Protect Our Vote!   TrueVoteMD.org
| Home | About Us | Get Involved | Get Informed | Contact Us | Links | Blog | Donate |
 
Articles
Editorials
Key Dates
Latest News
Legislation
Litigation
Press Releases
Reports and Studies
Take Action
Donate
- - - - - - -
Sign the Pledge!
Md. Computer Testers Cast a Vote: Election Boxes Easy to Mess With

Baltimore Sun

January 30, 2004

For a week, the computer whizzes laid abuse - both high- and low-tech - on the six new briefcase-sized electronic voting machines sent over by the state.

One guy picked the locks protecting the internal printers and memory cards. Another figured out how to vote more than once - and get away with it. Still another launched a dial-up attack, using his modem to slither through an electronic hole in the State Board of Elections software. Once inside, he could easily change vote totals that come in on Election Day.

"My guess is we've only scratched the surface," said Michael A. Wertheimer, who spent 21 years as a cryptologic mathematician at the National Security Agency.

He is now a director at RABA Technologies in Columbia, the firm that the state hired for about $75,000 to look at Maryland's new touch-screen voting machines scheduled to be unveiled in nearly every precinct in Maryland for the March 2 primary.

The state has no choice but to use its $55 million worth of AccuVote-TS machines made by Diebold Election Systems for the primary. The old optical scanners are gone.

Yesterday, Wertheimer calmly presented his eight-member team's findings to committees in the House and Senate, explaining the weaknesses they discovered and a plan for how to plug many of the cracks, at least in the short run.

Giddy geek speak

Yet on a recent morning at his offices, Wertheimer's computer programmers were practically giddy as they invented new ways to muck up an election. Some were simple - like the lock-picking or just yanking the cords out of a machine's monitor, disabling it for the rest of the day.

Other fiddling inspired round after round of excited geek speak, true gibberish to the untrained ear, to explain a host of attacks that could be launched up close or by modem.

One thing was clear: There are many ways to fool with Diebold's machines, some of which could lead to an Election Day disaster. At the same time, some scenarios were far-fetched and too difficult to pull off undetected, team members acknowledged.

But the fact that they could happen makes it impossible to have full confidence in the system, they said.

In the short term, they said, enough fixes can be done to ensure a secure election in March. But much more will need to be done to see that future elections on the machines can also be relied upon.

Diebold officials say many of the problems that were found have been fixed.

"They threw out theoretical things that could happen," spokesman David Bear said of the testing team. "But the polling places are much different."

The team was asked to answer two major questions, Wertheimer said: Do the machines count votes accurately? And do they need paper receipts?

If left alone, Wertheimer said, the machines will count quite accurately - more so than any past voting method.

But he has made a good living off the fact that there are plenty of people out there looking to wreak havoc when they can.

Web sites abound with all kinds of speculation about how easily the voting machines can be hacked into and outcomes manipulated.

Prominent computer scientists have studied the Diebold code - some of which was found unprotected on the Internet - and found hole after hole in its security.

Theories have run rampant as to how to best clean up what critics call a mess.

Paper receipts

Wertheimer said he thinks there will be a need for some type of paper receipt, what some call a voter-verified paper trail - basically a printout of each vote as it is cast for the voter to check before leaving the polling place. Without a paper ballot, many say, a proper recount is impossible.

Wertheimer said it would take nearly a complete rewrite of the computer code to fix the machines' flaws.

"For a guy who just wants the vote to be accurate, I'd rather dumb down the software and add receipts," he said.

Diebold "basically had no interest in putting actual security in this system," said Paul Franceus, one of the consultants. "It's not like they did it wrong. It's like they didn't bother."

Mark McLarnon had something up his sleeve as he approached one of the voting machines. A close look revealed the cord of a portable keyboard. He had learned that he could quickly pick a lock on the side of the machine, plug in his keyboard and wreak havoc on the results stored inside - all while likely going undetected by poll judges.

Using a low-tech solution, such as tape that reveals tampering, could keep people like McLarnon at bay, at least as a temporary fix, the consultants said.

Low-tech hacking is also a possibility, though.

Someone bent on causing trouble could call a polling place and tell workers that the state's modem is down and results should be called in on a new phone number. Then the troublemaker could simply change the results before sending them onto the state.

While results can now be encrypted - after criticism that they weren't being - something called authentication is missing. Authentication tells the main computer that the person sending in results is the one who is actually permitted to do so.

Sneaking in, via modem

Meanwhile, William A. Arbaugh, an assistant computer science professor at the University of Maryland, College Park and part of the team, easily sneaked his way into the state's computers by way of his modem. Once in, he had access to change votes from actual precincts - because he knew how to exploit holes in the Microsoft software.

