Security research vid shows "virus" infecting e-voting machines

Posted by Cory Doctorow, September 8, 2008 10:31 PM |
Max sez,
The Security Group at the University of California in Santa Barbara has released the video that shows the attacks carried out against the Sequoia voting system. I heard about the video when talking to some members of the group, but it was never made available to the public before. The video was shot as part of the Top-To-Bottom Review organized by the California Secretary of State. Even though the review was carried our in July 2007, the video has been posted only now, more than a year after (why?).

The video shows an attack where a virus-like software spreads across the voting system. The coolest part of the video is the one that shows how the "brainwashed" voting terminals can use different techniques to change the votes even when a paper audit trail is used. Pretty scary stuff. The video is proof that these types of attacks are indeed feasible and not just a conspiracy theory.

Also, the part that shows how the "tamperproof" seals can be completely bypassed is very funny (and disturbing at the same time).

Evaluating the Security of Electronic Voting Systems (Thanks, Max!)
posted in: CivlibGadgetsVideo
Favorite this! ( 11 )
Send this to a Friend
Older Ridgid SeeSnake Micro Inspection Camera
Newer Rating the futurists

Discussion

Take a look at this
#1 posted by igpajo , September 8, 2008 11:26 PM

Sounds a bit like what happened in the movie "Man of the Year" where Robin Williams playing as a Jon Stewart like political TV satirist runs for President and wins after a computer bug in the e-voting machines favors him over the other candidates.

Take a look at this
#2 posted by Phikus , September 8, 2008 11:28 PM

Pay no attention to the virus behind the curtain...

Take a look at this
#3 posted by Phikus , September 8, 2008 11:32 PM

IGPAJO@1: Except that Robin steps down when found out.

Take a look at this
#6 posted by SC_Wolf , September 9, 2008 1:08 AM

Obligatory link to appropriate XKCD strip:
http://xkcd.com/463/

Take a look at this
#7 posted by flup , September 9, 2008 6:05 AM

Presumably these machines are being used in an attempt to save money (I can't think of any other reason). However, given the amount of money that's been spent on certification, re-certification, purchasing (and disposal), is it really worth it?

Take a look at this
#8 posted by ivan256 , September 9, 2008 6:50 AM

Might as well just make Obama president *now*. If he loses nobody is going to believe it anyway.

Take a look at this
#9 posted by mdh , September 9, 2008 8:07 AM

Yeah, those voting machines will make terrible barricades if the fix is in.

Take a look at this
#10 posted by Baldhead , September 9, 2008 9:43 AM

Can we just go back to hand counting bits of paper? Seriously at least when you use that system you need a proper conspiracy to rig things. Not just a single hacker.

Take a look at this
#11 posted by codesuidae , September 9, 2008 10:04 AM

Anyone know if this movie available in another format?

Take a look at this
#12 posted by Phikus , September 9, 2008 11:52 AM

FLUP@6: It is worth it to those who want to control the outcome of an election, and thereby the country.

BALDHEAD@9: Even when we were counting bits of paper, they managed to steal an election. Remember 2000? What can be done when the Supreme Court stops a recount, which by any measure would have shown Gore as the winner, and not just of the popular vote?

Take a look at this
#13 posted by Howdy , September 9, 2008 12:25 PM

Why didn't the California Secretary of State read the report after the review and decertify the DRE's or at the very least, re certify with conditions for use, storage and handling and allow one per voting place to be used for accessibility and paper ballots for those who can hold a pencil?

Take a look at this
#14 posted by justONEguy , September 9, 2008 1:37 PM

Democracy is dead. Long live the corporate kleptocracy.

Take a look at this
#15 posted by Burz , September 9, 2008 1:48 PM

PHIKUS@11: Yet the use of those physical ballots is what enabled you to make that conclusion.

Note that what happened in Ohio, 2004 is much less clear because of computerized voting.

Digital electronic information can't be verified where anonymous transactions are involved; the goal in designing digital equipment is to create and alter information as effortlessly and cleanly as possible.

This is accomplished through many layers of abstraction which most people (99.999%) can't audit (or often even detect). Electronic "ballots" cannot be viewed directly with the human eye (nor otherwise directly sensed) because the bits that show a "vote" on the screen are not the same bits that comprise the record. They are un-auditable.

Even where digital signatures of poll workers are used, they will only indicate very generally a problem in a batch of votes in a given precinct... the discrepancies cannot be traced to individual ballots to figure out what went wrong.

Take a look at this
#16 posted by Phikus , September 9, 2008 2:38 PM

BURZ@14: Indeed. I was just attempting to point out that this is but one item on the playbook of voter disenfranchisement. We need greater transparency, accountability, and re-countability installed into the voting system if we hope to have a fair election ever again.

JUSTONEGUY@13: Kleptocracy indeed!

Take a look at this
#17 posted by stealthisbook , September 9, 2008 9:40 PM

Much of the trouble in gaining any sort of transparency in the vote process with these machines is probably also why this video was delayed for so long. The companies that build these hold on tightly to every design and code detail as a trade secret.

Post a comment

Anonymous