Video Shows Easy Hacking of E-Voting Machines

Mike writes "The Security Group at the University of California in Santa Barbara has released the video that shows the attacks carried out against the Sequoia voting system. The video shows an attack where a virus-like software spreads across the voting system. The coolest part of the video is the one that shows how the 'brainwashed' voting terminals can use different techniques to change the votes even when a paper audit trail is used. Pretty scary stuff. The video is absolute proof that these types of attacks are indeed feasible and not just a conspiracy theory. Also, the part that shows how the 'tamperproof' seals can be completely bypassed in seconds is very funny (and quite disturbing at the same time)."

We have a system to protect against this

[by Anonymous Coward]

Even though l3wdd00d might get 100% of the votes in the Presidential election, the fact that he is only 16 will be disqualifying.

Re:We have a system to protect against this

[Volante3192 (953645)]

*sigh* And these ACs are part the people who help decide the fate of the nation? No wonder we're screwed...

Barack had dual citizenship with Kenya (NOT Indonesia) and the US until 21 years old when Kenyan law required him to abandon it. He was born in Hawaii which makes him a natural born citizen.

McCain was born on a naval base which is considered soverign US soil for the purposes of birth, and has been since the 1790s by an act of Congress. (It's true the wording isn't as clear as it could be, but it's clear what the intent is of the bill.)

Both candidates are US citizens and natural born. This is all a non issue, has been, will be. Go find some other misinformation to spread...

Re:

[HungryHobo (1314109)]

"The 1790 law remained in effect until the Naturalization Act of 1795 superseded it. The 1795 law removed mention of natural born citizen status"

Re:We have a system to protect against this

[mazarin5 (309432)]

"The 1790 law remained in effect until the Naturalization Act of 1795 superseded it. The 1795 law removed mention of natural born citizen status"

So he just barely got in then?

Re:

[Jim Hall (2985)]

McCain was born on a naval base which is considered soverign US soil for the purposes of birth, and has been since the 1790s by an act of Congress. (It's true the wording isn't as clear as it could be, but it's clear what the intent is of the bill.)

(This thread is decidedly OT from e-voting.)

As I understand it, the topic of "natural born" is untested, and is certainly not clear here. However, no one is likely to contest John McCain in his candidacy based on his birth, so this is probably moot.

The topic of "natural born" was a topic on the Legal Lad podcast [quickanddirtytips.com] back in March. The key points:

The Fourteenth Amendment provides that, "All persons born or naturalized in the United States, and subject to the jurisdiction thereof, are citizens of the United Stat

Early vote makes your vote count (better chance)

[InsaneProcessor (869563)]

That is why I always early vote. It is on paper where I vote and that stands a better chance of getting counted correctly.

Re:Early vote makes your vote count (better chance

[R2.0 (532027)]

"That is why I always early vote. It is on paper where I vote and that stands a better chance of getting counted correctly."

Don't be so smug. Early voting gives those who would deny your vote more time to tamper.

Let's say you mail in your ballot 2 weeks ahead of time. They are collected and sorted by precinct, and then held until election day to be opened.

Just sitting there.

And then someone drops some of the ballots from certain precincts in the shredder - you know, the ones that vote overwhelmingly for one party? Not enough to cause a lot of suspicion, but enough to make a difference in a tight race. Now, not only is your vote gone, you don't even know it - the tampering happened before election day. AND, even if it is discovered early enough, they won't know exactly WHO got screwed, so you won't get another shot.

E-voting makes it easy for small numbers of people to tamper on a large scale. That doesn't mean that good old fashioned vote rigging has disappeared. Spam hasn't eliminated junk mail, has it?

Re:

[Beryllium Sphere(tm) (193358)]

VoteHere had a solution to that, which was a tracking barcode on the ballot which a voter could use to check whether her ballot got scanned at the counting station. Cryptographic High Magic kept the ballot from being linked back to the voter, barring extensive collusion or some edge cases(*). This was field tested in one small county in Washington State, where it met with a lawsuit because state law does not permit any unique marking on a ballot at all and specifies "absolute" secrecy. King County, the big

Re:Early vote makes your vote count (better chance

[Hyppy (74366)]

Even if your 1 vote is counted correctly, a compromised voting machine farm can render it negligible in terms of effect.

Re:Early vote makes your vote count (better chance

[anw (42556)]

I find this comment slightly surreal, and honestly believe only an American could have written it.

Democracy is not a commodity that you can have even though your neighbour doesn't. It is more like peace, or sanitation : everyone has it or no-one has it.

To respond to a demonstration that your democratic system has a very serious problem by saying 'Hey, I reckon I got my vote counted' is, well, bizzare.

