The Voting Machine Anyone Can Hack

Presto Vivace writes about a study published by the Virginia Information Technology Agency outlining just how bad the security of the AVS WINVote machine is. "Virginia election officials have decertified an electronic voting system after determining that it was possible for even unskilled people to surreptitiously hack into it and tamper with vote counts. The AVS WINVote, made by Advanced Voting Solutions, passed necessary voting systems standards and has been used in Virginia and, until recently, in Pennsylvania and Mississippi. It used the easy-to-crack passwords of 'admin,' 'abcde,' and 'shoup' to lock down its Windows administrator account, Wi-Fi network, and voting results database respectively, according to a scathing security review published Tuesday by the Virginia Information Technologies Agency. The agency conducted the audit after one Virginia precinct reported that some of the devices displayed errors that interfered with vote counting during last November's elections."

"shoup" is not easy

[turkeydance]

ever tried shoupping?

Actually that is the easiest one...

[Ecuador]

The name of the company that made these, was Shoup. I guess they would have changed that password to "AVS", but their (ridiculously easy) passwords are actually hardcoded, so it was too much work I guess...

Re:

[JMJimmy]

shoup is very easy when it's printed on the side of the machine.

To me voting machines are something that should be handled by the open source community. 100% transparent, by the people for the people in every sense, and ultimately supported financially by governments who buy the machines.

Re:

[mlts]

To me, there needs to be a paper trail. Like the lottery issue a few days ago, if someone tampers with the RNG and does it in a manner that their modifications can be backed out, there is no way to tell it was done.

This doesn't have to be in a way that causes hanging chads. It just has to be a way of logging people's votes to a physical medium that is both machine readable and human readable.

This way, when someone votes, they get a paper ballot printed out that they can doublecheck. Then it shouldn't be

Re:

[Anonymous Coward]

I don't know about "shoupping," but the voters are getting a good schtupping from these machines.

I've got the same combination on my luggage.

[wisnoskij]

https://www.youtube.com/watch?... [youtube.com]

windows? diebold you can do better and does this

[Joe_Dragon]

windows? diebold you can do better and does this work on there windows based ATM's as well?

Who certified them?

[Holi]

How the hell did something like this get certified in the first place? Seriously, there needs to be an investigation into that and heads should roll.

Re:

[OneSizeFitsNoone]

It matched perfectly customer's requirements, of course!

Re:Who certified them?

[PopeRatzo]

How the hell did something like this get certified in the first place?

How, indeed.

This is not the first time Diebold’s been accused of bribery. In 2005, the Free Press exposed that Matt Damschroder, Republican chair of the Franklin County of Elections in 2004, reported that a key Diebold operative told Damschroder he made a $50,000 contribution to then-Ohio Secretary of State J. Kenneth Blackwell's “political interests” while Blackwell was evaluating Diebold's bids for state purchasing contracts. Damschroder admitted to personally accepting a $10,000 check from former Diebold contractor Pasquale “Patsy” Gallina made out to the Franklin County Republican Party. That contribution was made while Damschroder was involved in evaluating Diebold bids for county contracts. Damschroder was suspended for a month without pay for the incident. Despite the scandal, he was later appointed as Ohio Secretary of State Jon Husted's Director of Elections.

Diebold was at the center of Ohio’s 2004 election debacle, much of this captured in an article by Free Press Senior Editor Harvey Wasserman and this author, entitled, “Diebold’s Political Machine.” Walden "Wally" O'Dell, chairman of the board and chief executive of Diebold, was a long-time funder of Republican candidates. In September 2003, he held a packed $1,000-per-head GOP fundraiser at his 10,800-square-foot mansion Cotswold Manor in Upper Arlington, Ohio. He was feted as a guest at then-President George W. Bush's Texas ranch, joining a cadre of “Pioneers and Rangers” who pledged to raise more than $100,000 for the Bush reelection campaign.

