Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Diebold Security Foiled Again

Posted by Zonk on Thu Jan 25, 2007 04:11 PM
from the please-think-then-vote dept.
Security Government Politics
XenoPhage writes "Yet again, Diebold has shown their security prowess. This time they posted, on their website, a picture of the actual key used to open all of their Diebold voting machines. Ross Kinard of Sploitcast crafted three keys based on this photo. Amazingly enough, two of the three keys successfully opened one of the voting machines. But fear not, Diebold has removed the offending picture, replacing it with a picture of their digital card key. Take that, hackers!"
+ -
story

Related Stories

[+] Politics: Diebold to Withdraw from E-Voting? 329 comments
ICA writes "It appears after years of criticism, Diebold may be ready to withdraw from electronic voting entirely. The company is concerned that this relatively small and marginally profitable unit is hurting the company's overall image."
[+] Politics: Ohio Audit Reveals More Diebold Problems 222 comments
armb writes with a link to a Wired Blog entry about irregularities found in Diebold databases from the state of Ohio. The election in question here is November 2006, and the corruption of the entries may raise doubts about accurate tabulations. "Vote totals in two separate databases that should have been identical had different totals. Although Diebold explained that this was part of the system design for separate vote tables to get updated at different times during the tabulation process, the team questioned the wisdom of a design that creates non-identical vote totals. Tables in the database contained elements that were missing date and time stamps that would indicate when information was entered. Entries that did have date/time stamps showed a January 1, 1970 date. The database is built from Microsoft's Jet database engine. The engine, according to Microsoft, is vulnerable to corruption when a lot of concurrent activity is happening with the database, such as what occurs on an election night when results are uploaded and various servers are interacting with the database simultaneously."
[+] Master Diebold Key Copied From Web Site 100 comments
Harrington writes "In another stunning blow to the security and integrity of Diebold's electronic voting machines, someone has made a copy of the key which opens ALL Diebold e-voting machines from a picture on the company's own website. " Update: 02/06 17:40 GMT by Z : We previously discussed this story, early last year.
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Diebold Security Foiled Again 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Still in business (Score:5, Interesting)

    by j00r0m4nc3r (959816) on Thursday January 25 2007, @04:16PM (#17758362)
    How can these guys still be in business? It seems like every couple weeks for the past 3 or 4 years I have been hearing about them screwing shit up, over and over and over and over again. Any other company would have been history long ago. What's with Diebold? Why don't they die?

    • Re: (Score:3, Funny)

      by MagicM (85041)
      Why don't they die?

      Because they're called Diebold. Not Diebold.

      Duh.

    • Re:Still in business (Score:5, Insightful)

      by aquabat (724032) on Thursday January 25 2007, @04:18PM (#17758406) Journal
      Two words: Government Contracts.
    • There ATM's if they where to post the atm key then they may go down fast.

    • Re:Still in business (Score:5, Interesting)

      by gstoddart (321705) on Thursday January 25 2007, @04:20PM (#17758444) Homepage
      How can these guys still be in business? It seems like every couple weeks for the past 3 or 4 years I have been hearing about them screwing shit up, over and over and over and over again. Any other company would have been history long ago. What's with Diebold? Why don't they die?

      That's because they aren't being viewed with a critical eye by the people buying voting machines.

      The people who are making those decisions continue to want to have the voting machines in the face of all of the evidence showing how unsecure/not-tamper-proof these things really are.

      Apparently, the government doesn't seem too bothered by a vendor who is selling a product which is completely insecure.

      Cheers

      • Re:Still in business (Score:4, Insightful)

        by jc42 (318812) on Thursday January 25 2007, @06:21PM (#17760168) Homepage Journal
        The people who are making those decisions continue to want to have the voting machines due to all of the evidence showing how unsecure/not-tamper-proof these things really are.

        There; fixed it for you.

        If you think the politicos making the purchase decisions are ignorant of the documented problems, you're incredibly naive.

    • Re:Still in business (Score:5, Informative)

      by drinkypoo (153816) <martin.espinoza@gmail.com> on Thursday January 25 2007, @04:20PM (#17758448) Homepage Journal
      What's with Diebold? Why don't they die?

