Video Shows Easy Hacking of E-Voting Machines 254
Mike writes "The Security Group at the University of California in Santa Barbara has released the video that shows the attacks carried out against the Sequoia voting system. The video shows an attack where a virus-like software spreads across the voting system. The coolest part of the video is the one that shows how the 'brainwashed' voting terminals can use different techniques to change the votes even when a paper audit trail is used. Pretty scary stuff. The video is absolute proof that these types of attacks are indeed feasible and not just a conspiracy theory. Also, the part that shows how the 'tamperproof' seals can be completely bypassed in seconds is very funny (and quite disturbing at the same time)."
Re:Quicktime? (Score:4, Insightful)
Just be thankful it's not streaming RealVideo or WM11 :)
Re:Early vote makes your vote count (better chance (Score:5, Insightful)
"That is why I always early vote. It is on paper where I vote and that stands a better chance of getting counted correctly."
Don't be so smug. Early voting gives those who would deny your vote more time to tamper.
Let's say you mail in your ballot 2 weeks ahead of time. They are collected and sorted by precinct, and then held until election day to be opened.
Just sitting there.
And then someone drops some of the ballots from certain precincts in the shredder - you know, the ones that vote overwhelmingly for one party? Not enough to cause a lot of suspicion, but enough to make a difference in a tight race. Now, not only is your vote gone, you don't even know it - the tampering happened before election day. AND, even if it is discovered early enough, they won't know exactly WHO got screwed, so you won't get another shot.
E-voting makes it easy for small numbers of people to tamper on a large scale. That doesn't mean that good old fashioned vote rigging has disappeared. Spam hasn't eliminated junk mail, has it?
Re:Everything is hackable (Score:5, Insightful)
Re:Early vote makes your vote count (better chance (Score:4, Insightful)
Re:Everything is hackable (Score:4, Insightful)
This exploit depends on the use of USB keys in the setup process, so it's more a matter of screwing with those keys. Judging by my experience, that would be pretty trivial. The running exploit could be recognized by a competent poll worker, but again, that's not all that likely.
The whole electronic voting thing is hugely flawed. They're building the machines on an extremely hackable (windows) base, rather than a custom firmware. The design does not take into account real security concerns.
While anyone can fake a paper ballot, it would be extremely difficult to fake enough ballots to make a difference. This is not the case with electronic voting. Paper is a much more secure system.
It shows the power of paper trails (Score:3, Insightful)
Nah, it shows you how good those paper voter verified paper trails are!
In scenario 2, the careful voter, the voter checks the screen, then checks the printout, then notices the printout is incorrect and gets the vote voided and recast.
But if he was a careful voter he'd raise a stink about how the screen was correct, and people would notice that the machines record the printout differently than the screen shows. There would be investigations, accusations and stuff. It would be videod.
Likewise the careless voter, the machine doesn't know is the voter is careful or careless, so it only takes a few careful voters to screw up the attack no matter how many careless voters there are, who don't double check the paper trail.
Scenario 3 & 4 are so obscure as to be worthless (requiring the voter vote but then leave and nobody noticing the machine doing stuff).
What this video really shows IS JUST HOW DAMN DIFFICULT IT IS TO FOOL THE PAPER AUDIT TRAIL.
Re:Early vote makes your vote count (better chance (Score:5, Insightful)
because people also don't want to be profiled for their electoral choices.
for all we know, we already are. in general, it is my understanding that many political activists are already being watched.
furthermore, i'm all for revoking a lot of these churches' tax exempt status. like Carlin said, "If these churches are so interested in politics; let them pay the same price of admission as everyone else."
Re:Everything is hackable (Score:5, Insightful)
The running exploit could be recognized by a competent poll worker
And this highlights the flaw in electronic voting. The more complex the polling system, the more skill required to ensure fairness. In a paper ballot, anyone can act as an overseer and be confident that the votes were not tampered with while they are watching. With an electronic system that drops to, what, 10%? 1%? 0.1%? And with such a small percentage capable of ensuring election fairness, do you really have a democracy anymore?
Re:Early vote makes your vote count (better chance (Score:4, Insightful)
In my opinion, for a modern democracy to work the vote must be mandatory, secret and universal.
This way, no one can pinpoint who voted for whom, thus avoiding temptations of vote buying (at least some of them).
