Master Diebold Key Copied From Web Site

Harrington writes "In another stunning blow to the security and integrity of Diebold's electronic voting machines, someone has made a copy of the key which opens ALL Diebold e-voting machines from a picture on the company's own website. " Update: 02/06 17:40 GMT by Z : We previously discussed this story, early last year.

Déjà vu?

[daveschroeder]

Hmm, I seem to recall this story from somewhere...it sounds somehow strangely familiar...almost as if this exact thing had occurred before...

Oh, that's right, this story was covered -- right here on slashdot, no less -- a year ago [slashdot.org], complete with a link to the very same now-year-old blog post [bradblog.com], which was significantly updated [bradblog.com] at the time, and caused Diebold to remove the photo in question! (A very generic key form [freedom-to-tinker.com] was used.) Might want to update this post...

Archives - January 2007 should be a clue. Or at least one would hope.

While you guys are at it, can you fix your patently incorrect story [slashdot.org] about Iran being "offline", when it clearly and provably isn't [slashdot.org], thereby negating the main premise of the story? You know, since no one seems to care about anything sent to the on-duty editor email [wisc.edu].

Slashdot is really on fire today!

Re:

[Deanalator]

Yes, if slashdot did some automated submission comparison like digg, we might actually be able to avoid some of these dupes. Slashdot has a lot to learn from digg, and should copy it in every possible way. Maybe they can keep the cowboy Neal polls just for the nostalgia.

Re:

[jellomizer]

YOu mean we will then get the article... George Bushes caused the Master Diebold key to be copied from a Beuityful web site.

Re:

[mrxak]

No, don't you see? This slashdot dupe is just to demonstrate that with Diebold, all votes for Pat Buchanan will be duped!

Re:

[gnick]

Do you know what you get when you

copy [digg] in every possible way

?

You get digg. If you prefer digg, the address is: http://www.digg.com/ [digg.com].

Although I agree - An automated dupe checker seems appropriate for things like this...

Re:

[TheGeneration]

ugh ugh ugh!!! UGH!!!! UGGGGGGH!!!!!
I can't even put into words my level of frustration regarding these f@#$ing voting machines.

Re:

[Rude Turnip]

Having recently turned into a whore for all things Digg, Diggnation and Revision3 (cough cough same nick, no space, friend me), I can tell you at least one thing that Slashdot does to differentiate itself from Digg to keep me coming here...in many cases the articles on Slashdot's main page vs the main technology page on Digg are usually much more focused and interesting. The editors here do a good job picking which articles should receive the most attention.

Re:

[Megane]

Except that this was a dupe on digg yesterday. Oops! So much for the "automated submission comparison"!

Maybe if the submitters (and /. editors) would actually pay attention to URLs with obvious dates in them?

Re:

[Anonymous Coward]

Maybe the cables being knocked out don't really supply Iran with the internet, but rather, supply the /. editors with brain power. Now that they've been cut we're getting duped stories that are a year old and they've lost the ability to put together coherent replies to their e-mail!

Re:Déjà vu?

[dattaway]

The real story is someone hacked a Diebold voting machine to host Slashdot. Notice how this site is running slower than usual, turning out false stories, and running dupes?

Re:

[Anonymous Coward]

You must be new here.

Re:Déjà vu?

[elrous0]

The truth is that "Zonk," "CowboyNeal," etc. are actually just programs running on a server in Wisconsin. But the programs have a serious memory leak problems which only get worse if the server isn't rebooted ever few months. The guy who was supposed to reboot it this time couldn't afford the gas to Wisconsin.

Hey!

[the_fat_kid]

I live in Wisconsin you insensitive clod.

Those things you call "memory leak problems" we like to call "social drinking"

and by "reboot" I asume you mean "rehab"

Re:

[emmons]

Rehab in Wisconsin? Blasphemy! We don't rehab, we just pass out before starting again the next day...

Re:

[whitehatlurker]

Actually /. hacked the voting machine on its own and President Taco will address your other concerns in his next address to the nation.

Re:

[LifesABeach]

I now hold the "key" to becoming the next president. Can this key do anything else? You know? Something useful?

Re:

[jadin]

It's only slow because it's hosted in Iran.

Re:

[Anne_Nonymous]

So you're saying this is Diebold news?

we're neighbors!

[emmons]

Hello from just down the street! [google.com] Except google maps is off by about 50 feet or so. I'm in the KHK [khk.org] house on the other side of the street.