      I believe the following will explain: "The company came under fire last year for a letter that Diebold CEO Walden O'Dell wrote as a fundraising pitch to Republicans. In the letter, O'Dell said he was "committed to helping Ohio deliver its electoral votes to the president." Diebold is based in North Canton, Ohio." (http://money.cnn.com/2004/08/30/technology/electi on_diebold/index.htm [cnn.com])

      Frankly no one in power really seems to want a fair election. If they did, they'd be fighting these e-voting machines all the way - as there is absolutely no need for them.

      • Re:Still in business (Score:4, Insightful)

        by pilgrim23 (716938) on Thursday January 25 2007, @04:39PM (#17758774)
        In the early 20th century, most cities had Trolly Lines. Most were electric. there was no need for road crowding, smoke billowing Buses. But Detroit realized building buses was a gold mine as long as City planning departments, the Mayor's urban task force and other such public servants could be persuaded to rip up the trolly lines. Thus our public leaders made decisions for the good of us all. The more it changes, the more it stays the same....

    • Re:Still in business (Score:5, Funny)

      by Anonymous Coward on Thursday January 25 2007, @04:38PM (#17758750)
      "DieBold, Die" is German for "The, Bold, The" - Bob

      • Re: (Score:3, Insightful)

        by cheezedawg (413482)
        Halliburton's (specifically Kellog, Brown, and Root) involvement in Iraq is a part of the multi-year LOGCAP contract that they won in 2001 after a competive bidding process. This was the second time that they had won the LOGCAP contract- the first time was during the Clinton administration. The Clinton administration also awarded several other contracts to Halliburton, such as the logistical support for the military action in the Balkans, and praised KBR for their work.

        You can choose to see this as a cons

  • DieBold Security..... (Score:5, Funny)

    by Prysorra (1040518) on Thursday January 25 2007, @04:17PM (#17758374)
    To Boldy die where no security has died before!

  • National Election Commision (Score:5, Insightful)

    by ghoul (157158) on Thursday January 25 2007, @04:17PM (#17758384)
    The way to get rid of election controversies is to have a national election commission like in India. India has a lot more voters than the US and a much lower level of education but it manages to pull off general elections a lot more cleanly and fairly just because the standards are same for all elections and all precincts. The decentralized form of elections might have made sense for the age of horse coaches but in the age of internet it is not too tough to have thge same standards everywhere in the US

    Also why not have a paper trail .With a paper backup all fraud can be caught given enough time for recounts (again if elections are not controlled by local partisan officials they cant arbitrarily decide not to have recounts).
    • BTW the last Indian general election was an all electronic election with EVMs used in all precincts.

    • Re:National Election Commision (Score:5, Insightful)

      by Midnight Thunder (17205) on Thursday January 25 2007, @04:23PM (#17758488) Homepage Journal
      Also why not have a paper trail .With a paper backup all fraud can be caught given enough time for recounts (again if elections are not controlled by local partisan officials they cant arbitrarily decide not to have recounts).

      In many ways Diebold et al. are all showing symptoms of not realising that they are trying to add technology to the wrong part of the process. In many ways the punch card system or optical card reader systems are the better systems, since the paper trail exists before the vote is taken into account: WYSIWYG. The proposed solutions provide a paper trail as a result of the process, if at all. The problem with this is that the paper trail may not be a result of what you inputted.

      Remember just because technology can be used for a process, it does not necessarily mean that technology is needed for the process. Technology is there to make a complex task simple, not the other way round.

  • Google (Score:5, Informative)

    by Daemonstar (84116) on Thursday January 25 2007, @04:19PM (#17758424)
    Diebold has removed the offending picture
    However, it remains (scaled down) in Google's image cache. :) Might not be of much use, but it is there.

  • New Vendor (Score:3, Interesting)

    by Divebus (860563) on Thursday January 25 2007, @04:20PM (#17758426)
    It's time to look at some other vendor for voting machines and whatever else they make. Our future is too important to leave to stumbling bumblers like that. Anything can be defeated but shouldn't be as easy as this.
  • Hey, at least we know they're not relying on security through obscurity!

  • This is a security company? (Score:5, Insightful)

    by Schraegstrichpunkt (931443) on Thursday January 25 2007, @04:24PM (#17758498) Homepage
    Do they even have any security-minded people working at this company? Publishing a picture of a real key is an understandable mistake, but why does the same key open every single voting machine?

