Forgot your password?
typodupeerror
Government Hardware Hacking Security Build Politics

Video Shows Easy Hacking of E-Voting Machines 254

Posted by timothy
from the stick-to-gambling-machines-kid dept.
Mike writes "The Security Group at the University of California in Santa Barbara has released the video that shows the attacks carried out against the Sequoia voting system. The video shows an attack where a virus-like software spreads across the voting system. The coolest part of the video is the one that shows how the 'brainwashed' voting terminals can use different techniques to change the votes even when a paper audit trail is used. Pretty scary stuff. The video is absolute proof that these types of attacks are indeed feasible and not just a conspiracy theory. Also, the part that shows how the 'tamperproof' seals can be completely bypassed in seconds is very funny (and quite disturbing at the same time)."
This discussion has been archived. No new comments can be posted.

Video Shows Easy Hacking of E-Voting Machines

Comments Filter:
  • by Anonymous Coward on Tuesday September 09, 2008 @10:50AM (#24932845)

    Even though l3wdd00d might get 100% of the votes in the Presidential election, the fact that he is only 16 will be disqualifying.

  • by InsaneProcessor (869563) on Tuesday September 09, 2008 @10:54AM (#24932895)
    That is why I always early vote. It is on paper where I vote and that stands a better chance of getting counted correctly.
    • good call. i was reading about the early voting the other day -- i think i'll be doing that.
      • by Amouth (879122)

        if it wasn't for the whole.. not wanting to tie the vote to the person.. i would suggest moveing the election schedual around and put the ballat as a page on IRS tax forms.. it has to be filled out to file them.

        the IRS takes it's job seriously.. if you pay taxes you vote..

        but then people seem to want each vote to count but also don't want any names attached to the votes..

        • by pxlmusic (1147117) <pxlent@gmail.com> on Tuesday September 09, 2008 @11:19AM (#24933255) Homepage

          because people also don't want to be profiled for their electoral choices.

          for all we know, we already are. in general, it is my understanding that many political activists are already being watched.

          furthermore, i'm all for revoking a lot of these churches' tax exempt status. like Carlin said, "If these churches are so interested in politics; let them pay the same price of admission as everyone else."

          • Re: (Score:2, Flamebait)

            by somersault (912633)

            it is my understanding that many political activists are already being watched

            Isn't the technical term actually 'terrorists'? I'm not even sure whether I'm kidding anymore.

        • by Abreu (173023) on Tuesday September 09, 2008 @11:31AM (#24933417)

          In my opinion, for a modern democracy to work the vote must be mandatory, secret and universal.

          This way, no one can pinpoint who voted for whom, thus avoiding temptations of vote buying (at least some of them).

          • by stmfreak (230369)

            While I understand the need for secrecy due to corruption sending brute squads to people who voted for the wrong candidate... secrecy also conveniently allows for corruption of the vote since there is no way to audit a vote back to an individual who can say, "no, I didn't vote for that person." It also allows for multiple votes from a single participant since you cannot analyze votes and determine if the sources are unique or duplicated.

            I believe this makes democracy a bit impossible in the long run.

            Persona

            • by Amouth (879122)

              thats the way i feel.. it shouldn't be reqired to be secret who someone votes for - do i recommend makeing it easy for people to seach for people who voted for X? no.. but to look at person A and say he voted for X is fine..

              if nothing i was just thinking using the IRS tax forms for people as the ballot.. say the last page is the ballot - it isn't tied to the tax form but you must submit it completed with your taxes - IRS looks if form is filled out they take it and throw it in the box - then they proccess

            • by Anonymous Coward on Tuesday September 09, 2008 @12:28PM (#24934169)

              Voting must be designed to be transparent rather than auditable. In a proper democratic election, you can observe the whole process if you want. The only bit you can't observe is when other people actually mark their ballots, but that doesn't create a corruption opportunity, because you can observe the ballot being issued to the voter and the voter putting the ballot into the ballot box. Whatever the voter did with the ballot, it is still just one ballot and will be counted publicly.

              Voting systems where you can't observe one or more of the following steps are corruptible and should not be used in a democratic election: Issuing the ballot to the voter, collecting the ballot (punched cards are collected inside the voting machine: not observable), keeping the votes until the counting starts and finally counting the votes. With electronic voting systems, you can't observe any of these steps. Even paper audit trails don't solve the problem: The audit trail must remain secret during voting, so it stays in the machine, which means you can't observe it continuously until the votes are counted.