Re:

[PIBM]

You forgot to say that diebold dropped the voting system part of the company about 9 months ago because it was a low-margin business and hurting the image of the company =)

Slashdot is on fire...

[eclectic_hermit]

Now that is news... It should appear as a new article any moment, thanks dave, for the heads up!!!

.

P.S. May that explains why people thought Iran was down. The people at Slashdot assumed that since we could not ping Iran, that their internet was completely down. Maybe they should have checked the Slashdot router, that was apparently on fire!!! But then agian, no "good" admin would check thier own equipment/lines first..

Re:

[iiiears]

This story is years old and has been carried nearly everywhere once or twice. Still it may be worth better understanding. Check youtube for "Hacking Democracy" or google Bev Harris,Andy Stephenson,Harri Hursti for the complete story.

Dupe...

[vidarlo]

http://digg.com/politics/Diebold_Posts_Image_of_Master_Key_to_Website_Hackers_Make_Real_Master_Key [digg.com] http://www.freedom-to-tinker.com/?p=1113 [freedom-to-tinker.com] It's about one year old. And I'm sure that I've seen it on slashdot quite a while ago.

Re:

[imsabbel]

Yeah, its also a dupe on slashdot.

But yeah, even that digg story mentioned thats its a dupe, and no news.

But nowadays slashdot has to copy digg dupes. sad.

Details of picture in case of slashdotting

[Anonymous Coward]

The picture was of a piece of luggage with the combination of "12345."

Pretty damn stupid to use that as a master key.

Re:

[Nimey]

And change the combination on my luggage!

One step closer anyway?

[posys]

Well now, this is an important development if true, and even if it is not, or just disinfo from Diebold playing double/triple reverse psychology, this may actually just be one more...

...step closer... to...

...what you know, is true for you too...

THE INEVITABLE LOOMING ROLLOUT of THE ROBOTIC WAGELESS ECONOMY

http://roboeco.com/dlobeid [roboeco.com]

Re:

[Jugalator]

Yeah, either this is from Digg, or from Reddit. I saw the same old today on Reddit... I haven't bothered comparing the dates to see who was first though.

But it's an interesting new problem in social news reporting. News tend to spread like wildfire, but that also includes bad or confusing reporting. This isn't the first time it has happened, at I predict it will become tremendously more common in the future, the more interconnected and popular social news sites like Slashdot (it now is one too especially si

USA to the rescue

[rdradar]

Soon on Slashdot: USA bans images on the internet as a safety method, "Evil hackers posting these so called images danger our protections, and we have to ban them all".

Re:

[BigJClark]

Won't bother me none. We'll go back to lynx browsers and the spammers, 14yold kids, and con-artists will go the way of the Dodo. I long for the good ole' days :)

Re:

[SnoopJeDi]

I'm not really sure why anybody would go back to lynx who doesn't already just use it. There just wouldn't be images to view in [browser of preference].

Nostalgia: I remember when I understood it.

Slashdotted - link to google cache

[dk90406]

http://64.233.183.104/search?q=cache:FcvferlnsJAJ:www.bradblog.com/%3Fp%3D4066+site:.bradblog.com+diebold&hl=en&strip=1 [64.233.183.104]

Slashdot

[Taimat]

With the way it's gone so far today, apparently, slashdot is hosted in Iran.

Re:Slashdot

[TubeSteak]

I keep getting this error message
Am I reading too much into it?

503 Service Unavailable
The service is not available. Please try again later.

Spreading Democracy Begins at Home

[Doc Ruby]

Any country making both democracy and security its highest priorities for years, even at cost of a perpetual state of emergency, suspended liberty, thousands dead and many tens of thousands wounded (multiplied in the non-American casualties), unsupportable debts, alienating allies and activating enemies, would immediately remove these untrustworthy machines and never allow their vendors or technologies into the critical path of its government again.

Such a country would never have allowed such a risk at all, either before or after such vulnerabilities were publicly exposed.

But instead, this story will become a footnote. Precisely because there's an election going on. An election that is threatened by these untrustworthy machines.

Since those priorities were set and executed by a government installed on the reports of these kinds of untrustworthy machines, I guess we've got everything we deserve.

Re:

[fishbowl]

The good old "No True Scotsman" argument.
Very persuasive. Bravo.

Re:

[Doc Ruby]

My statement isn't a logical fallacy of redefining a label up to deny contradictory evidence. It's a simple statement that the US isn't living up to its basic defining characteristics, even while we base extreme actions on claims of those characteristics. It's a demand that we change, not an excuse that the country isn't guilty of those things.