Most memorably, in 2003 O'Dell penned a letter pledging his commitment “to helping Ohio deliver its electoral votes to the President.” O'Dell defended his actions, telling the Cleveland Plain Dealer “I'm not doing anything wrong or complicated.” But he also promised to lower his political profile and “try to be more sensitive.” But the Diebold boss' partisan cards were squarely on the table.

Prior to the 2004 election, Blackwell tried to award a $100 million unbid contract to Diebold for electronic voting machines. A storm of public outrage and a series of lawsuits forced him to cancel the deal. But a substantial percentage of Ohio's 2004 votes were counted by Diebold software and Diebold Opti-scan machines which frequently malfunctioned in the Democratic stronghold of Toledo. It was revealed in 2006 that Blackwell owned Diebold stock.

Diebold's GEMS election software was used in about half of Ohio counties in the 2004 election. Because of Blackwell's effort, 41 counties also used Diebold machines in Ohio's highly dubious 2005 election.

Also in the Ohio 2004 election, a whistleblower leaked documents revealing that Diebold had allegedly used illegal, uncertified hardware and software during California election.

Re:

[Holi]

Why are you talking about Diebold? The article is not about Diebold voting machines it's about the AVS Winvote. I know all about Diebold's history in with regards to voting machines but that has shit all to do with this article.

Re:Who certified them?

[Anonymous Coward]

Howard T. Van Pelt, co-founder of Global Election Systems (now Diebold) became president and CEO of Advanced Voting Solutions in June 2001.

Re:

[Holi]

I did not know that, thank you

Re:

[PopeRatzo]

Why are you talking about Diebold?

I'm not "talking about Diebold". I'm talking about how voting machines get certified. I'm talking about where the money comes from. I'm talking about why there is such an effort to change election technology when there is no evidence the old technology is broken.

but that has shit all to do with this article.

The history of how it was decided that elections in the United States had to be automated has everything to do with this article.

Re:

[seven of five]

Despite the scandal, he was later appointed as Ohio Secretary of State Jon Husted's Director of Elections.
So the bloody butcher knife in your hand looks bad, but as long as you play a good game of golf with your buddies, you're in.

Re:

[account_deleted]

Comment removed based on user account deletion

Re: WinXP, of course?

[manu144x]

What does it matter? XP is just fine for a stupid voting app. Besides, it could be running an alien operating system, if they leave the user to admin/1234 it's still not gonna be secure.

Re:

[Anonymous Coward]

No - that would be "Advanced Votes For Sale" :)

Ticket closed: By design

[GoddersUK]

It's our new feature "DBS" or "double bluff security" to protect against brute force attacks. You see, no one would think we'd be stupid enough to secure a voting machine's admin account with the password "password" so they'd never try it. Ergo it's unhackable. (Also "WinVote" - that's an appropriate name: the machines let you "win" extra votes...)

Paper trail

[ArcadeMan]

In Canada we use paper ballots and we know the outcome of an election in less than 24 hours.

What the fuck are you U.S.A.sians doing?

Re:

[PopeRatzo]

What the fuck are you U.S.A.sians doing?

Rigging elections keeps us free. Aren't you paying attention?

Re:

[dryeo]

Unluckily our government is paying very close attention.

Re:

[Anon-Admin]

Thats easy, we first take a bunch of old people who still have VCR's with the clock blinking 12:00 and we ask them to evaluate the new fangled electronic voting system.

They then set the criteria of what is needed.

1) Does it power on?
2) Can I figure out how to enter my voter?
3) Can my grandson tell me how to change the votes so the "Right" people win?

Re:

[Jason Levine]

Bah. That's the backwards way of doing it. Here in the US, we award expensive contracts to large companies so they can make huge profits while delivering sub-par voting machines. The politicians win (in the form of bribes from the large companies and votes "redirected" to them) and the large companies win (aforementioned huge profits) so it's a win-win. Yes, the voters themselves lose, but that's not important when designing voting machines, right?

