[E-voting] Devastating hack proven - Leon County dumps Diebold

Catherine Ansbro cansbro at eircom.net
Wed Dec 14 22:04:09 GMT 2005

Posted on Tuesday, December 13, 2005 - 03:42 pm:    	Edit Post 
View Post/Check IP 
<http://www.bbvforums.org/forums/messages/1954/15595.html?1134594577#>   Move 
Post (Moderator/Admin Only) 

*Devastating hack proven - Leon County dumps Diebold*
Wed. December 14, 2005*: Due to contractual non-performance and security 
design issues, Leon County (Florida) supervisor of elections Ion Sancho 
has announced that he will never again use Diebold in an election. He 
has requested funds to replace the Diebold system from the county. On 
Tuesday, the most serious "hack" demonstration to date took place in 
Leon County. The Diebold machines succumbed quickly to alteration of the 
votes. This comes on the heels of the resignation of Diebold CEO Wally 
O'Dell, and the announcement that a stockholder's class action suit has 
been filed against Diebold by Scott & Scott. Further "hack" testing on 
additional vulnerabilities is tentatively scheduled before Christmas in 
the state of California.

Finnish security expert Harri Hursti, together with *Black Box Voting*, 
demonstrated that Diebold made misrepresentations to Secretaries of 
State across the nation when Diebold claimed votes could not be changed 
on the "memory card" (the credit-card-sized ballot box used by 
computerized voting machines.

A test election was run in Leon County on Tuesday with a total of eight 
ballots. Six ballots voted "no" on a ballot question as to whether 
Diebold voting machines can be hacked or not. Two ballots, cast by Dr. 
Herbert Thompson and by Harri Hursti voted "yes" indicating a belief 
that the Diebold machines could be hacked.

At the beginning of the test election the memory card programmed by 
Harri Hursti was inserted into an Optical Scan Diebold voting machine. A 
"zero report" was run indicating zero votes on the memory card. In fact, 
however, Hursti had pre-loaded the memory card with plus and minus votes.

The eight ballots were run through the optical scan machine. The 
standard Diebold-supplied "ender card" was run through as is normal 
procedure ending the election. A results tape was run from the voting 

Correct results should have been: *Yes:2 ; No:6 *

However, just as Hursti had planned, the results tape read: *Yes:7 ; No:1 *

The results were then uploaded from the optical scan voting machine into 
the GEMS central tabulator, a step cited by Diebold as a protection 
against memory card hacking. The central tabulator is the "mother ship" 
that pulls in all votes from voting machines. However, the GEMS central 
tabulator failed to notice that the voting machines had been hacked.
The results in the central tabulator read:

*Yes:7 ; No:1*

This videotaped testing session was witnessed by *Black Box Voting* 
investigators Bev Harris and Kathleen Wynne, *Florida Fair Elections 
Coalition* Director Susan Pynchon, security expert Dr. Herbert Thompson, 
and Susan Bernecker, a former candidate for New Orleans city council who 
videotaped Sequoia-brand touch-screen voting machines in her district 
recording vote after vote for the wrong candidate.

The Hursti Hack requires a moderate level of inside access. It is, 
however, accomplished without being given any password and with the same 
level of access given thousands of poll workers across the USA. It is a 
particularly dangerous exploit, because it changes votes in a one-step 
process that will not be detected in any normal canvassing procedure, it 
requires only a single a credit-card sized memory card, any single 
individual with access to the memory cards can do it, and it requires 
only a small piece of equipment which can be purchased off the Internet 
for a few hundred dollars.

One thousand two hundred locations in the U.S. and Canada use Diebold 
voting machines. In each of these locations, typically three people have 
a high level of inside access. Temporary employees also often have brief 
access to loose memory cards as machines are being prepared for 
elections. Poll workers sometimes have a very high level of inside 
access. National elections utilize up to two million poll workers, with 
hundreds or thousands in a single jurisdiction.

Many locations in the U.S. ask poll workers to take voting machines home 
with them with the memory cards inside. San Diego County (Calif) sent 
713 voting machines/memory cards home with poll workers for its July 26 
election, and King County (Wash.) sent over 500 voting machines home 
with poll workers before its Nov. 8 election.

Memory cards are held in a compartment protected by a small plastic 
seal. However, these simple seals can be defeated, and Hursti has found 
evidence that the memory card can be reprogrammed without disturbing the 
seal by using a telephone modem port on the back of the machine.

The Hursti Hack, referred to as "the mother of all security holes" was 
first exposed in a formal report on July 4. 

Diebold has insisted to county and state election officials that despite 
Hursti's demonstration, changing votes on its memory cards is 
impossible. (Public records from Diebold, including threat letter to Ion 

On Oct. 17, 2005 Diebold Elections Systems Research and Development 
chief Pat Green specifically told the Cuyahoga County (Ohio) board of 
elections during a $21 million purchasing session that votes cannot be 
changed using only a memory card. (Video of Pat Green: 
http://www.bbvforums.org/forums/messages/2197/14298.html) Over the 
objections of Cuyahoga County citizens, and relying on the veracity of 
Diebold's statements, the board has chosen to purchase the machines.

According to Public Records obtained by *Black Box Voting*, Diebold has 
promulgated misrepresentations about both the Hursti Hack and another 
kind of hack by Dr. Herbert Thompson to secretaries of state, and to as 
many as 800 state and local elections officials.

Stockholder suit 
filed by the law offices of Scott and Scott:

and http://www.bradblog.com/archives/00002153.htm

*Diebold CEO resigns*: 

Permission to reprint granted with link to http://blackboxvoting.org
-------------- next part --------------
Skipped content of type multipart/related

More information about the E-voting mailing list