Re:paper trail fails? (Score:3, Insightful)
Tampered machines would most likely be set up in the other party's best districts: If the fraud isn't discovered, your party gains a lot of votes. If the fraud is discovered, the district's votes would be discarded or held in legal limbo.
Heads I win, tails you lose.
Solution (Score:4, Insightful)
Until they get this shit fixed, vote on paper. Even if it is an absentee ballot.
Re:Early vote makes your vote count (better chance (Score:5, Insightful)
I find this comment slightly surreal, and honestly believe only an American could have written it.
Democracy is not a commodity that you can have even though your neighbour doesn't. It is more like peace, or sanitation : everyone has it or no-one has it.
To respond to a demonstration that your democratic system has a very serious problem by saying 'Hey, I reckon I got my vote counted' is, well, bizzare.
software or government? (Score:1, Insightful)
Re:Quicktime? (Score:4, Insightful)
I wasn't debating the value of open standards. The point is the easiest available tools didn't use them. Open Standards are a good thing. But if the apps that use them are either opressivly expensive, or free and difficult to use they will not use them. They are trying to get a point across not start a broadcast company. As for easiest and cheapest it is quite simple. Many college students already have Mac, with iMovie. They got the Mac for other uses but it came with it so they will use it, being that the software tool is easier to use then most other video editing software so it took less time. Now if Apple incorporated iMovie to save as an open standard by default all the better. But surprise they are pushing their own standard (which has many open standards in it btw)
If you think a price at the register level you are taking a very basic view of economics. Time and Inventory have a cost as well. Even if you are doing free work at a college. Every hour you spend working on this project One less hour you have to study for a test, or to go out to a party, or a convenient section of your schedule open for a date. Taking an extra half a day trying to get an Open Standards complaint tool to work may not be worth it. Vs. Just using a widely use non standards complaint tool and get it done in a couple of hours leaving the rest of the day to do more interesting things.
Expensive and Cost don't always equal money.
Re:Quicktime? (Score:1, Insightful)
If this is a video pertaining to hacking why would you blame not releasing in another format on it being technically harder. They are hackers. I am sure they could find a way to do it pretty quickly. It's not like there aren't any conversion tools out there. I know people don't care but when someone is on a Windows machine that doesn't have quicktime, or a Linux machine they get marginalized. Sure if this was about an art expo or something I can understand but this is about hacking. One would expect a better choice in codec. Not being an open source pundit here, i'd settle for something that works across all 3 platforms, open or not (Would be nice to get REAL QT support).
And for the record WMV works decently under Linux, not the best but decently.
Re:We have a system to protect against this (Score:3, Insightful)
McCain was born on a naval base which is considered soverign US soil for the purposes of birth, and has been since the 1790s by an act of Congress. (It's true the wording isn't as clear as it could be, but it's clear what the intent is of the bill.)
(This thread is decidedly OT from e-voting.)
As I understand it, the topic of "natural born" is untested, and is certainly not clear here. However, no one is likely to contest John McCain in his candidacy based on his birth, so this is probably moot.
The topic of "natural born" was a topic on the Legal Lad podcast [quickanddirtytips.com] back in March. The key points:
The Fourteenth Amendment provides that, "All persons born or naturalized in the United States, and subject to the jurisdiction thereof, are citizens of the United States and of the State wherein they reside." This gives rise to the notion that there are two kinds of citizens: born and naturalized. So, the question becomes, was John McCain effectively born in the U.S., or did some law make him a citizen, rendering him naturalized?
The reason this is important is that John McCain was born on U.S. military base Coco Solo in the Panama Canal Zone to U.S. parents. Does that make him a "natural born Citizen?"
First, it is important to note that John McCain is definitely a "Citizen" of the United States. [...]
Proponents of McCain's eligibility argue that McCain must be a natural born citizen because he was born a citizen by virtue of his parents being citizens and the birth occurring on a military base. [...] Opponents of McCain's eligibility would point to the dichotomy between being born a citizen, and being declared a citizen. If, under the language of the Fourteenth Amendment and Immigration and Naturalization Act of 1952, a person is "declared" to be a citizen, then the person was not a citizen at the moment of birth. The law "declared" him to be a citizen, and so the person was naturalized, not naturally born. [...] Last, current State Department policy reads: "Despite widespread popular belief, U.S. military installations abroad and U.S. diplomatic or consular facilities are not part of the United States within the meaning of the 14th Amendment. [...]