Here's 1 million reasons not to vote (too) early

[Nymz (905908)]

In California, Giuliani and Edwards both dropped out less than a week before the primary election date, and Romney dropped out the 7th. Many Californians cast their absentee ballots a month in advance of the election date. After all votes were counted there were over a million votes (out of about 9 million total) for candidates that weren't even running.

I'm not claiming this single state could have altered the final nominees of Obama and McCain, but I am making a point about why one might not want t

Re:

[Amouth (879122)]

if it wasn't for the whole.. not wanting to tie the vote to the person.. i would suggest moveing the election schedual around and put the ballat as a page on IRS tax forms.. it has to be filled out to file them.

the IRS takes it's job seriously.. if you pay taxes you vote..

but then people seem to want each vote to count but also don't want any names attached to the votes..

Re:Early vote makes your vote count (better chance

[pxlmusic (1147117)]

because people also don't want to be profiled for their electoral choices.

for all we know, we already are. in general, it is my understanding that many political activists are already being watched.

furthermore, i'm all for revoking a lot of these churches' tax exempt status. like Carlin said, "If these churches are so interested in politics; let them pay the same price of admission as everyone else."

Re:Early vote makes your vote count (better chance

[Abreu (173023)]

In my opinion, for a modern democracy to work the vote must be mandatory, secret and universal.

This way, no one can pinpoint who voted for whom, thus avoiding temptations of vote buying (at least some of them).

Re:Early vote makes your vote count (better chance

[by Anonymous Coward]

Voting must be designed to be transparent rather than auditable. In a proper democratic election, you can observe the whole process if you want. The only bit you can't observe is when other people actually mark their ballots, but that doesn't create a corruption opportunity, because you can observe the ballot being issued to the voter and the voter putting the ballot into the ballot box. Whatever the voter did with the ballot, it is still just one ballot and will be counted publicly.

Voting systems where you can't observe one or more of the following steps are corruptible and should not be used in a democratic election: Issuing the ballot to the voter, collecting the ballot (punched cards are collected inside the voting machine: not observable), keeping the votes until the counting starts and finally counting the votes. With electronic voting systems, you can't observe any of these steps. Even paper audit trails don't solve the problem: The audit trail must remain secret during voting, so it stays in the machine, which means you can't observe it continuously until the votes are counted.

A piece of paper per voter and a couple of hours for counting votes in public: Is that really too much to ask when you elect the most powerful person in the world?

Re:

[Abreu (173023)]

It can be both mandatory and secret by this simple way:

-

Months before the election, you go to the voter registry and get your voter card issued/reissued. This card has your picture, your signature and your thumbprint and is hard enough to counterfeit for it to be considered a valid id by banks and the like. This card is also a proof that you are in the national voters registry.

On election day, you show up at your assigned voting location, which is in a closed public area (usually a school or a public librar

Re:Early vote makes your vote count (better chance

[Le Marteau (206396)]

I work as an "Election Judge" every election (they used to call them "Poll Workers". Each year the county hires hundreds of average people, gives them a couple hours of training, and they are the ones who set up the machines, check for ID's, handle the list of registered voters, etc.

Me, I'm a "Machine Judge." I get to the polling area in the morning of the election, the machines are already there, unassemblede. I check the seals, and set up the machines, activate the machines for the voters during the day, get the results out of it at night, take the results to a central location.

Low paying? Not where I live. I get $250.00 for the couple hours training and working on election day at one precinct, which is not bad.

It's well looking into. Take a paid vacation day, get $250 over that, and be the one who protects the democratic process (at least at the precinct you are at).

They need geeks who are computer literate. You should see some of the geezers try to set up those voting machines. It's sad.

Theatre

[adpsimpson (956630)]

The interesting thing here is that I would expect one of two things. Either physical security should be taken seriously, in which case a 'tamperproof' seal should be just that (not hard to design) or an assumption be made (not unreasonably) that physical attack against the machines is unlikely and easily preventable.

A supposedly tamper-proof seal which can be circumvented shows either a cynical disregard for physical safety (ie "we know it's a threat, so we'll put in a seal to make people think we've taken it seriously") or another TSA-style "theatre" solution (ie "we don't think it's a threat, but we'll let people believe that it is, and that we've done something about it").

Both of these interpretations are disturbing. However Hanlon's Razor ("Never ascribe to malice that which is adequately explained by stupidity") may of course apply.