Or do you think that demands to meet expectations, especially expectations that are created by insisting they're essential and to be forced on others, are never reaso

Re:

[bughunter]

You seem to be misunderstanding the plan. The easiest way of "spreading Democracy" to the parts of the world under the rule of despots and corrupt plutocrats is not ridding the world of despotism and corruption.

No, it's by redefining "Democracy at home" to include despotism and corruption.

So far, their plan is working well.

Re:

[mi]

But instead, this story will become a footnote. Precisely because there's an election going on. An election that is threatened by these untrustworthy machines.

Although, indeed, appalling, the threat is overblown. AFAIU, it would still require someone to visit each machine in person in order to affect its results. This simply is not enough to sway the overall results of an important election.

Even if the "swingiest" district of the "swingiest" State is attacked via this exploit, the "winner" would still n

Re:

[Doc Ruby]

Gore v Bush 2000 550 votes

Re:

[mi]

Gore v Bush 2000 550 votes

Yes, with balances like that a very little bit of fraud can really go far. Such fraud can be performed with or without the hackable voting machines. Like I said, I am not sure, the Diebold machines being discussed make the situation noticeably worse...

Re:

[Legion303]

"Whether Diebold-machines make the situation worse is not immediately obvious..."

This would depend on your definition of "situation." If you mean "rigging an election" you're right, but if you mean "finding out an election was rigged," you aren't.

Re:

[the honger]

from the pool of candidates (Obama, Clinton, McCain, Romney, and Huckabee) we have a winner...please welcome the next president of the United States, George Bush!!

Stupid tags

[Buran]

Dupes aside, WTF is with the insane and stupid tags? I thought a system was implemented that would wipe out crap like "haha". It's driven me nuts for a long time and I was glad when the system was "fixed". Looks like it re-broke.

But then, this from the software that STILL doesn't have an edit button!

Re:

[athdemo]

There isn't an edit button for a reason. Also, almost every article receives mainly useless and redundant tags. For example, this article has been tagged about 7 different ways regarding it being old. Give it enough time and hopefully those tagging articles in such a way will be banned from tagging anything at all.

Key

[Tribbin]

Does it open the website also?

Well...

[HeavensFire]

you know, i love technology and computers, and i've had many years of experience with programming. but i have always said there are places that computers just don't belong -- and this is one of them. an exclusively electronic voting method just isn't a wise decision.

but i truly believe an electronic/paper hybrid could be developed which would make voting much more secure than electronic voting, while at the same time producing the quick results that everyone seems to want.

just as an example -- i think a mac

Re:

[Miseph]

I've got an even better one for stamping out abuse... use paper ballots designed such that each potential vote is listed on one line with a hollow oval at the far end, then have each voter fill in the appropriate dot with a provided pen and run the ballots through a machine designed to read such ballots and compile the results as appropriate.

You know, the same way that many institutions grade multiple choice exams.

The best part is that this is not only comprised entirely of existing technology, but that it

Re:

[friedmud]

Are you being serious? You do know that many people already vote this way, right?

I grew up in Missouri and every time I've voted it's been this way. You use a black felt tip marker to fill in the oval by the candidates you want to vote for, then feed it into the machine when you're finished. The "machine" is just a reader on top of a secure "bucket". It reads and tallies immediately... but the paper trail still exists in the case of a recount. The ballots themselves are _very_ easy to understand and ma

Re:

[Buran]

I'm in St. Louis County and we have touchscreen machines here, with a paper trail that you can verify, or punch (stylus) machines -- you get to choose. I haven't seen the marker/oval type here.

Re:

[Miseph]

Reasonably serious. Remember the 2000 elections when the big deal the day after was how confusing and unclear Florida's ballots were in many jurisdictions? Remember how Pat Buchanan managed to win in some communities that were primarily made up of Jewish retirees from the North (a traditionally liberal demographic, and certainly not the types to vote for somebody who is openly anti-semitic)?

So you know, the voting process that you (and I) described is exactly how voting works here in Massachusetts as well,

Re:

[HeavensFire]

there you go, proof of concept. ;-)

Re:

[Forbman]

except in most states the ovals have to be large enough to accept the dots left by Bingo markers.

Well...

[Black Parrot]

What's the problem? We've all been demanding "open" elections.

Social Engineering

[ObiWanStevobi]

While this story may be old, it was not a major election year when it ran, and all the e-voting problems still have not been fixed. So it is at least worth mentioning again, I think. Also, this story serves as a reminder that the most fearsome element of malicious "hacking" is not some geek with uber skills in a dark room, it's the information we willingly give out without realizing the danger.