In the end, a group challenging McCain on this ground might face a backlash. McCain was a prisoner of war, and was born outside the physical boundaries of the U.S. only because the government ordered his parents there. He does not seem to be the problem that the original framers envisioned: a foreigner without current allegiance to the newly-founded United States. McCain, a longtime senator, does not seem to really fit this problem.
I just dont understand why they are networked? (Score:3, Insightful)
Any system, I mean any systems is open to fraud. The term 'Ballot box stuffing' pretty clearly indicates even a paper system is not 100% safe but at least, for the most part, wide scale fraud is pretty damn hard when you would have to run around from precinct to precinct stuffing boxes with the names of the recently dead (or what have you).
Electronic stand alone systems with removable media (CD's flash drives, ..., ... what have you) and ones that print a small receipt into a lock box (for multiple audit streams) is as safe and efficent as anything else...
Re:Early vote makes your vote count (better chance (Score:4, Insightful)
Voting must be designed to be transparent rather than auditable. In a proper democratic election, you can observe the whole process if you want. The only bit you can't observe is when other people actually mark their ballots, but that doesn't create a corruption opportunity, because you can observe the ballot being issued to the voter and the voter putting the ballot into the ballot box. Whatever the voter did with the ballot, it is still just one ballot and will be counted publicly.
Voting systems where you can't observe one or more of the following steps are corruptible and should not be used in a democratic election: Issuing the ballot to the voter, collecting the ballot (punched cards are collected inside the voting machine: not observable), keeping the votes until the counting starts and finally counting the votes. With electronic voting systems, you can't observe any of these steps. Even paper audit trails don't solve the problem: The audit trail must remain secret during voting, so it stays in the machine, which means you can't observe it continuously until the votes are counted.
A piece of paper per voter and a couple of hours for counting votes in public: Is that really too much to ask when you elect the most powerful person in the world?
Here's 1 million reasons not to vote (too) early (Score:3, Insightful)
I'm not claiming this single state could have altered the final nominees of Obama and McCain, but I am making a point about why one might not want to vote (too) early.
Why is e-voting necessary? (Score:2, Insightful)
Before I even read all the comments, may somebody please explain to me WHY it is necessary to e-vote in the first place, regardless of the system????
I keep finding articles explaining how e-voting should be made better, but not even one explaining WHY a country which is still voting on paper only should ever bother to pass to e-voting. I mean, even in the best ideal case, pretending there are no tampering issues, e-voting requires much more competence from the booth staff to make it work. Whereas any bozo who went to primary school and can find his way to the booth CAN count ballots, add them up or check that the sum was correct.
To alter paper-voting elections enough to make a difference you must have many more people who make a mess (by malice or incompetence it doesn't really matter) than to obtain the same result with e-voting, isn't it?
If so, what the F**K does a country really gains with e-voting which justifies the effort and makes it worthwhile to ignore all the tampering issues?
Re:Quicktime? (Score:4, Insightful)
One of the things that rubs me wrong about F/OSS or rather complaints against it is that people assume that it takes a long time to learn how to use it, or it doesn't work well or as good as product xyz.
The plain simple truth of the matter, and I have empirical evidence, is that ANY application takes time to learn how to use it well or even at all in the matter of some of the more complex applications.
For all the fanboism over MS Office, I'm willing to bet that less than 10% of the users of that suite know how to use more than 50% of the features. Most people that I've known barely know how to type well, never mind know what setting margins or complex header/footer arrangements are for. Too many people use Excel as a database and Access as a spreadsheet. The point being that what they think they know about one application is just as easy to learn about another application and easier than learning all the features of the application that they know.
Now, I do get the point that you are saying it was probably the easiest for them to use as they got it free when they purchased a Mac. Point taken. Still no need to diss other means of editing video if all you mean is 'that was probably the easiest and cheapest option for that particular group at that particular time' ... The idea that F/OSS is difficult or incomplete is both outdated and luddite-ish. In the face of how established applications and suites are used, it makes NO sense to say F/OSS alternatives are not as good or that they are not better than those established applications.
Now, I'll do what I do with all the people I run into who ask about comptuers:
Try http://www.desktop-video-guide.com/top-5-free-video-editing-software-review.html [desktop-video-guide.com] or search on Google for free video editing software.