  • It's a pin-based lock? (Score:5, Informative)

    by RyanFenton (230700) on Thursday January 25 2007, @04:25PM (#17758516)
    As long as it's a normal lock, like 90+% of the locks out there (likely including your own front door), then Lock bumping [wikipedia.org] is going to allow just about any person, regardless of skill, to defeat the lock using extremely simple tools, in a matter of seconds, likely with no signs of intrusion at all.

    Ryan Fenton
    • And if it's not an it uses a registered or otherwise restricted key blank, like, say, a mailbox or P.O. Box key, then bumping is next to impossible because you simply can't get a blank without permission.

          • Re: (Score:3, Insightful)

            by bhsx (458600)
            Yeah, I guess if you were really serious about trying to rig an election it'd be hard to find someone with those skills... Oh wait...

          • Re: (Score:3, Interesting)

            by drinkypoo (153816)

            Last I checked, bridgeport operating was a specialized skill that actually pays pretty well in my area (Metro Detroit) because it requires some training and experience to actually know what you're doing.

            Last I checked, it was called "milling", not "bridgeport operating". And you can go to a community college and gather the requisite skills in a three unit, one-semester class. Frankly milling is not very hard, it's not even slightly hard. The hardest part is remembering which way the table will move when yo

          • Re: (Score:3, Insightful)

            by Tim C (15259)
            it requires some training and experience to actually know what you're doing.

            So? How much time do you think you have between elections anyway?

  • Undaunted (Score:5, Funny)

    by imaginaryelf (862886) on Thursday January 25 2007, @04:26PM (#17758526)
    Our hero copied the smartcard from their photo on the website and keyed in the password 12345, the master password that unlocks all diebold machines.
    • Our hero copied the smartcard from their photo on the website and keyed in the password 12345, the master password that unlocks all diebold machines.

      1 2 3 4 5? That's amazing! I've got the same combination on my luggage!

  • What concerns me even more (Score:5, Informative)

    by Iphtashu Fitz (263795) on Thursday January 25 2007, @04:26PM (#17758528)
    ... is the fact that Diebold also manufacturs ATMs. Makes me wonder if my bank account is safe...
    • Maybe that is how they stay in business. :D

    • Re: (Score:3, Insightful)

      by wpegden (931091)
      No, fear not. Like you, the people up top are much more concerned about correctly counting pennies than votes. Rest assured, your bank account is much more secure than any of your "freedoms" or "rights".

  • Winner (Score:5, Funny)

    by liak12345 (967676) on Thursday January 25 2007, @04:32PM (#17758650)
    This time they posted, on their website, a picture of the actual key used to open all of their Diebold voting machines.
    Diebold just won the golden "Are You Fucking Kidding Me?" Award of 2007.

  • Fear not, indeed (Score:5, Funny)

    by ReverendLoki (663861) on Thursday January 25 2007, @04:33PM (#17758672)

    But fear not, Diebold has removed the offending picture [CC], replacing it with a picture of their digital card key.

    Using this picture as a base, I have crafted three digital card keys...

  • Florida House 13 (Score:5, Interesting)

    by bloodstar (866306) <(blood_star) (at) (yahoo.com)> on Thursday January 25 2007, @05:05PM (#17759136) Journal

    Why are people ignoring what is going on in Florida House District 13?

    The Rebublicans are claiming a 369 vote victory. However the EVMs in Sarasota county, reported an undervote of 18,000. or 1 in 6 of the total votes, which is much higher than the undervote in both the other counties and on average. Sarasota County also happened to be where the Democrat challenger won the vote by 6 percentage points (of the votes cast in that county).

    There are some obviously severe issues with Electronic Voting, Particularly when there is no paper trail (as in the case for this district). Sure, there are ways to change the vote on a paper verification ballot, however large scale fraud becomes problematic to implement.

