[E-voting] Easier Hacking Access Sneaks in w. ADA Compliance
ryan at meade.net
Thu May 5 12:12:14 IST 2005
The count centre machines are bog-standard PCs, which may have modems and network cards etc. I know there's a suggestion that these are 'hardened' PCs, I don't know if this includes removing network interfaces.
I believe in the early stages it was envisaged that the PCs in the count centres would be networked, to allow the results sets from local stations to be transmitted to the central count station. This was dropped in favour of sneakernet, i.e. burning results sets onto CDs and walking them over to the central count station. I suspect this was to address vague fears that networks == danger of hacking. I'd be very interested to see a comparative study of security risks in ethernet vs sneakernet, if such a thing exists.
----- Original Message -----
From: "Catherine Ansbro" <cansbro at eircom.net>
To: "Irish Citizens for Trustworthy Evoting" <e-voting at lists.stdlib.net>
Subject: [E-voting] Easier Hacking Access Sneaks in w. ADA Compliance
Date: Thu, 05 May 2005 11:21:34 +0100
> I'd like know if any of the tech experts on this e-group can suggest what the
> implications of this might be for the proposed Irish system? If I remember
> correctly there is the opportunity for modems to be used, though supposedly
> they are not supposed to be, and though in at least one case I think there was
> an active network connection observed in use. Is RAS use an option in Ireland
> on the current system? How could anyone get access to the NEDAP/PowerVote
> systems to try out some of these things?
> *Easier Hacking Access Sneaks in w. ADA Compliance
> Posted on Wednesday, May 04, 2005 - 09:25 pm: Edit Post
> <http://www.bbvforums.org/cgi-bin/forums/board-profile.cgi?action=editpost&postid=6470&page=1954/5512>Delete Post <http://www.bbvforums.org/cgi-bin/forums/board-profile.cgi?action=delpost&postid=6470&page=1954/5512> View Post/Check IP <http://www.bbvforums.org/forums/messages/1954/5512.html?1115267112#> Move Post (Moderator/Admin Only)
> Black Box Voting has discovered that the addition of a single Diebold
> touch-screen - with or without a paper trail -- introduces a change to the
> remote access configuration such that malicious tampering of the entire system
> (including the paper ballot-based portion) becomes easier.
> Misguided actions in response to the "Help America Vote Act" (HAVA) are
> causing some local officials to sprinkle touch-screens into their voting
> systems regardless of whether they have already implemented paper ballot-based
> voting systems.
> The HAVA-triggered move to add a touch-screen in each polling place to
> accommodate the visually impaired will make it easier for political operatives
> - located in another state, or even in a foreign country -- to take a crack at
> your election.
> Black Box Voting, together with a team that includes telecommunications and
> security experts, has been conducting field tests on remote access
> vulnerabilities with Diebold voting systems. These hacking tests differ from
> those performed by RABA, Avi Rubin, and the demonstration by Bev Harris with
> presidential candidate Howard Dean, because Diebold was able to claim that
> those demonstrations involved a contrived setup, never-used software, or were
> impossible in the real world of elections.
> This new research is a continuation of field tests in actual county election
> offices using the software and computers on which they have been running their
> elections for several years.
> Black Box Voting has confirmed that Diebold counties who use only optical scan
> (paper ballot-based systems), even when they transmit results by modem, have
> been using a fundamentally different remote access setup than counties that
> transmit by modem from touch-screens. However, when a single modem
> transmission is performed from a touch-screen anywhere in the county, the
> remote access configuration is changed, making it easier for hackers.
> Security experts evaluate hacking risks based on how much time, expertise, and
> money a hacker would need in order to penetrate a system.
> Diebold touch-screen voting systems have been communicating to the central
> tabulator using RAS (Pronounced "razz," stands for Remote Access Server, a
> feature built into Microsoft Windows operating systems). RAS, especially with
> the configuration that has been used by Diebold technicians, can be attacked
> with a modest skill level and minimal financial resources.
> Diebold's precinct-based optical scan systems have not been using RAS to
> communicate. The remote access method used in these systems steps up attack
> difficulty to the "determined hacker" level. Remote penetration of optical
> scan systems requires the ability to crack a 5-character handshake and
> understand the computer language of optical scan machines. In geekspeak, this
> challenge would be called "interesting" but not excruciating.
> Ethical impairment can be substituted for determination when hacking the
> optical scan system. A bit of reverse engineering or a quick listen on the
> telephone line (which can be found, wide-open and exposed, outside certain
> county tabulation facilities) can facilitate remote access into optical
> scan-based central tabulators. Because some of the critical information is
> hard-coded into the system, and remains the same in many different counties
> and states, finding just one location to "listen in" for the correct
> information will help hackers penetrate many different locations.
> Some counties are adding a new type of Diebold optical scan system, the High
> Speed Central Count. Unlike the precinct-count optical scan, these
> paper-ballot systems count at a central location instead of counting at the
> voting place. According to internal Diebold communications, the newer High
> Speed Central Count systems, when hooked up to the central tabulator through
> telephone lines, will be designed to use the easier-to-hack RAS, like the
> Staff communications among Diebold programmers indicate that new versions of
> the central tabulator may be designed so that even precinct-based optical
> scans can communicate with RAS.
> REMOTE ACCESS VULNERABILITY ADDRESSED IN NEW VERSIONS
> Diebold is now building better encryption into its data transmission.
> According to certification documents published in Oct. 2004, components of
> more secure Diebold systems have already been certified. There are indications
> that the new Diebold GEMS 2.0 series will be built on somewhat more secure SQL
> rather than Microsoft Access. Procedures outlined in internal Diebold
> documents for California would, if used nationwide, measurably increase data
> Unfortunately, most counties do not yet have the new Diebold products, and
> instead of recalling its flawed systems, taxpayers are likely to be charged
> for new software versions to fix flaws that never should have existed in the
> first place. Compliance with existing check-and-balance procedures is spotty
> at best, so issuing new procedural recommendations will produce uneven
> improvements in security.
> Counties seeking to implement touch-screens as an answer to ADA compliance
> will not necessarily update their other voting machines, so Diebold's
> improvements won't solve problems.
> Another system, the optical scan-based Automark, would provide accessibility
> without adding touch-screens, but most jurisdictions are heading for
> touch-screens instead. The optical scan-based Automark recently acquired by
> ES&S, would provide accessibility using a paper ballot and optical scan setup.
> We have received a report from an elections official that ES&S has put a hold
> on federal certification of the Automark, which will delay the ability to
> comply with ADA requirements by purchasing Automark. If the Automark
> certification occurs after the HAVA deadline, election officials may be forced
> to buy touch-screens.
> If Diebold touch-screens are chosen for your county's ADA "solution", citizens
> should ask some tough questions about RAS, changes in tabulator configuration,
> and why other kinds of systems can't be used instead.
> Black Box Voting recommends a spending moratorium on new voting systems and
> components until multiple problems with election system design and integrity
> are addressed.
> E-voting mailing list
> E-voting at lists.stdlib.net
More information about the E-voting