From the link:
Conclusion:
Microsoft Movie Maker for Windows users, and Apple iMovie for MAC users are probably the two easiest to use free video editing software programs available. Both of the products will allow you to do what you want to do with your videos. However, trying out the others, you may find that you are able to add more effects and such to your videos as well. Of all the available programs out there, these are the top five free video editing software programs available.
Also from the link:
Of course, most free software does not include the same level or quality of support that you would expect to find with software that you purchase.
Read that as 12 minutes on hold at $3.49 per minute if you want phone support, where as with F/OSS the level of support on the Internet is huge! I always managed to find someone that has posted about whatever problem I've had.
Yes, I like F/OSS, and for a reason. It has real value. Supporting it requires donations AND fighting against luddite reasoning in the greater computing community. That is not to say that I think you should not use any tool at your disposal when you require a tool. I have no problem with using something that came installed on your system rather than go install something new if you have a job to get done and it will work. I use an editor I paid for, but when needed I'll edit with vi or whatever is on the system if that is what makes the most sense for that task.
(end rant)
Re:Why is e-voting necessary? (Score:1, Insightful)
I'm the anonymous coward who posted the first "why is e-voting necessary" question (but why doesn't my post show when I reload the page??)
In the US we have a collection of folks called "TV News". They rely on delivery of titilating information to collect ratings upon which their advertising revenue is based. Without this, they have no function and many many people will be out on the street looking for work.
I already knew this, but wanted somebody from US to say it. So the summary is that the most powerful (=most dangerous for the rest of the planet) country in the world must vote in what is an insecure manner only because TV stations stockholders needs to maximize their dividends.
You better get used to the idea that the US needs something where real results are available immediately... there would be riots in the streets this year if the evening of the election Obama was announced as the winner and then a week later, after counting the votes for real, McCain was announced as the actual winner
then don't announce anything in the first evening, not even exit polls. Period. It doesn't damage democracy in any way, does it now? It should be a no-brainer for mature adults: "this better be done right the first time, so if it takes a week to do it right, so be it, because it absolutely doesn't matter. It's not like there's an election every 14 days, right?"
Re:Early vote makes your vote count (better chance (Score:2, Insightful)
I wrote a paper on that form of teh franchise years ago. The only problem is that it requires and ongoing, large scale war to provide enough veterans to keep the franchise from devolving to an oligarchy. It wouldn't work today because the percentage of veterans in society is quite small compared with the population. And you can't really try to include other "equivalent" service, because whoever chooses what constitutes an equivalent has a lot of power. Look at the exemption that orthodox Jews get from the compulsory military service in Israel.
Does anyone really WANT e-voting? (Score:3, Insightful)
I simply do not understand the purpose of electronic voting machines. Is it to ease the counting process? Speed up the returns? Provide more accuracy? All these things sound fine if you can trust the machines. But since we can't, how can it ease the counting process when we have to recruit clerks and stewards to do meticulous recounts? What good is it to speed up the returns when recounts force us to wait for days or even weeks before we can be sure of the outcome? What good is accuracy if people don't trust the results anyway? Give me a plain, simple paper ballot any day.
Re:We have a system to protect against this (Score:2, Insightful)
Yes but, as the Obama campaign is fond of pointing out, he is Not Like Other Candidates. He claims foreign policy experience based on his childhood traveling out of the country. Well, his mother was out of the country when she was married and for the first few months of her pregnancy - that is the official Obama bio. Also, it was NOT common practice for pregnant women to fly back then, and airlines didn't keep records of infants in arms either. So there is a LEGITIMATE question to be asked if he was actually born on US soil, which is a requirement for him to be a "native born" citizen. He could have answered it in a heartbeat; why didn't he?
The same question WAS asked of McCain, and the laws in force at the time support his status, and the circumstances of his birth are well documented in civilian and military records.
I mean, fer chrissake, I needed to produce a birth certificate to qualify for a driver's license when I was 16, and it needed to be officially stamped. Are you saying that Obama should be exempt from showing documentation of his constitutional qualifications to be the President of the US?
Re:Quicktime? (Score:2, Insightful)
The ability to use a search engine to find exactly what you need amongst all the junk is a rare skill that you have, and that most people don't.