[E-voting] Easier Hacking Access Sneaks in w. ADA Compliance

Catherine Ansbro cansbro at eircom.net
Thu May 5 11:21:34 IST 2005


I'd like know if any of the tech experts on this e-group can suggest 
what the implications of this might be for the proposed Irish system?  
If I remember correctly there is the opportunity for modems to be used, 
though supposedly they are not supposed to be, and though in at least 
one case I think there was an active network connection observed in 
use.  Is RAS use an option in Ireland on the current system?  How could 
anyone get access to the NEDAP/PowerVote systems to try out some of 
these things?

Catherine

http://www.bbvforums.org/forums/messages/1954/5512.html?1115267112#POST6470
*Easier Hacking Access Sneaks in w. ADA Compliance

*
Posted on Wednesday, May 04, 2005 - 09:25 pm:    	Edit Post 
<http://www.bbvforums.org/cgi-bin/forums/board-profile.cgi?action=editpost&postid=6470&page=1954/5512>Delete 
Post 
<http://www.bbvforums.org/cgi-bin/forums/board-profile.cgi?action=delpost&postid=6470&page=1954/5512> 
View Post/Check IP 
<http://www.bbvforums.org/forums/messages/1954/5512.html?1115267112#>   Move 
Post (Moderator/Admin Only) 
<http://www.bbvforums.org/forums/messages/1954/5512.html?1115267112#>

------------------------------------------------------------------------
Black Box Voting has discovered that the addition of a single Diebold 
touch-screen - with or without a paper trail -- introduces a change to 
the remote access configuration such that malicious tampering of the 
entire system (including the paper ballot-based portion) becomes easier.

Misguided actions in response to the "Help America Vote Act" (HAVA) are 
causing some local officials to sprinkle touch-screens into their voting 
systems regardless of whether they have already implemented paper 
ballot-based voting systems.

The HAVA-triggered move to add a touch-screen in each polling place to 
accommodate the visually impaired will make it easier for political 
operatives - located in another state, or even in a foreign country -- 
to take a crack at your election.

Black Box Voting, together with a team that includes telecommunications 
and security experts, has been conducting field tests on remote access 
vulnerabilities with Diebold voting systems. These hacking tests differ 
from those performed by RABA, Avi Rubin, and the demonstration by Bev 
Harris with presidential candidate Howard Dean, because Diebold was able 
to claim that those demonstrations involved a contrived setup, 
never-used software, or were impossible in the real world of elections.

This new research is a continuation of field tests in actual county 
election offices using the software and computers on which they have 
been running their elections for several years.

Black Box Voting has confirmed that Diebold counties who use only 
optical scan (paper ballot-based systems), even when they transmit 
results by modem, have been using a fundamentally different remote 
access setup than counties that transmit by modem from touch-screens. 
However, when a single modem transmission is performed from a 
touch-screen anywhere in the county, the remote access configuration is 
changed, making it easier for hackers.

Security experts evaluate hacking risks based on how much time, 
expertise, and money a hacker would need in order to penetrate a system.

Diebold touch-screen voting systems have been communicating to the 
central tabulator using RAS (Pronounced "razz," stands for Remote Access 
Server, a feature built into Microsoft Windows operating systems). RAS, 
especially with the configuration that has been used by Diebold 
technicians, can be attacked with a modest skill level and minimal 
financial resources.

Diebold's precinct-based optical scan systems have not been using RAS to 
communicate. The remote access method used in these systems steps up 
attack difficulty to the "determined hacker" level. Remote penetration 
of optical scan systems requires the ability to crack a 5-character 
handshake and understand the computer language of optical scan machines. 
In geekspeak, this challenge would be called "interesting" but not 
excruciating.

Ethical impairment can be substituted for determination when hacking the 
optical scan system. A bit of reverse engineering or a quick listen on 
the telephone line (which can be found, wide-open and exposed, outside 
certain county tabulation facilities) can facilitate remote access into 
optical scan-based central tabulators. Because some of the critical 
information is hard-coded into the system, and remains the same in many 
different counties and states, finding just one location to "listen in" 
for the correct information will help hackers penetrate many different 
locations.

Some counties are adding a new type of Diebold optical scan system, the 
High Speed Central Count. Unlike the precinct-count optical scan, these 
paper-ballot systems count at a central location instead of counting at 
the voting place. According to internal Diebold communications, the 
newer High Speed Central Count systems, when hooked up to the central 
tabulator through telephone lines, will be designed to use the 
easier-to-hack RAS, like the touch-screens.

Staff communications among Diebold programmers indicate that new 
versions of the central tabulator may be designed so that even 
precinct-based optical scans can communicate with RAS.

REMOTE ACCESS VULNERABILITY ADDRESSED IN NEW VERSIONS

Diebold is now building better encryption into its data transmission. 
According to certification documents published in Oct. 2004, components 
of more secure Diebold systems have already been certified. There are 
indications that the new Diebold GEMS 2.0 series will be built on 
somewhat more secure SQL rather than Microsoft Access. Procedures 
outlined in internal Diebold documents for California would, if used 
nationwide, measurably increase data security.

Unfortunately, most counties do not yet have the new Diebold products, 
and instead of recalling its flawed systems, taxpayers are likely to be 
charged for new software versions to fix flaws that never should have 
existed in the first place. Compliance with existing check-and-balance 
procedures is spotty at best, so issuing new procedural recommendations 
will produce uneven improvements in security.

Counties seeking to implement touch-screens as an answer to ADA 
compliance will not necessarily update their other voting machines, so 
Diebold's improvements won't solve problems.

Another system, the optical scan-based Automark, would provide 
accessibility without adding touch-screens, but most jurisdictions are 
heading for touch-screens instead. The optical scan-based Automark 
recently acquired by ES&S, would provide accessibility using a paper 
ballot and optical scan setup.

We have received a report from an elections official that ES&S has put a 
hold on federal certification of the Automark, which will delay the 
ability to comply with ADA requirements by purchasing Automark. If the 
Automark certification occurs after the HAVA deadline, election 
officials may be forced to buy touch-screens.

If Diebold touch-screens are chosen for your county's ADA "solution", 
citizens should ask some tough questions about RAS, changes in tabulator 
configuration, and why other kinds of systems can't be used instead.

Black Box Voting recommends a spending moratorium on new voting systems 
and components until multiple problems with election system design and 
integrity are addressed.
-------------- next part --------------
Skipped content of type multipart/related


More information about the E-voting mailing list