Forum Navigation
Topics
Log In
Log Out
Forum Search
New Today
New This Week
Advanced Search
Tree View
Forum Account
Edit Profile
Register
Forgot Password
Forum Tools
Help/Instructions
Contact Moderators
Administration
|
| Please Help With Research |
|
| Author |
Message |
    
Poly Gnotus
Voting Rights Forum Participant
Username: Polygnotus
Post Number: 1
Registered: 01-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, January 16, 2006 - 3:50 pm: | 
|
Greetings,
I'm researching specific methods of rigging an election using either DREs, computer tabulators or both.
When I say specific, I mean as exact a procedure as possible. This includes but is not limited to inserting malicious code into the software, distribution of that software to targeted districts and states, beating certification test, and leaving no detectible trace. Also hacking a central tabulator, and any other plausable methods should be included.
So if anyone knows of such research, or any good websites by computer and electoral systems experts which spell out exactly how easy it is to rig an election using this technology, I would much appreciate you pointing me that way.
For an example of the type of info I'm looking for, please check out Chuck Herrin's page on How to hack the Vote.
Chuck's excellent demo is effective for demonstrating the software holes, but it is not effective at demonstrating real world, in the field practices. We need to demonstrate from beginning to end how a hypothetical party or group of parties could pull off the stealing of an election.
It needs to include how the machines and/or their software are distributed to commissioners and poll workers; how the actual trojan or hack would need to be implemented. How to avoid detection in the case of a recount etc.
In a nutshell, I am looking for a user's guide to stealing an election. And if nothing similar exists, then I am looking for the best info I can find to help in creating that user's guide.
The goal of this research is two-fold:
1. Present the threat of electronic voting from a different and, hopefully, more alarming perspective: that of a fraudster. And
2. Create a working scenario that may be usefull in identifying flags other than exit poll data to determine if election fraud possibly occurred.
I believe this may be one of the most effective ways to attack the problem and garner support for change. Unfortunately, I am not the most qualified to undertake this project. So, if anyone wants to help, please do. |
Bev Harris
Board Administrator
Username: Admin
Post Number: 3214
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, January 16, 2006 - 4:01 pm: |
|
Here are some tips to get you started. Re-registration with real first and last name will be required to post again.
inserting malicious code into the software
See the information on hacks like Dr. Herbert Thompson demonstrated on the Diebold GEMS central tabulator in Leon County, FL: You'll find documentation that GEMS allows tampering with a Visual Basic Script here:
Aug. 18 2004 CompuWare Report: http://www.bbvdocs.org/reports/GEMS-RISK.pdf
and here:
http://www.bbvforums.org/forums/messages/2197/14274.html
distribution of that software to targeted districts and states, beating certification test
You'll find documentation on delivery of patches and uncertified versions here:
http://www.blackboxvoting.org/bbv_chapter-13.pdf
and here:
http://www.bbvforums.org/forums/messages/2197/15577.html
Also hacking a central tabulator - That's the Herbert Thompson hack.
Hacking a system leaving no trace - See this report:
http://www.bbvforums.org/forums/messages/1954/15595.html
Chuck Herrin's page on How to hack the Vote. Chuck's excellent demo is effective for demonstrating the software holes, but it is not effective at demonstrating real world, in the field practices.
Actually, Chuck Herrin's demo is highly relevant to the real world. In banking, in retail stores, and in elections, the biggest risk for theft is the risk from INSIDERS.
Inside access
Calculate the number of people who have inside access to the central tabulator, who could therefore pull off a GEMS hack (note that the Chuck Herrin report is an upgraded version of the report from Black Box Voting published a year earlier, "Inside a U.S. Voting System.")
Black Box Voting and our volunteers did a series of public records requests before Election 2004, requesting a list from each county of who has access to their central tabulator and what control they have over the room where it is housed.
- The average number of people who access it is three
- Wide variation in security on the tabulator room. Many locations do not have it in a separate room, and in some locations it is accessible to the building custodian at night.
- Almost no locations log users appropriately. All the logs we have obtained show every user under the same name, "admin"
We have determined that approximately 1200 elections jurisdictions use GEMS. Doing the math, at three people per jurisdiction with access, that's 3,600 people with access to the central tabulator for the Diebold locations alone. Other systems also have vulnerabilities.
Ask any security expert whether a mission-critical high security system can be kept secure from a simple attack like the GEMS exploit if 3,600 people have access. Of course, you can also add to this the Diebold employees and temporary contractors who are given access in many locations.