              A piece of paper per voter and a couple of hours for counting votes in public: Is that really too much to ask when you elect the most powerful person in the world?

            • by oggiejnr (999258)
              The main reason for moving to a secret ballot is to reduce the effects of vote buying due to it begin (theoretically) unable to confirm (although there are discussions as to why this is not perfect). It would arguably be worse for democracy for your employer to make it known that anyone who does not vote for his preferred candidate will be fired.
    • by R2.0 (532027) on Tuesday September 09, 2008 @11:04AM (#24933045)

      "That is why I always early vote. It is on paper where I vote and that stands a better chance of getting counted correctly."

      Don't be so smug. Early voting gives those who would deny your vote more time to tamper.

      Let's say you mail in your ballot 2 weeks ahead of time. They are collected and sorted by precinct, and then held until election day to be opened.

      Just sitting there.

      And then someone drops some of the ballots from certain precincts in the shredder - you know, the ones that vote overwhelmingly for one party? Not enough to cause a lot of suspicion, but enough to make a difference in a tight race. Now, not only is your vote gone, you don't even know it - the tampering happened before election day. AND, even if it is discovered early enough, they won't know exactly WHO got screwed, so you won't get another shot.

      E-voting makes it easy for small numbers of people to tamper on a large scale. That doesn't mean that good old fashioned vote rigging has disappeared. Spam hasn't eliminated junk mail, has it?

      • by tlhIngan (30335)

        "That is why I always early vote. It is on paper where I vote and that stands a better chance of getting counted correctly."

        Don't be so smug. Early voting gives those who would deny your vote more time to tamper.

        Let's say you mail in your ballot 2 weeks ahead of time. They are collected and sorted by precinct, and then held until election day to be opened.

        Just sitting there.

        And then someone drops some of the ballots from certain precincts in the shredder - you know, the ones that vote overwhelmingly for one

      • Re: (Score:3, Interesting)

        VoteHere had a solution to that, which was a tracking barcode on the ballot which a voter could use to check whether her ballot got scanned at the counting station. Cryptographic High Magic kept the ballot from being linked back to the voter, barring extensive collusion or some edge cases(*). This was field tested in one small county in Washington State, where it met with a lawsuit because state law does not permit any unique marking on a ballot at all and specifies "absolute" secrecy. King County, the big

    • by Hyppy (74366) on Tuesday September 09, 2008 @11:04AM (#24933059)
      Even if your 1 vote is counted correctly, a compromised voting machine farm can render it negligible in terms of effect.
    • by anw (42556) on Tuesday September 09, 2008 @11:50AM (#24933685)

      I find this comment slightly surreal, and honestly believe only an American could have written it.

      Democracy is not a commodity that you can have even though your neighbour doesn't. It is more like peace, or sanitation : everyone has it or no-one has it.

      To respond to a demonstration that your democratic system has a very serious problem by saying 'Hey, I reckon I got my vote counted' is, well, bizzare.

    • In California, Giuliani and Edwards both dropped out less than a week before the primary election date, and Romney dropped out the 7th. Many Californians cast their absentee ballots a month in advance of the election date. After all votes were counted there were over a million votes (out of about 9 million total) for candidates that weren't even running.

      I'm not claiming this single state could have altered the final nominees of Obama and McCain, but I am making a point about why one might not want t
  • Theatre (Score:5, Interesting)

    by adpsimpson (956630) on Tuesday September 09, 2008 @10:58AM (#24932969)

    The interesting thing here is that I would expect one of two things. Either physical security should be taken seriously, in which case a 'tamperproof' seal should be just that (not hard to design) or an assumption be made (not unreasonably) that physical attack against the machines is unlikely and easily preventable.

    A supposedly tamper-proof seal which can be circumvented shows either a cynical disregard for physical safety (ie "we know it's a threat, so we'll put in a seal to make people think we've taken it seriously") or another TSA-style "theatre" solution (ie "we don't think it's a threat, but we'll let people believe that it is, and that we've done something about it").

    Both of these interpretations are disturbing. However Hanlon's Razor ("Never ascribe to malice that which is adequately explained by stupidity") may of course apply.

    • Re: (Score:3, Informative)

      by Serenissima (1210562)
      I don't think it's just stupidity. "You get what you pay for" is part of it as well. A private contractor needs to make a profit and it costs money to make things secure. If no one buys your voting computer because it's too expensive, you lose. So, you need to dumb it down - when you dumb it down, the security becomes crappier.

