Slashdot Log In
Video Shows Easy Hacking of E-Voting Machines
Posted by
timothy
on Tue Sep 09, 2008 10:47 AM
from the stick-to-gambling-machines-kid dept.
from the stick-to-gambling-machines-kid dept.
Mike writes "The Security Group at the University of California in Santa Barbara has released the video that shows the attacks carried out against the Sequoia voting system. The video shows an attack where a virus-like software spreads across the voting system. The coolest part of the video is the one that shows how the 'brainwashed' voting terminals can use different techniques to change the votes even when a paper audit trail is used. Pretty scary stuff. The video is absolute proof that these types of attacks are indeed feasible and not just a conspiracy theory. Also, the part that shows how the 'tamperproof' seals can be completely bypassed in seconds is very funny (and quite disturbing at the same time)."
Related Stories
Firehose:Video Shows Easy Hacking Of E-Voting Machines by Anonymous Coward
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Early vote makes your vote count (better chance) (Score:5, Interesting)
Re:Early vote makes your vote count (better chance (Score:5, Insightful)
"That is why I always early vote. It is on paper where I vote and that stands a better chance of getting counted correctly."
Don't be so smug. Early voting gives those who would deny your vote more time to tamper.
Let's say you mail in your ballot 2 weeks ahead of time. They are collected and sorted by precinct, and then held until election day to be opened.
Just sitting there.
And then someone drops some of the ballots from certain precincts in the shredder - you know, the ones that vote overwhelmingly for one party? Not enough to cause a lot of suspicion, but enough to make a difference in a tight race. Now, not only is your vote gone, you don't even know it - the tampering happened before election day. AND, even if it is discovered early enough, they won't know exactly WHO got screwed, so you won't get another shot.
E-voting makes it easy for small numbers of people to tamper on a large scale. That doesn't mean that good old fashioned vote rigging has disappeared. Spam hasn't eliminated junk mail, has it?
Parent
Re:Early vote makes your vote count (better chance (Score:4, Insightful)
Parent
Re:Early vote makes your vote count (better chance (Score:5, Insightful)
I find this comment slightly surreal, and honestly believe only an American could have written it.
Democracy is not a commodity that you can have even though your neighbour doesn't. It is more like peace, or sanitation : everyone has it or no-one has it.
To respond to a demonstration that your democratic system has a very serious problem by saying 'Hey, I reckon I got my vote counted' is, well, bizzare.
Parent
Re:Early vote makes your vote count (better chance (Score:5, Insightful)
because people also don't want to be profiled for their electoral choices.
for all we know, we already are. in general, it is my understanding that many political activists are already being watched.
furthermore, i'm all for revoking a lot of these churches' tax exempt status. like Carlin said, "If these churches are so interested in politics; let them pay the same price of admission as everyone else."
Parent
Re:Early vote makes your vote count (better chance (Score:4, Insightful)
In my opinion, for a modern democracy to work the vote must be mandatory, secret and universal.
This way, no one can pinpoint who voted for whom, thus avoiding temptations of vote buying (at least some of them).
Parent
Re:Early vote makes your vote count (better chance (Score:5, Interesting)
I work as an "Election Judge" every election (they used to call them "Poll Workers". Each year the county hires hundreds of average people, gives them a couple hours of training, and they are the ones who set up the machines, check for ID's, handle the list of registered voters, etc.
Me, I'm a "Machine Judge." I get to the polling area in the morning of the election, the machines are already there, unassemblede. I check the seals, and set up the machines, activate the machines for the voters during the day, get the results out of it at night, take the results to a central location.
Low paying? Not where I live. I get $250.00 for the couple hours training and working on election day at one precinct, which is not bad.
It's well looking into. Take a paid vacation day, get $250 over that, and be the one who protects the democratic process (at least at the precinct you are at).
They need geeks who are computer literate. You should see some of the geezers try to set up those voting machines. It's sad.
Parent
Theatre (Score:5, Interesting)
The interesting thing here is that I would expect one of two things. Either physical security should be taken seriously, in which case a 'tamperproof' seal should be just that (not hard to design) or an assumption be made (not unreasonably) that physical attack against the machines is unlikely and easily preventable.
A supposedly tamper-proof seal which can be circumvented shows either a cynical disregard for physical safety (ie "we know it's a threat, so we'll put in a seal to make people think we've taken it seriously") or another TSA-style "theatre" solution (ie "we don't think it's a threat, but we'll let people believe that it is, and that we've done something about it").
Both of these interpretations are disturbing. However Hanlon's Razor ("Never ascribe to malice that which is adequately explained by stupidity") may of course apply.
Slashdot links to a 100MB QuickTime movie... (Score:4, Informative)
This can't end well.