Re:Paper trail

[CastrTroy]

I love the Canadian paper voting method and I hope it never changes. However, there are some differences between the Canadian System and the US system. In Canada, we usually only have one thing on the ballot. Either it's a federal election and you vote for your MP. If it's a provincial election you vote for your MPP. If it's a municipal election, there maybe be three things you can vote for, like mayor, city councillor, and school board trustee. But that's about as complicated as it gets. Compare the US election ballot [guim.co.uk] with a Canadian election ballot [elections.ca]. You could see why they might want to use a computer so they can lay things out a little more clearly. Ask one question per screen and it becomes a little less daunting. However, I think that if they are going to use computers to make the voting easier, it should really just be used to enter and print out your ballot, which is then deposited into the ballot box and counted manually.

Really though, I don't think computers should be used at all. I've heard too many stories of polling locations not having enough machines and people having to wait hours in line to vote. The greatest part about the Canadian system is that It's never taken me more than 10 minutes to vote, and I've never had to travel more than 10 minutes to vote. I usually just stop by on my way home from work. I once lived in a highrise apartment that had it's own polling station. They basically have one in every school. It's so effortless. And yet we still don't have enough people voting.

Re:

[blane.bramble]

Why not do what the UK does and use a separate piece of paper for each, and maybe vote on fewer things at any one time?

Re:

[Noodles]

Apples and Oranges. How many races on a UK or Canadian ballot? Two? Go ahead and hand count those. Americans typically have dozens of races.

Re:

[Bob the Super Hamste]

Yet here in Minnesota we can still use paper ballots where one just fills in the bubble and sends them through the scantron like machine. We are able to get results shortly after polls close unless a hand recount is needed, the machine is very accurate at counting ballots, and there are paper ballots that in case of a recount or other questions can be manually inspected by anyone with at least one functioning eye.

Re:

[CastrTroy]

Why so many though? What are the politicians doing if the people have to vote on everything anyway? Isn't the whole point of electing a representative so that they can represent you. How can a voter possibly be expected to be informed on who is the best candidate for dozens of different positions in government?

Re:

[ArcadeMan]

Any vote given to a candidate technically goes to the party, and the party's summed-up vote count tells how many seats they get, which are then filled by the candidates by the order of most votes received.

That's the most sane thing I've ever heard in my life. Are you sure this is politics?

Re:

[PsychoSlashDot]

What are the politicians doing if the people have to vote on everything anyway? Isn't the whole point of electing a representative so that they can represent you.

Can't be done. You won't find an electable candidate who shares my views on important topics.

Representative government is a necessity, but it's still important to give them explicit and clear mandates on especially important topics. I trust politicians to decide day-to-day topics, but when it's big things like anti-terrorism-snooping laws, or going to war with another country, or human rights issues like gay marriage, there should be a mechanism for the public to be heard. "I don't care what party you

Re:

[Anonymous Coward]

>Why so many though?

We have MANY levels of government in the US which are run very different in different locations. City, town, county, state, federal. Just one example, can be more. Some states (any many cities) allow certain laws to be enacted by popular vote, some do not. Some cities fill different positions with popular vote (school board, judges) and some are appointed by elected officials. Basically, its a huge mixed bag on what you actually vote on. Sometimes certain things must be voted on, exam

Re:

[account_deleted]

Comment removed based on user account deletion

Advanced Voting Solutions

[Anonymous Coward]

Considering the company gave $32M to various democratic campaign orgs during the 2012 election cycle, this should come as no surprise.

It is absolutely no coincidence that VA and PA, both reddish states, and both critical to Obama's re-election, somehow fell to the blue category using these voting machines.

I'm not even a USAian, but even I can see that your election system is a total fraud.

Re:

[Zontar_Thing_From_Ve]

Considering the company gave $32M to various democratic campaign orgs during the 2012 election cycle, this should come as no surprise.