Re:

[Serenissima (1210562)]

I don't think it's just stupidity. "You get what you pay for" is part of it as well. A private contractor needs to make a profit and it costs money to make things secure. If no one buys your voting computer because it's too expensive, you lose. So, you need to dumb it down - when you dumb it down, the security becomes crappier.

I'm sure most of us here can come up with a dozen ways of making voting machines far more secure. How about proprietary connectors so that any Joe Schmoe can't sidle up and stick in

Everything is hackable

[COMON$ (806135)]

The real question is, is this more difficult to spoof than the current paper method? Anyone can fake a paper ballot, it is a small subset who can carry out these electronic attacks, although the consequences of this smaller subset's maliciousness could be worse.

Re:Everything is hackable

[NotBornYesterday (1093817)]

But faking large numbers of paper ballots at many sites is a large undertaking, and harder to hide without a big (read: hard to keep secret) conspiracy. Faking electronics ballots could be done by a smaller number of people, but on a larger and less detectable scale.

Re:Everything is hackable

[SatanicPuppy (611928)]

This exploit depends on the use of USB keys in the setup process, so it's more a matter of screwing with those keys. Judging by my experience, that would be pretty trivial. The running exploit could be recognized by a competent poll worker, but again, that's not all that likely.

The whole electronic voting thing is hugely flawed. They're building the machines on an extremely hackable (windows) base, rather than a custom firmware. The design does not take into account real security concerns.

While anyone can fake a paper ballot, it would be extremely difficult to fake enough ballots to make a difference. This is not the case with electronic voting. Paper is a much more secure system.

Re:Everything is hackable

[TheRaven64 (641858)]

The running exploit could be recognized by a competent poll worker

And this highlights the flaw in electronic voting. The more complex the polling system, the more skill required to ensure fairness. In a paper ballot, anyone can act as an overseer and be confident that the votes were not tampered with while they are watching. With an electronic system that drops to, what, 10%? 1%? 0.1%? And with such a small percentage capable of ensuring election fairness, do you really have a democracy anymore?

Slashdot links to a 100MB QuickTime movie...

[mamer-retrogamer (556651)]

... hosted on an .edu server?

This can't end well.

I'm downloading now, will convert to mpeg4, and post a torrent to mininova (if the server doesn't melt before the download completes).

Re:

[by Anonymous Coward]

... hosted on an .edu server?

This can't end well.

It seems to be on youtube:
http://www.youtube.com/watch?v=SWDEZqqqBHE (part I)
http://www.youtube.com/watch?v=moEsgdzZ19c (part II)

Torrent here:

[mamer-retrogamer (556651)]

ucsb evoting attack [mininova.org]

Re:

[DigitAl56K (805623)]

Me thinks most of the people who can't playback the file are using Windows, where "MPEG-4" means whatever Microsoft says, and not what the specification says. MPEG-4 support in FOSS land is actually quite robust these days.

That's BS. Most people on Windows can't play the file because prior to QuickTime 7 (IIRC) .mov files were not containing H.264 and AAC, and H.264 and AAC decoders do not come free with Windows. Even if they did, there are very few file splitters that can handle all varieties of the .mov container and their contents correctly - I know because I have to deal with this problem frequently. Windows users do not like installing QuickTime because it is bloated, it's been bundled with iTunes and other crap in the p

It shows the power of paper trails

[by Anonymous Coward]

Nah, it shows you how good those paper voter verified paper trails are!

In scenario 2, the careful voter, the voter checks the screen, then checks the printout, then notices the printout is incorrect and gets the vote voided and recast.
But if he was a careful voter he'd raise a stink about how the screen was correct, and people would notice that the machines record the printout differently than the screen shows. There would be investigations, accusations and stuff. It would be videod.

Likewise the careless voter, the machine doesn't know is the voter is careful or careless, so it only takes a few careful voters to screw up the attack no matter how many careless voters there are, who don't double check the paper trail.

Scenario 3 & 4 are so obscure as to be worthless (requiring the voter vote but then leave and nobody noticing the machine doing stuff).

What this video really shows IS JUST HOW DAMN DIFFICULT IT IS TO FOOL THE PAPER AUDIT TRAIL.

Coralized Download Link

[Crazy Man on Fire (153457)]

Here's the goods:

Full 100mb version: http://www.cs.ucsb.edu.nyud.net/~seclab/projects/voting/ucsb_evoting_attack_dl.mov [nyud.net]
Compressed 10mb version: http://www.cs.ucsb.edu.nyud.net/~seclab/projects/voting/ucsb_evoting_attack_dl_small.3gp [nyud.net]

Posting to YouTube after download finishes...