Ok, I done trying to be constructive. I always was mostly a crowd follower, so here goes: Slashdot sucks and I hate them for posting this story.

Re:

[Snuhwolf]

So apparently no one has read the article on bradblog? The problem isn't fixed. Diebold has just substituted a jpg of a digital key in place of the original easily-made mechanical one. If you care about the security of voting theres also a convienient link to the VelvetRevolution site where you can lobby your congress critter to change things.

Slashdot's Downward Spiral

[PortHaven]

In the past year or two Slashdot has been IMHO on a downward spiral. Enough so, that if I had stock - I'd be selling it off.

I personally attribute this downward trend to the site's decision to become more political and less geeky. More and more I feel as if I am reading a political blog rather than a geek science & tech blog.

Good article submissions are passed up. Interesting news never posted. And numerous politically charged items find themselves reposted repeatedly - sometimes simply as a link to a

Re:

[BronsCon]

It will stop when Bush's successor (or sucksessor, as the case may be) is chosen. It will start up again in roughly three more years if we don't generally like the government of those four years, either; six, otherwise.

You must not be American? That's fine and dandy, after all, this is the World Wide Web. Keep in mind, however, that /. is hosted in America, is run by an American company and has a userbase that is comprised of a majority of Americans. If you are American, then SHAME ON YOU for discouraging p

Re:

[PortHaven]

First off...
a) I am American
b) I vote and I discuss

Second, I have no issue when political discussion arises in the replies and responses. But I do get sick of the politicizing of what was mainly a non-political site.

Or maybe, what I am really sick of, is Slashdot's recent "campaigning" for politics. It'd be on thing if people of all political persuasion had free access in posting articles. But when one side is being fanned, and being fanned by multiple duplicate and redundant postings at every opportunity

Re:

[BronsCon]

You're right. You can leave. You can also post articles supporting your views. If enough people are posting those articles and enough people are voting them up in Firehose, eventually, they'll make it on the site.

Slashdot is becoming more and more community driven, in case you haven't noticed. That means more and more of what actually makes it on the site is going to be geared toward what the majority of readers are interested in on any given day. It just so happens that, right now, one of the leading topic

Re:

[PortHaven]

FYI, I do contribute...

Alas, the case has been, my articles get rejected.

For example submission for the 1 ton rodent, and my submission for the 1 million vaccine doses recalled were rejected.

So we could post duplicate political entries instead!

Re:

[Megaweapon]

Can we stop with the "politicizing" of Slashdot. And return to geekiness of nerdworthy news - thank you!

This will never happen. The Slashdot folks found that, prior to the 2004 elections, adding a "Politics" section was click-bait ad revenue heaven. As long as there are politicos here Slashdot trying to shove politics down the rest of our throats (complete with dupes and wrong summaries) is here to stay.

If they'd post the vote...

[fahrbot-bot]

...the machines are pre-programmed to cast, someone could photocopy that and save us all the trouble of actually voting.

main stream?

[phrostie]

so why hasn't this hit the main stream media?

Re:

[Fatal67]

Maybe because the article is well over a year old?

E-Voting is officially dead

[DragonTHC]

This is the buzzkill for me.

It's all bought anyway

[Teflon_Jeff]

I wonder if Diebold makes campaign contributions. I wonder if Campaigns make "Diebold" contributions.

Bad move

[Z00L00K]

First it's a bad move to post the actual key on the website. Maybe it works on their ATM:s too?

Second, from the appearance of the key it seems to be a lock that's EXTREMELY easy to pick so the effort to make a copy - even by trial and error - would be small.

So if everybody that knows that Diebold machines are in use during an election makes their own key and just unlocks it and leaves the machine open... That could be for some interesting news. Votes dismissed due to irregularities - 50%. Just make sure that the machines is in the counties populated mostly by your opponent.

And - what stops one from ordering keys from Diebold?

Re:

[cgenman]

Why would you need to make a key? A lock like that can probably just be raked with a little tension applied in about 10 seconds.

The faith that people put into locks like this is astounding. It is there just to stop people from casually pulling out the card. Anyone who really wants to swap cards still can with relative ease.

Re:

[bughunter]

Indeed. We all recall the Princeton report earlier this year that described the locks as so ineffective that they could be picked with a "common office implement" in under 30 seconds. Don't we?