It is absolutely no coincidence that VA and PA, both reddish states, and both critical to Obama's re-election, somehow fell to the blue category using these voting machines.

Democratic supporters in 2004 claimed that Ohio was "stolen" to help Bush win re-election. It seems funny to me that the losing side always claims the winning side cheated. If the Republicans cheated in 2004, then why did they lose Ohio in the two following elections? I know it's always fun to tout conspiracy theories, but the simple truth is that in presidential elections, a significant number of Democratic supporters vote that can't be bothered to go to the polls otherwise. Florida went to Obama in 2

Re:

[bondsbw]

simple truth

No, the simple truth is that these are really the same folks no matter the letter beside their name. Some of them even switch the letter by their name when it becomes convenient, and the sad truth is, many people don't even realize it.

Re:

[Holi]

I have searched high and low, so do you have any source for your assertion. I can't find any listing of political donations from AVS.

Re:

[StikyPad]

Virginia is overwhelmingly Democratic at the state executive level, so it's not that surprising that they voted Democratic at the Federal level. Most of VA's population growth over the past decade has been in the urban and suburban NOVA and Tidewater areas as well, which are Democrat voting strongholds.
https://en.wikipedia.org/wiki/... [wikipedia.org]

PA has been voting Democratic for decades, so it seems neither of us know WTF you're talking about.
http://www.270towin.com/states... [270towin.com]

Rank Amateurs

[gsslay]

This is about as bad as software development can get, never mind software that's supposed to have basic security. It all points really to a package written by rank amateurs who had no idea what they were doing designing software, far less having the beginnings of a clue about hardening their software to attack.

I mean, hard coded passwords? Really? Hard coded passwords that are this obvious? It's staggering incompetence. Was this written by a self-taught hobbyist over the course of a weekend?

Re:

[Anonymous Coward]

No, these were professionals. Amateurs would never be this inept.

Re:

[koan]

Yep.

Re:

[Bigbutt]

Hey! I'm a self-taught hobbyist and I could do a better job of it :)

[John]

Re:

[benjymouse]

As I read it, it was not an issue with the developed software (although there may be issues there as well), but rather an issue with the *setup* of the machines. It was not the developers who failed (passwords not hardcoded) but rather the admins deploying the machines were braindead and the auditors obviously clueless. For something like this they shold have used an randomly generated password or simply shut themselves out of the system (which is possible on Windows).

Your premises are 180 degrees out of phase

[Anonymous Coward]

They don't want to have basic security. They want them to be easily broken into. They want it that way so they can get the results they want. The software works perfectly to that end.

Remember: it's not the voters that count, it's who counts the votes.

Huh

[koan]

Well lets get a grayhat team over there and make sure Virginia votes entirely for Mickey Mouse.

It's about time we had a rodent American in office.

Re:

[Bob the Super Hamste]

Unfortunately that would be easily recognized as a glitch. Really what people should do is rig it so that 3rd party candidates start winning entire precincts and make the existing 2 major parties minor parties. For example in Minnesota if your party falls below 5% of the vote in a statewide election it looses major party status. This means it doesn't get automatic ballot access (state law), and also won't be included in any debates(rules setup up by the local media).

If you are going to hack democracy why

Re:

[koan]

Pssst.... It was a joke.

Re:

[Bob the Super Hamste]

I got the joke, just carried it a bit farther.

After Ohio and Diabold

[Bonzoli]

Its fairly obvious these are features built in on purpose. Its never a mistake when a profesional that specializes in a field suddenly produces a product with problems such as buffer overruns in key security components that were magically not vetted. Look at Ohio and how Bush got a presidency, and the machines in place.
This was done on purpose, using crap, making it easy, and hard to track when it happens. Surprise our experts didn't think of that, right!! Its all smoke an mirrors to abuse a system th

Windows you say?

