    
admin
Board Administrator
Username: admin
Post Number: 430
Registered: 12-2004
Best of Black Box? 
Votes: 9 (A keeper?) | | Posted on Wednesday, May 4, 2005 - 9:25 pm: | 
|
by Bev Harris & Kathleen Wynne
To comply with disability requirements, counties throughout the U.S. have been told they must add a touch-screen in each voting place. Black Box Voting has discovered that the addition of a single Diebold touch-screen – with or without a paper trail -- introduces a change to the remote access configuration such that malicious tampering of the entire system (including the paper ballot-based portion) becomes easier.
Misguided actions in response to the “Help America Vote Act” (HAVA) are causing officials to sprinkle touch-screens into their voting systems along with their paper ballot-based voting systems.
The HAVA-triggered move to add a touch-screen in each polling place to accommodate the visually impaired will make it easier for political operatives – located in another state, or even in a foreign country -- to take a crack at your election.
Black Box Voting, together with a team that includes telecommunications and security experts, has been conducting field tests on remote access vulnerabilities with Diebold voting systems. These hacking tests differ from those performed by RABA, Avi Rubin, and the demonstration by Bev Harris with presidential candidate Howard Dean, because Diebold was able to claim that those demonstrations involved a contrived setup, never-used software, or were impossible in the real world of elections.
This new research is a continuation of field tests in actual county election offices using the software and computers on which they have been running their elections for several years.
Black Box Voting has confirmed that Diebold counties who use only optical scan (paper ballot-based systems), even when they transmit results by modem, have been using a fundamentally different remote access setup than counties that transmit by modem from touch-screens. However, when a single modem transmission is performed from a touch-screen anywhere in the county, the remote access configuration is changed, making it easier for hackers.
Security experts evaluate hacking risks based on how much time, expertise, and money a hacker would need in order to penetrate a system.
Translation of upcoming info for folks who don't enjoy techno-discussions: The central tabulator (the "mother ship" where all the votes come in from polling place machines) is a tempting hacking target, because it accumulates ALL the votes. The central tabulator is easier to hack if the votes are coming in from touch-screens than optical scans (paper ballot scanners). However, the minute you add a touch-screen for visually impaired voters to precincts that have the harder-to-hack optical scans, that advantage disappears.
Diebold touch-screen voting systems have been communicating to the central tabulator using RAS (Pronounced “razz,” stands for Remote Access Server, a feature built into Microsoft Windows operating systems). RAS, especially with the configuration that has been used by Diebold technicians, can be attacked with a modest skill level and minimal financial resources.
Diebold’s precinct-based optical scan systems have not been using RAS to communicate. The remote access method used in these systems steps up attack difficulty to the “determined hacker” level. Remote penetration of optical scan systems requires the ability to crack a 5-character handshake and understand the computer language of optical scan machines. In geekspeak, this challenge would be called “interesting” but not excruciating.
Non-techie translation of the next section: There are ethical constraints that make it chancy for security experts to use the same techniques that real hackers would use. Security experts aren't supposed to take software and "reverse engineer" it. However, reverse engineering tools are available and hackers aren't shy about using them. Also, our security experts didn't go out and slice an exposed telephone line -- easily accessed at night by anyone. A real operative might easily have done that. If you do the reverse engineering, or the telephone line hack, the optical scans become much easier to hack.
Ethical impairment can be substituted for determination when hacking the optical scan system. A bit of reverse engineering or a quick listen on the telephone line (which can be found, wide-open and exposed, outside certain county tabulation facilities) can facilitate remote access into optical scan-based central tabulators. Because some of the critical information is hard-coded into the system, and remains the same in many different counties and states, finding just one location to “listen in” for the correct information will help hackers penetrate many different locations.
Some counties are adding a new type of Diebold optical scan system, the High Speed Central Count. Unlike the precinct-count optical scan, these paper-ballot systems count at a central location instead of counting at the voting place. According to internal Diebold communications, the newer High Speed Central Count systems, when hooked up to the central tabulator through telephone lines, will be designed to use the easier-to-hack RAS, like the touch-screens.
Translation for non-techies: Absentee ballots are counted by an optical scan machine that is similar to those at the precincts, but souped-up for faster ballot feeding. This optical scan machine also feeds its vote data into the central tabulator. Sometimes it send the votes by modem. They are designing it so that it uses the same type of easy-to-hack setup that the touch-screen uses to send its votes.
Staff communications among Diebold programmers indicate that new versions of the central tabulator may be designed so that even precinct-based optical scans can communicate with RAS.
REMOTE ACCESS VULNERABILITY ADDRESSED IN NEW VERSIONS
(translation for non-techies): New systems have much better security. However, election officials are using the old systems, and the taxpayer is expected to foot the bill to fix flawed systems that should never have been sold in the first place.
Diebold is now building better encryption into its data transmission. According to certification documents published in Oct. 2004, components of more secure Diebold systems have already been certified. There are indications that the new Diebold GEMS 2.0 series will be built on somewhat more secure SQL rather than Microsoft Access. Procedures outlined in internal Diebold documents for California would, if used nationwide, measurably increase data security.
Unfortunately, most counties do not yet have the new Diebold products, and instead of recalling its flawed systems, taxpayers are likely to be charged for new software versions to fix flaws that never should have existed in the first place. Compliance with existing check-and-balance procedures is spotty at best, so issuing new procedural recommendations will produce uneven improvements in security.
Counties seeking to implement touch-screens as an answer to ADA compliance will not necessarily update their other voting machines, so Diebold’s improvements won’t solve problems.
Because of looming deadlines for buying machines friendly to the visually impaired, counties have few options other than touchscreens. One option, though, is a new system called the AutoMark, made by a company owned by ES&S.
We do not know much about the remote access risks of the AutoMark system. Using AutoMark instead of Diebold touch-screens may or may not add to the risk of remote access to the central tabulator.
The Automark would provide accessibility without adding touch-screens. Whether or not AutoMark is vulnerable to remote access, its paper ballot technology is preferable to paperless touch-screens.
If Diebold touch-screens are chosen for your county’s ADA “solution”, citizens should ask some tough questions about RAS, changes in tabulator configuration, and why other kinds of systems can’t be used instead.
Black Box Voting recommends a spending moratorium on new voting systems and components until multiple problems with election system design and integrity are addressed.
Discuss this article here:
http://www.bbvforums.org/forums/messages/72/5538.html
|