It's already on youtube

[by Anonymous Coward]

Part I:
http://www.youtube.com/watch?v=SWDEZqqqBHE

Part II:
http://www.youtube.com/watch?v=moEsgdzZ19c

Re:It's already on youtube

[Crazy Man on Fire (153457)]

I guess my karma whoring is done for now

DOWNLOAD MIRROR

[SirBitBucket (1292924)]

Here is a mirror of the big file: http://porksteak.com/ucsb_evoting_attack_dl.mov [porksteak.com] Will leave up as long as possible.

Wootube link

[neokushan (932374)]

Uploaded the low-quality version to youtube, here's the link:

http://www.youtube.com/watch?v=SzYUkXG7Occ [youtube.com]

(Currently processing, it'll be done soon).

Solution

[KGIII (973947)]

Until they get this shit fixed, vote on paper. Even if it is an absentee ballot.

I just dont understand why they are networked?

[FireStormZ (1315639)]

Any system, I mean any systems is open to fraud. The term 'Ballot box stuffing' pretty clearly indicates even a paper system is not 100% safe but at least, for the most part, wide scale fraud is pretty damn hard when you would have to run around from precinct to precinct stuffing boxes with the names of the recently dead (or what have you).

Electronic stand alone systems with removable media (CD's flash drives, ..., ... what have you) and ones that print a small receipt into a lock box (for multiple audit streams) is as safe and efficent as anything else...

Does anyone really WANT e-voting?

[wcrowe (94389)]

I simply do not understand the purpose of electronic voting machines. Is it to ease the counting process? Speed up the returns? Provide more accuracy? All these things sound fine if you can trust the machines. But since we can't, how can it ease the counting process when we have to recruit clerks and stewards to do meticulous recounts? What good is it to speed up the returns when recounts force us to wait for days or even weeks before we can be sure of the outcome? What good is accuracy if people don't trust the results anyway? Give me a plain, simple paper ballot any day.
   

Re:Quicktime?

[psergiu (67614)]

Just be thankful it's not streaming RealVideo or WM11 :)

Re:Quicktime?

[jellomizer (103300)]

Except for the fact the cheapest and easiest to use tools are on the Mac (iMovie) and save as quicktime. Why bother using open standards if you want to get your point across, if it will take you 2 weeks to get up and running, especially if you haven't done so before.

Re:Quicktime?

[jellomizer (103300)]

I wasn't debating the value of open standards. The point is the easiest available tools didn't use them. Open Standards are a good thing. But if the apps that use them are either opressivly expensive, or free and difficult to use they will not use them. They are trying to get a point across not start a broadcast company. As for easiest and cheapest it is quite simple. Many college students already have Mac, with iMovie. They got the Mac for other uses but it came with it so they will use it, being that the software tool is easier to use then most other video editing software so it took less time. Now if Apple incorporated iMovie to save as an open standard by default all the better. But surprise they are pushing their own standard (which has many open standards in it btw)

If you think a price at the register level you are taking a very basic view of economics. Time and Inventory have a cost as well. Even if you are doing free work at a college. Every hour you spend working on this project One less hour you have to study for a test, or to go out to a party, or a convenient section of your schedule open for a date. Taking an extra half a day trying to get an Open Standards complaint tool to work may not be worth it. Vs. Just using a widely use non standards complaint tool and get it done in a couple of hours leaving the rest of the day to do more interesting things.

Expensive and Cost don't always equal money.

Re:Quicktime?

[zappepcs (820751)]

One of the things that rubs me wrong about F/OSS or rather complaints against it is that people assume that it takes a long time to learn how to use it, or it doesn't work well or as good as product xyz.

The plain simple truth of the matter, and I have empirical evidence, is that ANY application takes time to learn how to use it well or even at all in the matter of some of the more complex applications.

For all the fanboism over MS Office, I'm willing to bet that less than 10% of the users of that suite know how to use more than 50% of the features. Most people that I've known barely know how to type well, never mind know what setting margins or complex header/footer arrangements are for. Too many people use Excel as a database and Access as a spreadsheet. The point being that what they think they know about one application is just as easy to learn about another application and easier than learning all the features of the application that they know.

Now, I do get the point that you are saying it was probably the easiest for them to use as they got it free when they purchased a Mac. Point taken. Still no need to diss other means of editing video if all you mean is 'that was probably the easiest and cheapest option for that particular group at that particular time' ... The idea that F/OSS is difficult or incomplete is both outdated and luddite-ish. In the face of how established applications and suites are used, it makes NO sense to say F/OSS alternatives are not as good or that they are not better than those established applications.

Now, I'll do what I do with all the people I run into who ask about comptuers:

Try http://www.desktop-video-guide.com/top-5-free-video-editing-software-review.html [desktop-video-guide.com] or search on Google for free video editing software.