GEMS hack a high risk for 10% of votes or more - because absentee votes have no poll tapes
Some people think the GEMS hack is not a risk because of the poll tapes, which act as a cross-check. However, the absentee votes do not have poll tapes at all. In locations that make it difficult to vote absentee, we are finding about 10 percent of the vote is absentee. In locations that make it easy, it ranges from 40 percent to 70 percent. This means that a minimum of 10 percent, and up to 70 percent, of votes are subject to undetected GEMS-style tampering by exploiting inside access. That's real-world, based on testing in the field, public records, and an examination of the system installed in San Joaquin California.
Creating a step by step user's guide to hacking an election
Creating a step by step guide to tampering would be a speculation, now matter how you go at it. It is more useful to look at the problem in terms of attack trees, which map out the attack points and identify those that have been proven in the field, and those which remain unresolved (not mitigated). You can find an attack tree presentation here:
http://www.bbvforums.org/forums/messages/2197/10409.html
To develop a user's guide (a step by step how to guide), select an unmitigated attack point for each stage of the election. However, the attack points vary considerably from jurisdiction to jurisdiction. Many combinations of attack points are available, and there are many attack points not listed in the above presentation, especially when you incorporate penetration of people and exploitation of weak procedures.
Red flags for tampered elections
As for flags other than exit polls, the best ones are the voting machine audit logs themselves, and the red flag of obstructive behavior by officials.
All of the machines produce multiple audit tools, which can be obtained in public records requests. These logs will show anomalies and sometimes, tampering and hacking intrusions.
If you get obstruction by public officials when you request the logs, that is a good indication that there may be something of value in the logs. Tampering has been indicated in logs from Volusia County, King County, and it now appears that San Diego County's Nov. 8 election may have been tampered and hacked as well, based on logs.
More information
You can find a lot more information in the Black Box Voting book, which is available chapter by chapter online, simply by going to our home page; scroll down and look in the right-hand column. There is a lot of information at this site. Develop a habit of checking for what's new each day (click "last 24 hours" at top of home page, or "New Today" at left side of any forums page")
The user's guide will be met with denials
After you prove that tampering can take place, such proof will still be met with lies from vendors and denial from public officials. That's because the vendors still want to make a buck and public officials don't want anyone questioning the voting machines that put them in office.
Just because someone denies it doesn't make it true. Do not take statements at face value. Learn to ask the right follow up questions, and get in the habit of asking for information in the form of public records requests and doing field visits. You'll find that much of what you're told isn't true.
For example, we were told that memory cards are carefully guarded in King County, that no one could swap a card. But then we visited during election preparation and found significant problems:
http://www.bbvforums.org/forums/messages/1954/10609.html
And we took a videotape on election night:
http://www.bbvforums.org/forums/messages/2197/14299.html
Very little of the claims to secure memory card chain of custody was true.
That's why we are recommending citizen involvement to protect election 2006, and here are tips and instructions for that:
How to get public records: http://www.bbvforums.org/forums/messages/6/17096.html
What public records to ask for (January):
http://www.bbvforums.org/forums/messages/6/17097.html
How to get it on video: http://www.bbvforums.org/forums/messages/6/15733.html
What to videotape this month, Jan. 2006: http://www.bbvforums.org/forums/messages/6/17099.html
Spread the word. PERMISSION TO REPRINT (OR EXCERPT) THIS POST GRANTED, WITH LINK TO http://www.blackboxvoting.org
* * * * * *
* * * * * *
* * * * * *
* * * * * *
TRIPLE PROTECTION FOR ELECTION 2006 - STARTING NOW:
(1) All American Paper Chase
(2) Dumpster Diving for Democracy
(3) Candid America Project
HOW TO DO IT: http://www.bbvforums.org/forums/messages/6/6.html
|
Jim March
Frequent Voting Rights Forum Participant
Username: Jimmarch
Post Number: 102
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, January 24, 2006 - 1:01 am: |
|
Possibly the single easiest "hack" involves the absentee ballot processing system on the Diebold side. See also my recent post here:
http://www.bbvforums.org/forums/messages/73/17248.html?1138090598
What it adds up to is this: the "Chuck Herrin" hack (originally documented by our own Bev Harris) will work perfectly with no extra audit trail method available to catch it, on the standard Diebold "low speed" absentee optical scan system.
I doubt there's an easier hack available anywhere, on any system.
Jim
* * * * * *
* * * * * *
* * * * * *
* * * * * *
TRIPLE PROTECTION FOR ELECTION 2006 - STARTING NOW:
(1) Use Freedom of Information, public records requests ("All American Paper Chase")
(2) Try Dumpster Diving for Democracy
(3) Candid America Project - Don't leave home without your camcorder
HOW TO DO IT: http://www.bbvforums.org/forums/messages/6/6.html
|
|
|