[davidwr]

Unless this was a stripped-hown, hardened version with nothing but a custom kernel and custom-everything else with all unnecessary bits stripped out and hardening put on top of it, I wouln't trust it unless it had a voter-verified, human-manually-coutable paper ballot as part of the voting process for every vote.

Wait, what am I saying? Even if it was stripped and hardened, I wouldn't trust any voting system that didn't have a way to print a ballot that the voter actually saw which could be examined in a ma

That's it?

[Minwee]

Only people can hack it?

A real voting machine should be hackable by a chimpanzee [youtube.com].

Virginia Information Technologies Agency

[bugs2squash]

If the state's Technologies Agency is equipped to produce damning reports, why wasn't it engaged to do so before the machine went into service ? The state can't make the case it was hoodwinked and simultaneously show it has the chops to uncover what was wrong.

Norway

[ThatsNotPudding]

I once asked a man visiting us at work from Norway what voting system they used. "Paper and pen and then we count them.", he said with a facial expression as if I'd asked him how he normally cooked his offspring for consumption.

You only need voting machines for one thing: FRAUD. Fuck the corporate-owned networks wanting a winner two minutes after the polls close; if it takes a few days to count manually marked paper ballots openly, fully, and properly, SO BE IT.

You mean... any of them?

[Rujiel]

Why should a company like Diebold care about security when they know they're guaranteed a no-bid contract?

Lack of an air gap, the first mistake

[grilled-cheese]

What person in their right mind thought giving these things any kind of network connectivity was a good idea? Have we not learned from stupid decisions by SCADA system architects/administrators? If a network exists, the scale of a breach that will occur goes up drastically. A human being needs to be involved to physically relocate a certified write-once component from each machine to a central aggregator and then seal those removed components for audit verification. If I can have a hash verified write o

Unskilled people

[Darinbob]

What do they imply by "even unskilled people" can hack them. Do they think it's ok for skilled professionals to be able to hack these machines? Those are the ones to worry about.

Truly democratic

[manu0601]

.

If anyone can hack it, then voting machine got truly democratic.

The voting process is just a bit skewed: the last to cheat votes for everyone, but at least it can be anyone.

Re:

[GoddersUK]

whether it's possible to produce a viable internet voting system

The big problem is creating a system where votes are both verifiable (alone, easy: PGP sign them) and where the secret ballot is maintained (alone, easy: use TOR). Nobody's yet come up with a viable way to combine these two required features.

Re:I'd Like To See Electronic Voting Work

[CastrTroy]

The biggest problem with designing an electronic voting system is how the voter and election officials are supposed to verify that it's running the correct system on election day. Let's say they did develop a perfect system that was proven to work. How do I verify that said system is even running on the computer when I walk up to it on election day? It could be any system that just shows the proper screens to verify that it is a legitimate system. The only way for me to be sure that my vote was counted correctly would be to be able to check later on some secondary system, which would remove the secret ballot feature.

Compare this to a paper ballot system, where everything is completely transparent. I can watch them seal the empty box at the start of the day, watch my ballot go into the box, and then watch all the ballots be counted at the end of the day. It's easy enough for a 10 year old to understand exactly what's happening. There is very little ability to mass game the entire system. You might be able to put a couple extra votes in a few boxes, but it would take a huge conspiracy to vastly shift the vote across multiple polling stations. With voting on computers, it could be done quite easily.

Re:

[Lennie]

If any electronic voting system is going to work, it would be a system that prints what you've voted so the voter can see what he/she voted. And then you have a separate electronic counting of those pieces of paper.

That way you have faster counting of votes and still everything on paper as back up.

Now I know in the past they had some what similar systems in the US and they had problems with printers not working, so I don't know if they'll ever get it right.

There are also a whole lot of people who use terms

now you have two problems.

[goombah99]

If any electronic voting system is going to work, it would be a system that prints what you've voted so the voter can see what he/she voted. And then you have a separate electronic counting of those pieces of paper.