      I'm sure most of us here can come up with a dozen ways of making voting machines far more secure. How about proprietary connectors so that any Joe Schmoe can't sidle up and stick in
  • by COMON$ (806135) * on Tuesday September 09, 2008 @10:58AM (#24932975) Journal
    The real question is, is this more difficult to spoof than the current paper method? Anyone can fake a paper ballot, it is a small subset who can carry out these electronic attacks, although the consequences of this smaller subset's maliciousness could be worse.
    • by NotBornYesterday (1093817) * on Tuesday September 09, 2008 @11:04AM (#24933057) Journal
      But faking large numbers of paper ballots at many sites is a large undertaking, and harder to hide without a big (read: hard to keep secret) conspiracy. Faking electronics ballots could be done by a smaller number of people, but on a larger and less detectable scale.
      • True, but in the last Presidential election it decided by a relatively small number of voters in key states. Since the electoral system is all or nothing by state, a small change in number in certain states could affect an outcome.
        Kerry lost by 35 electoral votes. In 3 states:

        New Mexico (6K votes, 5 electoral)
        Iowa (10K votes , 7 electoral)
        Nevada (20K, 5 electoral)

        Now this swing of 40K votes would have made Kerry 1 electoral vote short of the Presidency and would not have changed the outcome. But

    • by SatanicPuppy (611928) * <Satanicpuppy@ g m a i l . c om> on Tuesday September 09, 2008 @11:05AM (#24933071) Journal

      This exploit depends on the use of USB keys in the setup process, so it's more a matter of screwing with those keys. Judging by my experience, that would be pretty trivial. The running exploit could be recognized by a competent poll worker, but again, that's not all that likely.

      The whole electronic voting thing is hugely flawed. They're building the machines on an extremely hackable (windows) base, rather than a custom firmware. The design does not take into account real security concerns.

      While anyone can fake a paper ballot, it would be extremely difficult to fake enough ballots to make a difference. This is not the case with electronic voting. Paper is a much more secure system.

      • by TheRaven64 (641858) on Tuesday September 09, 2008 @11:28AM (#24933377) Journal

        The running exploit could be recognized by a competent poll worker

        And this highlights the flaw in electronic voting. The more complex the polling system, the more skill required to ensure fairness. In a paper ballot, anyone can act as an overseer and be confident that the votes were not tampered with while they are watching. With an electronic system that drops to, what, 10%? 1%? 0.1%? And with such a small percentage capable of ensuring election fairness, do you really have a democracy anymore?

  • ok...I haven't watched the vids because I am at work, but how can a paper trail fail? I mean if I get a receipt that I am going to then put into a voting box, I should be able to check it to make sure I voted for the people I said I was going to vote for...if it is wrong, I should be able to change my vote and print another receipt.

    • ok...I haven't watched the vids because I am at work, but how can a paper trail fail?

      If there's nothing obviously wrong with the machines, it might never get looked at, especially in larger counties.

    • by SatanicPuppy (611928) * <Satanicpuppy@ g m a i l . c om> on Tuesday September 09, 2008 @11:11AM (#24933157) Journal

      It doesn't per se. It relies partly on the voter not checking the paper ballot. If they don't void it, it slips through normally. If they do check it, it fixes the ballot, and acts normal.

      Otherwise it tries to convince the voter they're done without actually returning the smart card. When they walk away, it voids the ballot, and pops up the "fled voter" screen. The poll worker comes up, uses the admin "submit" toggle to submit the changed vote, and takes back the card. Most places I've been, the poll workers depend on you returning the card, so that wouldn't work.

      To me the most compelling piece was how easily the system was compromised. Even if it only screws with a percentage of the votes, that could be huge.

    • by LWATCDR (28044) on Tuesday September 09, 2008 @11:14AM (#24933185) Homepage Journal

      Take a look at the problems in Palm Beach county again. They lost over 3000 votes.

      I swear that they do this just to get attention. Oh and before anybody makes any remarks about Florida or the south let me clue you.
      Very few people in Palm Beach county are from Florida or the south. It is New York south.
      It looks like this is going to a close election. Which means that the looser will without a doubt claim that they didn't and that somebody lost votes or rigged a machine.
      At this point I hope that it isn't close no matter who wins. Well since I am not fond of any of the candidates at this time.

