New, First-of-Its Kind, University Study Reveals Malicious Code Can Be Easily Inserted into Voting Machine, Spread from One System to the Next, Resulting in Flipped Votes, and Stolen Elections…All Without a Trace Being Left Behind
Study Also Confirms that Voter Access Cards Can Be Created At Home to Defeat Security Protocols, Allowing Voters to Vote Multiple Times in a Single Election!
By Brad Friedman on 9/13/2006, 4:43pm PT  

-- Brad Friedman, EXCLUSIVE
-- (Salon.com has posted a shortened version of the following report right here:
"Hack the vote? No problem")

A vote for George Washington could easily be converted to a vote for Benedict Arnold on an electronic voting machine and neither the voter, nor the election officials administering the election would ever know what happened. It wouldn't require a "conspiracy theory" or a "conspiracy" at all. It could be done by a single person with just a few moments of access to the voting systems.

Those new findings are detailed, and illustrated on video-tape, in a new first-of-its-kind study released today by computer scientists and security experts at Princeton University's Center for Information Technology Policy.

(The version of the video demo at the Princeton website is being hit hard, and thus, slow to download and view currently. We've got a quick flash version available here for your convenience, courtesy of David Edwards.)

The scientific study has revealed, for the first time, that a computer virus can be easily implanted on an electronic voting machine which could, in turn, result in votes flipped for opposing candidates. The virus, as well, could be written to then spread itself from one machine to the next resulting in a stolen election. The malfeasance would likely never be discovered, the scientists have said.

Though the concept of stolen votes via electronic voting systems has been widely regarded as theoretically possible by experts up until now, a top-secret four-month long hands-on study of an actual touch-screen voting system, by the scientists at Princeton, has confirmed the worst nightmares of elections officials and American voters…not to mention a voting machine company known as Diebold.

The BRAD BLOG has had exclusive access to the scientists and information being tested as the team's various hack attempts have been designed and carried out over the course of the study.

Working directly with a Diebold AccuVote TS touch-screen voting system, the computer scientists have been able to implant a nearly-undetectable virus onto a touch-screen voting system, managing to successfully alter a voter's ballot --- after it's already been confirmed and cast --- in order to flip the vote so that it is recorded for a candidate other than the one the voter had intended.

According to the study's team leader, Edward W. Felten, a professor at Princeton's Department of Computer Science, the report confirms – and records in a video-taped demonstration – that such a malicious virus could be easily inserted onto a Diebold touch-screen voting system by a single individual "with just one or two minutes of unsupervised access to either the voting machine or the memory card" used with the system to store ballot definitions and vote tabulations.

The virus, as programmed by the Princeton team, could then spread from one voting system to the next depending on the way the machine in use is configured, or the way in which votes are tabulated in any particular jurisdication.

...NO 'CONSPIRACY' NECESSARY...

"We've demonstrated that malicious code can spread like a virus from one voting machine to another," said Felten in an exclusive interview, "which means that a bad guy who can get access to a few machines --- or only one --- can infect one machine, which could infect another, stealing a few votes on each in order to steal an entire election."

The question of such unsupervised access to voting systems has been widely debated since access was quickly granted by an election official in Emery County, Utah to a Diebold touch-screen system last March. When the information revealed by that brief investigation [PDF] was made public just days prior to this year's primary election in Pennsylvania, elections officials were sent scrambling for last minute security mitigation procedures.

The Emery County report, arranged by election watchdog organization BlackBoxVoting.org and carried out by computer scientist Harri Hursti and the firm Security Innovation, revealed that a "feature" built into Diebold's touch-screen system could allow a malicious individual to completely overwrite the election software, operating system and computer firmware with just a minute or two of unsupervised access to the machines – no password necessary.

...NO LONGER JUST A 'THEORY'...

What sort of danger could be caused by that access, however, has been hotly debated --- and largely speculative --- until the revelations of the Princeton report which detail exactly how the system might be compromised by viral computer code which could change vote tabulation, replicate itself across the entire system and hide its own tracks after the election.

After news of the Emery County study was released, dozens of scientists, including Carnegie Mellon computer scientist, professor Michael I. Shamos – an examiner of electronic voting systems for the commonwealth of Pennsylvania – described the newly discovered vulnerability as "The most severe security flaw ever discovered in a voting system." The discovery sent elections officials in states across the country scrambling for temporary emergency security mitigation procedures prior to upcoming primary elections.

The debate about security for the systems grew even louder when, in California's June election (and since then other states as well) those hastily enacted security procedures were largely ignored by the administrators of the election. Diebold voting machines were sent home unsupervised overnight with poll workers in the days and weeks, prior to the election by San Diego County's Registrar of Voters.