Those holes should have been patched through regular updates sent to customers, patches that haven't been installed on the elections equipment since November.

"There's no security that's going to be 100 percent effective. But the level of effort [needed to get into the system] was pretty low," Arbaugh said. "A high school kid could do this. Right now, the bar is maybe 8th grade. You want to raise the bar to a well-funded adversary."

"Every system is vulnerable somehow," said Karl Aro, director of the state's Department of Legislative Services, who commissioned the study for the legislature. "The system's not bad but it needs some work."

No system is completely secure. In fact, the more elections the state holds, the more opportunities there will be for hackers to see how it works and launch new attacks, experts said.

"If you had the time and the money, the sky's the limit on what you could do to make a secure system," McLarnon said.

"You just need to raise the level of effort needed to exploit it so it's not feasible to do," said fellow consultant John Ormonde.

Copyright © 2004, The Baltimore Sun
< Prev   Next >
 
 
Please Help TrueVoteMD Protect your Vote
Buy Cool
Take Action
  1. Send a Letter to the Editor

'TrueVoteMD' - 2842 N. Calvert St. - Baltimore, MD 21218 - 443-708-8360
a project of The Campaign for Fresh Air & Clean Politics

male genital piercing gallery brunettes swap cop that shit long porn videos cumshot swallow 10 clips pregnant nipple clitty tongue drug rape Bikini-Clad Cum Sluts CD-1 indian pichunter all girl parties bondage rubber milf creampies hot latino women office sex mpegs free feet fetish free online dating site org pantyhose buy dvd frat guys showers curry creampie young girl art black teens in thongs free sexcam florida squirting snatch hand job video vomit scat hot toon sex gay double anal hooters blondes teens shawnee community college Cream My Pie-3 CD-1 milf doggy sexcam review skinny anorexic women full body shower Busty Snatch Club CD-1 high school pussy fat latina ass xxx handjob hairy vagina in nylons public spankings in school oral insulin teen oral sex gagging iphone porn vintage fishing reels lesbian movie clips latex nude extreme female genital piercing butt thong women with horse dick japanese sex orgy monster cock barebacking ladyboy tit torture toys gymnast cameltoe fuck you i'm drunk fucking sluts anal dp hard studs stocking porn galleries backstabbing sluts mature lesbians fucking anal teens sucking black cock seriously emotionally disturbed students download free jenna jameson porn videos file paris hilton mpegs secretary sex video sex noises make her squirt 2 hot sexy teen strapon black teen anal busineess and personal loans tongue fuck pussy milk nipple herbs healing tongue drunk speeping girls silvia martinez reyes bree olsen dildo latina in stocking nylon pics sex naked girl midget shaved and close up black girl swallow Busty Snatch Club CD-2 young girl art paparazzi nipple slips fat girl sex definition of milf Dirty Talk CD-1 free incest sex movies sex websites petites annonces 1986 honda accord engine swap medical bondage nurses natural penis enlargement excersises stop smoking side effects naked asian babes gm video productions reality porn planning for teacher orientation big black whores cfnm brazile blue jacket outdoor drama latex pants spanking secretary state college breast reconstruction schoolgirl mother spanking gay house swap anal prolapse skinny lolitas life of paparazzi wifey creampie rape young teens in pantyhose diary milf free vintage porn pics students fuck teachers little virgin girls fucking squirting orgasms foot and hand pain dog orgasm paris furnished apartments mature porn video strapado bondage elementary school teachers requirements naked teen girls queens zoo vagina pussy cunt free pictures vintage doors tranny fun busty lesbian strapon sex clothing petite used hairless twink french fisting wives in bedroom bondage skinny chicks free funny nipples free porn pass elvis presley live beautiful redhead dancing naked lesbos fisting citalopram delayed ejaculation hard drive recovery asian anal creampie zyban smoking cessation trials lesbian porn videos nude sex feet voyeur up skirt granny free fist illegal incest porn bdsm clips black slut naked fat ladies symptoms throat cancer family sex stories for free petite nude pics Milf Squirters-6 CD-2 xxx perfect secretary international student travel medical insurance curry creampie free young incest shemale group office stockings sex fucked by stud hooter pantyhose cheerleader pantyhose huge cock twink pregnant horses young petite lesbian mom and dad sex fat nude sexy women karaoke hard drive claw foot tub fixtures womens vagina milf susie breast enhancement stories hot mature fuck gay virgin sample college essays milf redhead gay twink gets fucked by stud petite teen anal husbands eating creampies sexy myspace graphics beautiful naked asian woman orgasm female free vintage erotica young underwear models white throat monitor best free porn hot moms strapon daughter cock in pantyhose