SFX: WAVY FLASHBACK LINES

The lock is easily picked--one member of our group, who has modest locksmithing skills, can pick the lock consistently in less than 10 seconds. Alternatively, this slot can be reached by removing screws and opening the machine. Some attackers will have access to keys that can open the lock

What a joke

[hyades1]

Supposedly, the old-fashioned paper ballot method is supposed to be too expensive and in need of replacement. It's awfully hard to pretend when a hundred thousand slips of paper go missing. A rigged e-vote? Who's going to know, as long as the cheaters are even a little creative?

How would you like to explain to the grandkids how you pissed away your democracy because you were too effing cheap to fork out a few bucks to maintain it. Dump these machines, fork out the bucks and do it right. I'd have thou

Just order the key.

[Animats]

You don't have to make your own key. Diebold will sell you one. "Replacement Access Keys", part number GS-567311-1000, $5.90/set of 2. Order by phone, 1-800-769-3246. Operators are standing by.

Protein versus Electronics

[fpgaprogrammer]

Who the hell ever thought it was a good idea to let a robot count our votes? Can't we just use mechanical turks that cost less to maintain? There are probably enough protein machines willing to do it in an open and secure manner and for free. It just seems like a ludicrous waste of money, certainly not worth the ROI for something used a couple days out of the year. The risk of tampering is also obvious since Diebold must have friends in political places to convince them to grossly overpay for a few 74LS163s

Spaceballs

[Ilan Volow]

That's the kind of thing an idiot would have on his luggage.

Re:

[El_Oscuro]

Thats the key I have for my luggage! I can't find the key and have to use a screwdriver to open it now. How did Diabold get it? Has my luggage been pwned?

And speaking of voting rights ...

[jdp]

... there appears to have been massive voter disenfranchisement in California. Julia Rosen's Count Every Vote in Los Angeles [crooksandliars.com] on Crooks and Liars (also on Courage Campaign's site) and Double Bubble Trouble [bradblog.com] on Brad Friedman's voter rights blog are both following this.

Please explain

[slackaddict]

Can someone please explain to me why an electronic voting machine is a Bad Thing(tm)? Just about everyone electronically manages their financial transactions and trusts ATM's, which are arguably more important and touch more people than the 50% (or less) that vote... If we can develop machines that accurately track billions of financial transactions every second, why can't we develop a machine that can count votes?

It just seems strange to me they're so vilified. Is it the companies that are developing th

Re:Please explain

[epsalon]

The major difference here is a subtle but important one. With the banking system, if someone manages to get money or goods they are not entitled to, someone will be missing that money or goods and that someone will know about it once they take inventory or reconcile the numbers. These systems are routinely attacked and banks do lose money to fraud, and they invest in security enough so that the cost of fraud is less than the cost of the security measures.

With voting, the party that loses due to fraud is the public, and especially if there is no paper trail, there is no way to prove that any fraud did actually take place. It's very easy to make machines that count votes, it's basically impossible to make those machines such that no one involved could manipulate the results from the election officials, executives, programmers, and voters. With a paper election, the fraud-proofness is guaranteed though the fact that votes are opened with representatives of the various parties in place, and tallies are signed and published so that any fraud could be easily detected by the interested parties.

You trust ATMs?

[argent]

Can someone please explain to me why an electronic voting machine is a Bad Thing(tm)?

If something goes wrong with your ATM you know it happened right there when it happened, you contact your bank and get it fixed right then. And even then, you don't really *trust* the ATM. At least I hope you take your paper receipt, and check your balance, and if they don't match you can STILL call the bank about it.

If something goes wrong with your voting machine you NEVER know about it, because you don't get any feedback

I don't think it unlocks ALL Diebold machines

[J3zmund]

I worked the Polls in San Diego yesterday as a Precinct Inspector. The Diebold machine we had (for special-needs voters only) did not use this type of key. It needed a key more like a bicycle lock's key.

Re:

[Legion303]

So a pen cap, then? Good to know.

why bother?

[nguy]

These kinds of locks are trivial to open with a lockpick. Why go through all the trouble making a key?

(I suppose it may look a little more "official".)

Re:

[mrv20]

It acts as a deterrent from casual theft of the cards from the machines. I think many more people would consider taking a can of coke from an unattended cupboard than from a vending machine, even if the vending machine lock were as trivial to pick as the Diebold one - it's more effective as a psychological barrier than a physical one.

We probably should put something similar on our demo units - a sharp-eyed colleague spotted an attendee at CES this year trying to walk away with the memory card from one of

Democracy as Ebay?

[smchris]

The last person to change the Access database before the time runs out wins?