      • Re: (Score:3, Funny)

        Oh and before anybody makes any remarks about Florida or the south let me clue you.
        Very few people in Palm Beach county are from Florida or the south. It is New York south.

        And this is exactly the problem. All of the dumbest people from other parts of the country go there to screw up elections and die.

    • Re: (Score:3, Insightful)

      Tampered machines would most likely be set up in the other party's best districts: If the fraud isn't discovered, your party gains a lot of votes. If the fraud is discovered, the district's votes would be discarded or held in legal limbo.

      Heads I win, tails you lose.

  • by mamer-retrogamer (556651) on Tuesday September 09, 2008 @10:59AM (#24932995)
    ... hosted on an .edu server?

    This can't end well.

    I'm downloading now, will convert to mpeg4, and post a torrent to mininova (if the server doesn't melt before the download completes).
    • Do .edu servers typically have low bandwidth? I have a .ac.uk machine which has a GigE connection in the back which is connected to a 34Gb/s upstream link. Bandwidth really isn't an issue for most educational establishments. And why would you convert it to MPEG-4? MPEG-4 has been the default format for Quicktime for several years (MPEG-4 AVC is now for video, I believe, and MPEG-4 AAC still is for audio), and the Quicktime container format is one of the official MPEG-4 standard containers.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      ... hosted on an .edu server?

      This can't end well.

      It seems to be on youtube:
      http://www.youtube.com/watch?v=SWDEZqqqBHE (part I)
      http://www.youtube.com/watch?v=moEsgdzZ19c (part II)

    • Torrent here: (Score:5, Informative)

      by mamer-retrogamer (556651) on Tuesday September 09, 2008 @11:34AM (#24933459)
      ucsb evoting attack [mininova.org]
  • Slashdotted already? Anyone have an alternate link?

  • by Anonymous Coward on Tuesday September 09, 2008 @11:05AM (#24933073)

    Nah, it shows you how good those paper voter verified paper trails are!

    In scenario 2, the careful voter, the voter checks the screen, then checks the printout, then notices the printout is incorrect and gets the vote voided and recast.
    But if he was a careful voter he'd raise a stink about how the screen was correct, and people would notice that the machines record the printout differently than the screen shows. There would be investigations, accusations and stuff. It would be videod.

    Likewise the careless voter, the machine doesn't know is the voter is careful or careless, so it only takes a few careful voters to screw up the attack no matter how many careless voters there are, who don't double check the paper trail.

    Scenario 3 & 4 are so obscure as to be worthless (requiring the voter vote but then leave and nobody noticing the machine doing stuff).

    What this video really shows IS JUST HOW DAMN DIFFICULT IT IS TO FOOL THE PAPER AUDIT TRAIL.

    • They all depend on the voter being careless, and the poll workers being poorly trained. That's a pretty good bet...I wouldn't say it's not feasible, though I agree, it would be caught with a competent staff, and the paper trail was still accurate, assuming 3 & 4 didn't pass unnoticed.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      It doesn't matter what the screen and printout say, only what is recorded on the card. The reason is that manual recounts are not done. Even 'random' checking is done in some states by looking at the summary printouts on boxes of votes and checking that they add up to the numbers for the polling location (ie adding the computer summaries for each computer and seeing that it matches the sum for the polling location). The votes are not actually even counted during a random recount.

      At least that's how it wo

  • where were these guys two elections ago? The horses have long left the barn. The hacks in place now are likely protected by the DMCA.
    • It was three elections ago - the DMCA was Clinton's doing, not Bush's.

      http://en.wikipedia.org/wiki/DMCA [wikipedia.org]

      I find it somewhat amusing that the captcha in a thread about vote hacking is "certify".

    • I was wondering the same thing. BTW, isn't circumventing the security on a voting machine constitute several federal felony offenses?

    • by JetScootr (319545)
      They were trying to get the gov't to ensure the machines were secure. This story is the result of a long,long fight against the manufacturers of the crappy voting machines; all of the worst problems of "IP" have been demonstrated.
  • by Crazy Man on Fire (153457) on Tuesday September 09, 2008 @11:16AM (#24933213) Homepage

    Here's the goods:

    Full 100mb version: http://www.cs.ucsb.edu.nyud.net/~seclab/projects/voting/ucsb_evoting_attack_dl.mov [nyud.net]
    Compressed 10mb version: http://www.cs.ucsb.edu.nyud.net/~seclab/projects/voting/ucsb_evoting_attack_dl_small.3gp [nyud.net]

    Posting to YouTube after download finishes...