From the link:

Conclusion:
Microsoft Movie Maker for Windows users, and Apple iMovie for MAC users are probably the two easiest to use free video editing software programs available. Both of the products will allow you to do what you want to do with your videos. However, trying out the others, you may find that you are able to add more effects and such to your videos as well. Of all the available programs out there, these are the top five free video editing software programs available.

Also from the link:

Of course, most free software does not include the same level or quality of support that you would expect to find with software that you purchase.

Read that as 12 minutes on hold at $3.49 per minute if you want phone support, where as with F/OSS the level of support on the Internet is huge! I always managed to find someone that has posted about whatever problem I've had.

Yes, I like F/OSS, and for a reason. It has real value. Supporting it requires donations AND fighting against luddite reasoning in the greater computing community. That is not to say that I think you should not use any tool at your disposal when you require a tool. I have no problem with using something that came installed on your system rather than go install something new if you have a job to get done and it will work. I use an editor I paid for, but when needed I'll edit with vi or whatever is on the system if that is what makes the most sense for that task.

(end rant)

Re:Quicktime?

[TheRaven64 (641858)]

What do you mean by 'Quicktime'? The Quicktime .mov container format exported by recent versions of Quicktime is an open standard (part of MPEG-4 now). What's in this container depends on the user, but the defaults are MPEG-4 (often now AVC) for video and MPEG-4 AAC for audio. These are all open standards, although if you're in a part of the world with a broken legal system they might be patented.

Re:Quicktime?

[Abreu (173023)]

Open standards are important in this case for the simple reason that they ensure that the message will be seen by the largest audience possible.

Re:Quicktime?

[DurendalMac (736637)]

Oh really? How many people have DivX codecs already on their computers as opposed to Windows Media or Quicktime? How many people already have Ogg Theora codecs installed? Your argument falls apart completely when you realize that a lot of open codecs are not preinstalled on systems. Grandma doesn't give a damn about how open your codec is. She cares about being able to watch something without having to download and install more crap.

Re:

[jlarocco (851450)]

Your argument falls apart completely when you realize that there's no reason they can't host the videos in multiple formats.

Re:Slashdot effect

[by Anonymous Coward]

http://www.youtube.com/watch?v=SWDEZqqqBHE [youtube.com] (part I)
http://www.youtube.com/watch?v=moEsgdzZ19c [youtube.com] (part II)

Re:paper trail fails?

[SatanicPuppy (611928)]

It doesn't per se. It relies partly on the voter not checking the paper ballot. If they don't void it, it slips through normally. If they do check it, it fixes the ballot, and acts normal.

Otherwise it tries to convince the voter they're done without actually returning the smart card. When they walk away, it voids the ballot, and pops up the "fled voter" screen. The poll worker comes up, uses the admin "submit" toggle to submit the changed vote, and takes back the card. Most places I've been, the poll workers depend on you returning the card, so that wouldn't work.

To me the most compelling piece was how easily the system was compromised. Even if it only screws with a percentage of the votes, that could be huge.

Re:paper trail fails?

[LWATCDR (28044)]

Take a look at the problems in Palm Beach county again. They lost over 3000 votes.

I swear that they do this just to get attention. Oh and before anybody makes any remarks about Florida or the south let me clue you.
Very few people in Palm Beach county are from Florida or the south. It is New York south.
It looks like this is going to a close election. Which means that the looser will without a doubt claim that they didn't and that somebody lost votes or rigged a machine.
At this point I hope that it isn't close no matter who wins. Well since I am not fond of any of the candidates at this time.

Re:

[TheLostSamurai (1051736)]

Oh and before anybody makes any remarks about Florida or the south let me clue you.
Very few people in Palm Beach county are from Florida or the south. It is New York south.

And this is exactly the problem. All of the dumbest people from other parts of the country go there to screw up elections and die.

Re:

[pushing-robot (1037830)]

Tampered machines would most likely be set up in the other party's best districts: If the fraud isn't discovered, your party gains a lot of votes. If the fraud is discovered, the district's votes would be discarded or held in legal limbo.

Heads I win, tails you lose.

Re:

[Fantastic Lad (198284)]

The Florida Panhandle scheme was dirty and wrong.

But the claim that voting machines were the result of the "Democrat Political Machine" seems far fetched in the extreme. When I looked into the history, it appears that their implementation was a long and complex process, aided in significant ways by many Republicans, and more importantly, built and programmed by companies with staunch Republican allegiances. So. . , what are you basing your assertion on?

-FL