Now I know in the past they had some what similar systems in the US and they had problems with printers not working, so I don't know if they'll ever get it right.

There are also a whole lot of people who use terms like math/encryption or blockchain.

So far I haven't seen a system that works.

It does however make for interesting presentations:
http://media.ccc.de/browse/con... [media.ccc.de]

Good lord, that did not make the problem better, you just have all the problems of both and none of the advantages.

And a photo of any such paper would allow you to prove how you voted which is antithetical to the secret ballot. Conversely a photo of a marked paper ballot is not proof of how you voted since it's not counted until it is invisible in the ballot box or optical scan. The voting machine makers tried to do something like that with a rolled continuous paper ballot printer the voter could see. Ho

Re:

[sjames]

I see no reason why a voter can't receive a receipt containing a signed hash for each vote and a website that allows a hash to be verified against the votes cast. They still have no idea who the hash belongs to, but if there is a hash that doesn't match a recorded vote in the database, uh-oh.

Re:

[goombah99]

how are you proposing to salt your hash so that idenitcal votes are not identical hashes? And also does your scheme allow vote selling?

Re:

[sjames]

Salting is a simple enough matter, just a few random bits, much like the salt in a password hash.

As for the rest, I suggest facilitating the process of selling bogus votes. That is, any polling machine can be used to freely generate a bogus voting receipt which will appear to validate at the website but has a void flag set. For extra fun, someone validating a bunch of voided ballots (that they cannot see are void) will trigger an investigation.

The void flag is just a second election key mixed in with the ha

Re:

[goombah99]

how would I know my vote was counted if it might have been given a void key?

Salting isn't trivial. if it is simple one can pre-generate all likely ballots with all salts. then you can know the ballot from just it's hash.

Re:

[sjames]

The simplicity of a salt isn't the issue, it's the size. More salt confounds the process.

As for the question of your ballot being void, you can't know. Any more than you can know that your ballot didn't somehow end up in the river or burning in someone's fireplace before it made it's way to be counted (as I said, not perfect).

However, the election officials and press observers can know if a lot of void ballots get checked from residential addresses (remember, validating void ballots triggers an investigatio

Re:

[dave420]

The logic [wikipedia.org] has already been figured out, and a computerised version would be far simpler to use, and just as effective.

Re:

[goombah99]

From the wiki article you cite:
Broken Encryption

The encryption system used in the three ballot was broken by a correlation attack devised by Charlie Strauss[5] who also showed how it could be used to prove how you voted [6]. Strauss's attack relied on the fact that not all receipt strips can pair with all cast strip pairs since proposed triplets with 3 or 1 vote cast in any race on the ballot (not just one race of interest) can be rejected since the strips could not be from the same ballot. Since there are

Re:

[JackieBrown]

Internet voting sounds good in theory. But at the same time, I really feel that at least some effort should be made on behalf of the voter to actually cast a vote.

Honestly, there are many time periods to vote (early polls as well as voting day.) If people cannot be bothered to do this, do you really think that they will investigate any issues before voting? Heck, I still don't like that you can just check one box to vote a party in for all seats on the ballot.

We are already seeing the system rigged by b

Re:

[sjames]

The problem is that not all areas have equal difficulty. Not everyone can get (or afford) time off to vote. Those factors make it too easy to manipulate the results on a demographic basis.

Re:

[JackieBrown]

I'd agree if we didn't have early voting

Re:

[sjames]

That's not all that universal either. We have it where I am, but only at one location in the county. There is also absentee ballots, but if you're already accepting ballots by mail, why not internet?

Re:

[TheRaven64]

There have been allegations in the UK of voter intimidation after postal ballots became easy to obtain: people would require dependents to hand over their ballots, fill them all in, and post them back. Now, it may be that this didn't happen or wasn't statistically significant, but if people are not required to turn up and vote in such a way that they can't prove to someone else how they voted then there's the potential for doing this on a large scale.

Of course one solution would be to allow individuals to