turns out to be untrue. As a few folks have submitted, some security researchers at UCSB have demonstrated not just how insecure Sequoia's e-voting systems are, but they've shown how easy it is to hack an election with a pair of videos that you can watch right here (if you're in the RSS feed, click through to see them):


What this shows is that the hack that the researchers shows demolishes that comment from the insider. All it required was for those wishing to change the results of the election to drop a USB key into the pile of USB keys used to set the system up. All of the security measures that the insider talks about are then bypassed with ease. The video shows it getting buy the procedural security measures, as well as the pre- and post-election audit features.

The video also shows why paper ballots are hardly a solution, as the second video shows how the malware included in the software can be set to void out legitimate votes and replace them with fake votes, in a variety of different scenarios, almost all of which are likely to go undetected. This is a hugely damning report -- and it comes against a company that has fought so hard against having its machines tested by independent security experts. While some may say that this shows why they didn't want it tested -- it should concern anyone who believes in free and fair democratic elections that we're using such insecure voting machines.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: e-voting, security, vulnerabilities
Companies: sequoia


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Mike (profile), 10 Sep 2008 @ 12:24pm

    Re: Re: Re: Oh no, Not again!

    Dude. Calm down.

    Your Words: Actually, no, it doesn't (ACTUALLY YES IT DOES.. GEEZ GET A CLUE).

    I have a clue. You, on the other hand, apparently do not. It does not "someone who has full access to a machine and is able to access what ever they like."

    As the video clearly shows, the ONLY think those who want to distort the election need to do is get a USB key into the pool of USB keys used to begin the election process. At no time in the video did anyone other than an election official have access to the machine.

    The entire surreptitious part is just in getting an infected USB key into the pile of USB keys. That may not be easy for anyone to do, but it's absolutely possible (AGAIN I EMPHASIZE EVEN YOU ARE SAYING THAT IT IS NOT EASY FOR ANYONE TO DO..

    *sigh* Is it that hard to understand the difference here. The point is not that *anyone* can do this, but that there are many people who *could* do this. All you need to do is get the USB key into the pile. As we've explained, that's not very difficult.

    Well then whats your point!!!! Good Grief If electronic voting is superior why spend time knocking it!!!! Electornic Voting my not be perfect. But does it not makes sense to move to something superior?

    Um. We're not knocking the entire concept of e-voting, but pointing out the security flaws with the current implementation. Is it really that difficult to understand that it's possible to point out ways to improve the current system without trashing the entire concept?

    Yeah, I am the ignorant one.. Get a clue. Your just arguing to argue. Your unable to recognize reason. I was simply making statement in much of my writing. I was not contradicting anyone.

    Except that so far, you have been shown to be factually incorrect, and when called on it, repeated the outright falsehood that this hack requires folks to have full access to the machine. It does not.

    Misleading??? HOW IS IT MISLEADING WHEN YOU ADMIT THAT I AM TELLING THE TRUTH. OMG YOUR A TARD!!!!!!!!!!!!!!!!!!!!!!!

    Always nice to talk to someone who can express their opinions in a calm and refined manner.

    Anyway, the way it is misleading is that you implied that because the system requires some skill to hack that means that it's not worth understanding the security vulnerability. That, on the face of it, is a troublesome statement. Just because there's a smaller group of people who can hack an election it doesn't mean this isn't a concern worth worrying about.

    GOOD GRIEF YOUR JUST ALL AND OUT TELLING THE BIGGEST WHOPPER OF A LIE EVER! YOU CAN NOT REMOTE INTO THESE SYSTEMS AND HACK THEM. THATS WHAT THE GENERAL PUBLIC THINKS IS HAPPENING. HOW DO YOU DROP A KEY FILE IN THE MACHINE WITHOUT SOME KIND OF INSIDE SCAM GOING ON. YOU CANT.

    No one ever said that you could "remote into these systems." What was said, and clearly demonstrated, was that you just needed to get a USB key into the pile. That does not require full access to the machine. It just requires access to the pile of USB keys that are used to initiate the election. And, as I said, that can easily be done by a single corrupt election official, or via a janitor, or via a breakin. All of which are perfectly reasonable scenarios.

    You, on the other hand, falsely insisted that it required full access to the voting machines. That's simply untrue. Watch the video. The only time a "hacker" was involved was for about 2 seconds at the beginning when they dropped the USB key.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Essential Reading
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.