I'm downloading now, will convert to mpeg4, and post a torrent to mininova (if the server doesn't melt before the download completes).
Torrent here: (Score:5, Informative)
Parent
Coralized Download Link (Score:5, Informative)
Here's the goods:
Full 100mb version: http://www.cs.ucsb.edu.nyud.net/~seclab/projects/voting/ucsb_evoting_attack_dl.mov [nyud.net]
Compressed 10mb version: http://www.cs.ucsb.edu.nyud.net/~seclab/projects/voting/ucsb_evoting_attack_dl_small.3gp [nyud.net]
Posting to YouTube after download finishes...
It's already on youtube (Score:5, Informative)
Part I:
http://www.youtube.com/watch?v=SWDEZqqqBHE
Part II:
http://www.youtube.com/watch?v=moEsgdzZ19c
Parent
Re:It's already on youtube (Score:4, Funny)
I guess my karma whoring is done for now
Parent
Solution (Score:4, Insightful)
Until they get this shit fixed, vote on paper. Even if it is an absentee ballot.
Re:Quicktime? (Score:4, Insightful)
Just be thankful it's not streaming RealVideo or WM11 :)
Parent
Re:Quicktime? (Score:4, Informative)
Except for the fact the cheapest and easiest to use tools are on the Mac (iMovie) and save as quicktime. Why bother using open standards if you want to get your point across, if it will take you 2 weeks to get up and running, especially if you haven't done so before.
Parent
Re:Quicktime? (Score:5, Informative)
Parent
Re:Quicktime? (Score:5, Informative)
Open standards are important in this case for the simple reason that they ensure that the message will be seen by the largest audience possible.
Parent
Re:Everything is hackable (Score:5, Insightful)
Parent
Re:Everything is hackable (Score:4, Insightful)
This exploit depends on the use of USB keys in the setup process, so it's more a matter of screwing with those keys. Judging by my experience, that would be pretty trivial. The running exploit could be recognized by a competent poll worker, but again, that's not all that likely.
The whole electronic voting thing is hugely flawed. They're building the machines on an extremely hackable (windows) base, rather than a custom firmware. The design does not take into account real security concerns.
While anyone can fake a paper ballot, it would be extremely difficult to fake enough ballots to make a difference. This is not the case with electronic voting. Paper is a much more secure system.
Parent
Re:Everything is hackable (Score:5, Insightful)
The running exploit could be recognized by a competent poll worker
And this highlights the flaw in electronic voting. The more complex the polling system, the more skill required to ensure fairness. In a paper ballot, anyone can act as an overseer and be confident that the votes were not tampered with while they are watching. With an electronic system that drops to, what, 10%? 1%? 0.1%? And with such a small percentage capable of ensuring election fairness, do you really have a democracy anymore?
Parent
Re:paper trail fails? (Score:5, Informative)
It doesn't per se. It relies partly on the voter not checking the paper ballot. If they don't void it, it slips through normally. If they do check it, it fixes the ballot, and acts normal.
Otherwise it tries to convince the voter they're done without actually returning the smart card. When they walk away, it voids the ballot, and pops up the "fled voter" screen. The poll worker comes up, uses the admin "submit" toggle to submit the changed vote, and takes back the card. Most places I've been, the poll workers depend on you returning the card, so that wouldn't work.
To me the most compelling piece was how easily the system was compromised. Even if it only screws with a percentage of the votes, that could be huge.
Parent
Re:paper trail fails? (Score:5, Interesting)
Take a look at the problems in Palm Beach county again. They lost over 3000 votes.
I swear that they do this just to get attention. Oh and before anybody makes any remarks about Florida or the south let me clue you.
Very few people in Palm Beach county are from Florida or the south. It is New York south.
It looks like this is going to a close election. Which means that the looser will without a doubt claim that they didn't and that somebody lost votes or rigged a machine.
At this point I hope that it isn't close no matter who wins. Well since I am not fond of any of the candidates at this time.
Parent
Re:We have a system to protect against this (Score:5, Informative)
*sigh* And these ACs are part the people who help decide the fate of the nation? No wonder we're screwed...
Barack had dual citizenship with Kenya (NOT Indonesia) and the US until 21 years old when Kenyan law required him to abandon it. He was born in Hawaii which makes him a natural born citizen.
McCain was born on a naval base which is considered soverign US soil for the purposes of birth, and has been since the 1790s by an act of Congress. (It's true the wording isn't as clear as it could be, but it's clear what the intent is of the bill.)
Both candidates are US citizens and natural born. This is all a non issue, has been, will be. Go find some other misinformation to spread...
Parent
Re:We have a system to protect against this (Score:5, Funny)
"The 1790 law remained in effect until the Naturalization Act of 1795 superseded it. The 1795 law removed mention of natural born citizen status"
So he just barely got in then?
Parent