Posted on 08/03/2007 7:44:54 AM PDT by upchuck
Diebold Election Systems Inc. voting machines are not secure enough to guarantee a trustworthy election, and an attacker with access to a single machine could disrupt or change the outcome of an election using viruses, according to a review of Diebold's source code.
"The software contains serious design flaws that have led directly to specific vulnerabilities that attackers could exploit to affect election outcomes," read the University of California at Berkeley report, commissioned by the California Secretary of State as part of a two-month "top-to-bottom" review of electronic voting systems certified for use in California.
The assessment of Diebold's source code revealed an attacker needs only limited access to compromise an election.
"An attack could plausibly be accomplished by a single skilled individual with temporary access to a single voting machine. The damage could be extensive -- malicious code could spread to every voting machine in polling places and to county election servers," it said.
The source-code review identified four main weaknesses in Diebold's software, including: vulnerabilities that allow an attacker to install malware on the machines, a failure to guarantee the secrecy of ballots, a lack of controls to prevent election workers from tampering with ballots and results, and susceptibility to viruses that could allow attackers to an influence an election.
"A virus could allow an attacker who only had access to a few machines or memory cards, or possibly to only one, to spread malicious software to most, if not all, of a county's voting machines," the report said. "Thus, large-scale election fraud in the Diebold system does not necessarily require physical access to a large number of voting machines."
The report warned that a paper trail of votes cast is not sufficient to guarantee the integrity of an election using the machines. "Malicious code might be able to subtly influence close elections, and it could disrupt elections by causing widespread equipment failure on election day," it said.
The source-code review went on to warn that commercial antivirus scanners do not offer adequate protection for the voting machines. "They are not designed to detect virally propagating malicious code that targets voting equipment and voting software," it said.
In conclusion, the report said Diebold's voting machines had not been designed with security as a priority. "For this reason, the safest way to repair the Diebold system is to reengineer it so that it is secure by design," it said.
Actually, this is not new news. Bev Harris wrote about the poor security of Diebold voting machines in July, 2003. Here's a link.
And I did not make up the reporter’s name :)
Aren’t these machines Stand Alone Units that are not on a Network?
Bev Harris wrote about the poor security of Diebold voting machines in July, 2003.
:::::
This has the Dems drooling all over themselves....that is not to say that Dems might CHEAT....HA!!!
America needs to return to the old days of paper ballots, and producing identification for checking against voter registration rolls. They also need to return to a 30 day minimum cutoff date for registrations. Depending on computers for counting votes is only as good as the people who operate them, and they aren’t that bright.
They are standalone.
Re: producing identification for checking against voter registration rolls
This is pure common sense.
How is having the machine security codes and passwords "limited access?"
At least with regard to California, this is part of an orchestrated attack on Diebold because the Dimocrat lunatic fringe see them as the "culprits" who "stole the 04 election for John Kerry in Ohio."
Utter nonsense. As you said, it’s just an attack on Diebold. Liberals are getting caught cheating and it’s put a burr in their saddles. Yet MORE liberal projection.
I spent 90 minutes watching a live demo last week at the Texas Secretary of State - County Clerk/Elections Administrators conference. Awesome machine, and the testimonials from the users was fantastic. One told of an election tie, that the candidates demanded a re-count, and hand count showed a tie. Another showed a 3 vote win for candidate A, and after a hand re-count, same result.
No they don’t. We had these wonderful machines for two decades, where you could start off by pressing the straight ticket button, and it would highlight all candidates from that party, and then, where you wanted to differ from the straight line ballot, you just pressed the button for the individual candidate.
Because of our worthless secretary of state, the entire state was forced to adopt a optical scan system, in the name of a paper trail, and well, there is no modified straight option on a paper ballot. If you don’t want to vote a straight ballot you have to fill out each office choice individually. What used to take 1 minute took me 5 minutes last year. If you want a paper trail, fine, but find a way to make it convenient, none of this having to fill out a form crap.
This study is just icing on the cake. Professor Ed Felton prooved Diebold machines sucked years ago. It's not that there were security holes -- all software has that -- but it was designed with either an infantile understanding of, or blatant disregard for, security. My prime example is being able to use a standard office file cabinet key to open them up.
We need to get rid of straight ballots anyway. They serve to entrench the two powerful parties and make it too easy for people to vote without researching the actual candidates.
Like mindlessly selecting the name next to the R or D solves that? LOL
These are stand-alone machines.
It was far easier to affect an election in the old days when you went into a booth with levers. The results could be altered as soon as the polls closed, since a person went to the back of the machine and hand-recorded the results -- or not.
Of course, this was before the lefty lunatics seized control of the dhimmicratic party.
Not to mention that Bev Harris is a nut case.
Some of these are problems that the vendors claimed to have fixed years ago. For example, Diebold claimed (p. 11) in 2003 that its use of hard-coded passwords was “resolved in subsequent versions of the software”. Yet the current version still uses at least two hard-coded passwords — one is “diebold” (report, p. 46) and another is the eight-byte sequence 1,2,3,4,5,6,7,8 (report, p. 45).I consider this my final, conclusive evidence that Diebold has zero actual regard for the security of its voting machines. No wonder they fought against having to disclose their code.
Actually, this is not new news.
Correct, here in Ohio we’ve know this for years.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.