Diebold Hack Hints at Wider Flaws
By Kim Zetter | Also by this reporter02:00 AM Dec. 21, 2005 PT
Election officials spooked by tampering in a test last week of Diebold optical-scan voting machines should be equally wary of optical-scan equipment produced by other manufacturers, according to a computer scientist who conducted the test.
Election officials in Florida's Leon County, where the test occurred, promptly announced plans to drop Diebold machines in favor of optical-scan machines made by Election Systems & Software, or ES&S. But Hugh Thompson, an adjunct computer science professor at the Florida Institute of Technology who helped devise last week's test, believes other systems could also be vulnerable.
"Looking at these systems doesn't send off signals that ... if we just get rid of Diebold and go to another vendor we'll be safe," Thompson said. "We know the Diebold machines are vulnerable. As for ES&S, we don't know that they're bad but we don't know that they're (good) either."
Thompson and Harri Hursti, a Finnish computer scientist, were able to change votes on the Diebold machine without leaving a trace. Hursti conducted the same test for the California secretary of state's office Tuesday. The office did not return several calls for comment.
Information about the vulnerability comes as states face deadlines to qualify for federal funding to replace punch-card and lever machines with new touch-screen or optical-scan machines. In order to get funding, states must have new machines in place by their first federal election after Jan. 1, 2006.
Optical-scan machines have become the preferred choice of many election officials due to the controversy over touch-screen voting machines, many of which do not produce a paper trail. Optical-scan machines use a paper ballot on which voters mark selections with a pen before officials scan them into a machine. The paper serves as a backup if the machine fails or officials need to recount votes.
The hack Thompson and Hursti performed involves a memory card that's inserted in the Diebold machines to record votes as officials scan ballots. According to Thompson, data on the cards isn't encrypted or secured with passwords. Anyone with programming skills and access to the cards -- such as a county elections technical administrator, a savvy poll worker or a voting company employee -- can alter the data using a laptop and card reader.
To test the machines, Thompson and Hursti conducted a mock election on systems loaded with a rigged memory card. The election consisted of eight ballots asking voters to decide, yes or no, if the Diebold optical-scan machine could be hacked.
Six people voted "no" and two voted "yes." But after scanning the ballots, the total showed one "no" vote and seven "yes" votes.
Diebold did not return several calls for comment.
condt.......................
More evidence.
posted by BadGimp @ 9:37 AM
1 Comments:
Hello, thanks a lot, You'v done a great job.I can only realize how much time and resources does it take to create such a resource!Great work, I am impressed!
Post a Comment
<< Home