    Links Below:
    http://www.heraldtribune.com/apps/pbcs.dll/section ?CATEGORY=NEWS0521&template=ovr2 [heraldtribune.com]
    http://en.wikipedia.org/wiki/Florida's_13th_congre ssional_district [wikipedia.org]
    http://www.verifiedvotingfoundation.org/article.ph p?id=6423 [verifiedvo...dation.org]
    http://www.cqpolitics.com/2006/12/the_cqpolitics_i nterview_chris_1.html [cqpolitics.com]

  • Living up to the name (Score:3, Funny)

    by Anon-Admin (443764) on Thursday January 25 2007, @05:22PM (#17759402) Journal
    Determining
      Inaugural
      election
      Ballot
      Outcome (on)
      Lousy
      Data

    DIEBOLD :)

  • You're barking up the wrong tree (Score:4, Interesting)

    by inviolet (797804) <pineminder&yahoo,com> on Thursday January 25 2007, @05:38PM (#17759620) Journal
    This time they posted, on their website, a picture of the actual key used to open all of their Diebold voting machines.

    Voting machines should not be relying on physical security in the first place, because it is not practical to physically protect them 24/365. Their trustworthiness should be the result of double-handshake cryptographic authentications between the touchscreens, consoles, memory cards, and the central tabulator. Being able to open the cabinet should not be a vulnerability, because poll workers are invariably going to need to do so.

    So, if Diebold machines implement proper authentication, then the cabinet key is not an interesting exposure. But if they don't (and we already know that they don't), then the cabinet key doesn't make them significantly more vulnerable than they already are.

  • Public Key? (Score:3, Funny)

    by fahrbot-bot (874524) on Thursday January 25 2007, @05:47PM (#17759736)
    they posted, on their website, a picture of the actual key used to open all of their Diebold voting machines

    I hear Diebold is looking into different security measures and is interested in this new-fangled "Public/Private" key stuff. Perhaps this was their Public key...

  • The real world (Score:3, Insightful)

    by Kilz (741999) on Thursday January 25 2007, @05:55PM (#17759848)
    In the real world there are Election Judges. People who watch whats going on. This unlocking and tampering isnt going to happen in front of them. This is a proof of concept idea, and like a lot of them it takes some things for granted. Like "you will be able to do this and no one is looking, or will stop you". But in the real world that isnt the case. Try this in a real polling place and go to jail, go directly to jail, do not pass go , do not collect 200 dollars.

  • Security... Paper Trail... (Score:3, Interesting)

    by Evets (629327) on Thursday January 25 2007, @06:02PM (#17759938) Homepage Journal
    There are always a lot of complaints about the security of any Diebold voting machines. Then there's the constant complaint of a paper trail (my county now has paper-trail making diebold machines).

    What people should be pushing for is a voting system on commodity hardware. There's no sense in putting a million dollars forward for a small amount of "proprietary" machines that are all crap anyways. The only reason for wrapping a software solution in proprietary hardware like this is security through obscurity.

    Instead of complaining all the time about Diebold et all, what we should be doing is putting together a GPL voting solution. Once it is mature and stable, push our representatives to make the move.

  • I Think It's Great! (Score:4, Funny)

    by Greyfox (87712) on Thursday January 25 2007, @07:04PM (#17760816) Homepage Journal
    Based on Diebold's actions in this area I think they must be an extreme case of an equal opportunity employer! Most employers do not disciminate on the basis of Race, Creed and Color. Diebold has obviously taken this to the next level in that they don't disciminate on the basis of Ability, either. We shouldn't be slamming them! We should be applauding them for taking bigotry down another notch! If it weren't for Diebold all those guys would be out on the street or having to work in the exfoliating scrubber factory or something! Hooray, Diebold!

    • Re:Its from the please-think-then-vote dept. (Score:5, Informative)

      by PeeAitchPee (712652) on Thursday January 25 2007, @05:07PM (#17759158)

      Perhaps you can explain why Maryland's previous Republican governor Robert Ehrlich fought against the Diebold machines tooth and nail, even asking for millions of dollars instead to support a traditional election process, only to have them rammed down his throat by the (Democratic) MD legislature and state board of elections? Our state elections administrator, Democrat Linda H. Lamone is still fighting their removal and even against adding a paper trail! [gazette.net] Hell, she doesn't even want printers because she says adding printers to the existing equipment "would disrupt the voting system."

      If you think the Republicans are the only ones who want to use Diebold machines to manipulate votes, you're an idiot.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.