Tuesday, September 19, 2006

“How to Hack an Election in One Minute”

September 13: Princeton researchers release a study and video detailing their successful attempt to hack the widely-used Diebold AccuVote-TS electronic voting machine. (Oops.)

“The University's Center for Information Technology Policy (CITP) is not the first group to demonstrate the vulnerability of Diebold's machines,” says the article in MIT’s Technology Review. “BlackBoxVoting.org, Open Voting Foundation, and Johns Hopkins professor Avi Rubin have all published accounts of security compromises in Diebold products. BlackBoxVoting.org wrote about their successful guerrilla project to swap out a Diebold voting machine's memory card using $12 worth of tools in four minutes (the Princeton team says it can execute its hack in one minute).”

They had three main findings: “First, the CITP group discovered that not only could it install malicious code on the voting machine, but also that the code could easily be configured to ‘disappear’ once its work was done,” leaving no trace of tampering.

Second, it was easy to physically hack into the machine to get at the removable memory card that stores vote counts.

Third, "By planting a virus far enough in advance, [a hacker] can ensure that a significant number of machines can steal votes on election day" even if the criminal had access to only one voting machine.
(“Criminal”? That’s pretty harsh, isn’t it? They'd probably prefer the term, “political operative.”)

That’s the thing about relying on technological solutions – you can always flip a couple strategic bits and come up with an opposite effect ('"A Working Simple System').
'Security Analysis of the Diebold AccuVote-TS Voting Machine'
By Feldman, Halderman, and Felten of Princeton's CITP

Technology Review is owned by the Massachusetts Institute of Technology (MIT). “The oldest technology magazine in the world (est. 1899), Technology Review aims to promote the understanding of emerging technologies and to analyze their commercial, social, and political impacts.”

No comments: