Originally Published on NevadaNewsmakers.com, 8/7/2007 1:01:24 PM
Hack the Vote! Part 1
The report might have been titled “A Thousand and One Ways to Compromise an Election.” It was prepared for the California Secretary of State by a team of computer scientists acting as white-hat hackers, conducting penetration tests on various brands of electronic voting machines used in California. It was a collection of reports, actually, and the one of interest to Nevadans could have been called “A Hundred and One Ways to Compromise the Sequoia Voting System.” That’s the system used in Nevada elections.
Although the members of the Source Code Team from U.C. Berkeley claim they didn’t have enough time for a thorough review, they nonetheless compiled an enormous list of ways in which the Sequoia system is deficient on every level from the back end system to the hardware in the precincts.
A few of the findings: The “smart cards” voters insert into the machines can be altered using a laptop, as can the “results cartridges” that hold the tally of all the day’s voting for each machine. It’s possible for results affecting one precinct or multiple precincts to be changed without detection.
The tamper-evident seals that alert poll workers to an attack on the hardware, or the machine’s internal firmware, are irrelevant, since “the testers were able to gain access to the internals of the systems by, for example, unscrewing screws…. Similarly, plastic covers that were protected by seals could be pried open enough to insert tools that could manipulate the protected buttons without damaging the seals or leaving any evidence that the security of the system had been compromised.”
Features that limit control of the WinEDS database are easily circumvented, according to the report. This means the people at every level who are involved in back-end operation, such as preparing ballots, configuring voting machines, and counting the ballots, can assign roles to themselves and gain access at a level they were never intended to have.
The results were no surprise to the broader community of tech intelligentsia, which collectively uttered one word when the story broke. “Duh.”
The number and severity of vulnerabilities in the systems led Secretary of State Debra Bowen to decertify the Sequoia machines on Friday, to meet a deadline related to the California primary, and re-certify them under more stringent conditions.
Sequoia hosted a user conference last week, the timing of which, deliberately or not, coincided with the release of the California test results. Election officials from across the country, including our own, attended. Security experts say all the companies whose machines were tested have an interest in discrediting the results, and indeed, when the testers gave their report at a hearing in Sacramento, it was vendors and county election officials who squared off with them.
Some at the county level, where jobs are made more difficult by the findings, accuse Secretary of State Debra Bowen of staging the test as an exercise in political theatrics. They may be right, but that doesn’t minimize the significance of the tests.
Hack the Vote! Part 2
First, we have to lose this romantic notion about the nature of cybercrime, deeply embedded after only a decade or so of Hollywood portrayals. The Lone Gunmen of “X-Files” fame, or Chloe and Morris of “24” tear into the keyboard as the clock ticks. They’re under intense pressure, with lives in the balance. Their brows furrow and beads of sweat appear on their upper lips. Within minutes — hours if it’s a tougher assignment — there’s a blinking message window on the screen, signaling success.
Then there’s the swaggering, teen-aged “because-I-can” hacker, who operates from a bedroom in his parents’ home, altering school records or dropping dirty pictures onto the websites of prominent people, for laughs. In another era, he’d have been vandalizing parking meters. He’s real, but he’s not committing election fraud. Yet.
More recently, the public has begun to grasp the common criminality of hacking, as eastern European syndicates using stolen credit card numbers have been revealed to be a major source of cybercrime. This crime, motivated by money, is the closer to the worry at hand, but still not quite right.
Here’s a chilling paragraph from the U.C. Berkeley report:
“The high stakes of many elections can provide rich incentives for illegal abuse. The resources of this study were quite small compared with those that might be available to an organized criminal conspiracy to commit election fraud. In our professional opinion, it is likely that a sophisticated adversary who sought to subvert an election by technical means would be able to duplicate, and perhaps exceed, the attacks reported here, even without open access to source code. Our study should be regarded, at best, as identifying obvious weaknesses that an attacker might attempt to exploit.”
Get the picture? Cyberattacks on elections would be painstakingly planned, with a possible interval of four years to get it right. And lots of money would be available to people with the requisite combination of know-how, financial need and political disgruntlement. With regard to the categories of cybercriminal for which we have a frame of reference, they would fall into the column marked “none of the above.”
The Reasonable Reporter, having produced a five-part series on electronic voting machine security in the summer of 2004, is in contact with some folks who have spent a lot of years studying voting machines. More to follow.