  • DOWNLOAD MIRROR (Score:3, Informative)

    by SirBitBucket (1292924) on Tuesday September 09, 2008 @11:21AM (#24933289)
    Here is a mirror of the big file: http://porksteak.com/ucsb_evoting_attack_dl.mov [porksteak.com] Will leave up as long as possible.
  • Wootube link (Score:3, Interesting)

    by neokushan (932374) on Tuesday September 09, 2008 @11:23AM (#24933307)

    Uploaded the low-quality version to youtube, here's the link:

    http://www.youtube.com/watch?v=SzYUkXG7Occ [youtube.com]

    (Currently processing, it'll be done soon).

  • We need verifiable results, so why aren't we demanding End to End [wikipedia.org] voting systems from our governments?
  • (And granted I can't get to the article so it may discuss this) so what? This has been proven. There have been a dozen stories on this. What are they doing about sharing the information with policy makers? It's great that we read this and become angry. But we don't create the laws*. Are they trying to use the school's considerable clout to get in front of the state Legislature? Congress? If not, then it's a neat hack and that's it.

    * And I don't want to hear, "Well we elect the people who do." I've written
  • Open Source (Score:2, Interesting)

    I think that any voting software should be open source. If we're to trust our votes to machines, then the software running them should be in an open box, not a black one. Perhaps then we wouldn't have to read about the security holes; we could find point them out ourselves.
    • by cdrguru (88047)

      The process is far more important than the software. I don't care what the software is if the machines are secured properly. If the machines are not secured properly the software can be replaced, exchanged, modified or even the hardware can be tampered with.

      Most of the difficulties being described are process problems, not problems with the software. If each machine had four armed National Guardsmen around it instead of some tamper seal we could be assured there would be little opportunity for tampering.

  • Solution (Score:4, Insightful)

    by KGIII (973947) * on Tuesday September 09, 2008 @11:47AM (#24933655) Journal

    Until they get this shit fixed, vote on paper. Even if it is an absentee ballot.

  • It's a shame (Score:2, Informative)

    by S7urm (126547)

    that we can't figure out a more relevant form of voting to appeal to a larger contingent of the American populace, maybe more people, more easily accessing voting methods, would allow for a more viable collaboration of opinion in regards to the election of our National officials. But I digress, the super delegate and the Electoral College make my point m00t.

  • by FireStormZ (1315639) on Tuesday September 09, 2008 @12:27PM (#24934153)

    Any system, I mean any systems is open to fraud. The term 'Ballot box stuffing' pretty clearly indicates even a paper system is not 100% safe but at least, for the most part, wide scale fraud is pretty damn hard when you would have to run around from precinct to precinct stuffing boxes with the names of the recently dead (or what have you).

    Electronic stand alone systems with removable media (CD's flash drives, ..., ... what have you) and ones that print a small receipt into a lock box (for multiple audit streams) is as safe and efficent as anything else...

  • by Anonymous Coward

    Before I even read all the comments, may somebody please explain to me WHY it is necessary to e-vote in the first place, regardless of the system????

    I keep finding articles explaining how e-voting should be made better, but not even one explaining WHY a country which is still voting on paper only should ever bother to pass to e-voting. I mean, even in the best ideal case, pretending there are no tampering issues, e-voting requires much more competence from the booth staff to make it work. Whereas any bozo w

  • In the US we have a collection of folks called "TV News". They rely on delivery of titilating information to collect ratings upon which their advertising revenue is based. Without this, they have no function and many many people will be out on the street looking for work.

    A significant source of information is elections. Everyone in the US wants to know who won because the elections (local, state and national) are referred to as a "horserace" and everyone wants to know the results of the "race". Races ha

  • by wcrowe (94389) on Tuesday September 09, 2008 @02:05PM (#24935335)

    I simply do not understand the purpose of electronic voting machines. Is it to ease the counting process? Speed up the returns? Provide more accuracy? All these things sound fine if you can trust the machines. But since we can't, how can it ease the counting process when we have to recruit clerks and stewards to do meticulous recounts? What good is it to speed up the returns when recounts force us to wait for days or even weeks before we can be sure of the outcome? What good is accuracy if people don't trust the results anyway? Give me a plain, simple paper ballot any day.
       

  • ...and that's how we got Cowboy Neal for President!

If a listener nods his head when you're explaining your program, wake him up.

Working...