The security breaches in the so-called voting machine "sleepovers" in San Diego County led to a contest of the U.S. House Special Election held that day between Francine Busby and Brian Bilbray to replace jailed congressman Randy "Duke" Cunningham in California's 50th congressional district. The legal suit, brought to contest the reported results of the election, charged that the unrestricted access to the machines by poll workers compromised the election in addition to violating both state and federal law.

David Jefferson, a lead voting systems technology advisor for the California Secretary of State and a computer scientist at Livermore National Laboratory told The PBS News Hour just after California's primary election, that "You can affect multiple machines from a single attack, that's what makes it so dangerous." He was right.

At the time, Jefferson was speaking in the wake of the Emery County investigation. Jefferson's comments were largely theoretical back then, though shared by the bulk of the country's election systems experts. The theory, however, had never actually proven and carried out on an actual machine. The Princeton study puts an end to such speculation, showing conclusively for the first time how a single malicious person could insert a virus into a single machine which could both flip votes and then be passed from machine to machine.

"We've also found how malicious code could also modify its own tracks [afterwards] and remain virtually undetectable by elections officials," says Felten. "It wouldn't be found in the standard tests performed either before or after an election."

The Princeton study is the first such extensive, independent, publicly-released investigation of the hardware, software, and firmware of a Diebold AccuVote DRE (Direct Recording Electronic) system of the type used in Maryland, Florida, Georgia and many other states. In all, such touch-screen voting systems made by Diebold, will be in use in nearly 40 states across the country this November.

The study, which also reveals a number of other troubling vulnerabilities – including the confirmation that voter access cards used on Diebold systems may be created inexpensively on a personal laptop computer, allowing a voter to vote as many times as they wish – was released this morning in full on Princeton University's website along with video demonstrations of some of the most disturbing revelations of the report.

Though all electronic voting systems currently in use in the United States employ similar secret software to count the votes in America's public elections, Diebold Inc., of North Canton, Ohio, has long been the target of election integrity advocates since its former CEO had promised in a fundraising letter to Republican supporters that he was committed "to helping Ohio deliver its electoral votes" to George W. Bush prior to the 2004 election.

A number of reports over the last several months on various aspects of the Diebold voting system have revealed startling vulnerabilities to hacking along with failures to record election results accurately. Those reports have sent federal, state and county elections officials scrambling to either deny the magnitude of the problem, or develop last minute security mitigation procedures prior to this November's mid-term election.

While previous reports have examined a limited set of vulnerabilities, this is the first such study – conducted under extraordinary security measures --- to look at the entire system as a whole over an extended period.

"These are, by far, the most serious electronic vulnerabilities that have been published to date," explained Felten. "It's far more serious than even the very serious vulnerabilities that have been published" in previous studies and reports.

...IT TAKES A THIEF...

After previous studies, both Diebold officials as well as some elections officials have downplayed the significance of the type of security vulnerabilities revealed today by Princeton, claiming that normal security procedures should sufficiently ward off any such malicious attack. Though the recent examples of security breaches in the contested Busby/Bilbray race, and primary elections elsewhere this year, demonstrate that officials have little basis for such confidence.

They certainly have no scientific evidence to back up their claims that all is well.
When San Diego County Registrar of Voters Mikel Haas was asked about the security breaches in the Busby/Bilbray election and whether they might have put the election at risk, he downplayed the dangers.

Though he admitted such hacks were possible during the voting machine "sleepovers" that he allowed, he told The BRAD BLOG during an interview just after the election that he felt it "highly improbable" that anyone would do anything untoward in such a situation.

"You'd have to want to commit a felony, which knocks out most of our poll workers," Haas explained.

"I'm sure they could stick something in the system…Whether it's detectable or not, I'm pretty sure that it is. But again, you're tampering with election equipment, so it seems unlikely."

Such wishful thinking has similarly long been shared by Diebold in public statements.

Diebold spokesman, David Bear did not immediately return our call for comment, but he has, in the recent past, denied that such security concerns are notable.

"[Our critics are] throwing out a 'what if' that's premised on a basis of an evil, nefarious person breaking the law," Bear told NEWSWEEK after the march Emery County study. "For there to be a problem here," he explained to the New York Times, "you're basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software…I don't believe these evil elections people exist."

Unfortunately, such "evil elections people" do exist. During a radio interview I conducted with Monterey County, California Registrar of Voters Tony Anchundo prior to the November 2005 election, the 13-year election official explained, when asked which results would be official in the event that their new voting machine "paper trails" didn't match up with the machine-reported totals that, "There is obviously going to have to be some trust and faith in the elections official, or in this case, it's me."

Several months later Anchundo was charged with 43 criminal counts including charges of forgery, misapplication of funds, embezzlement, falsification of accounts and grand theft to the tune of $70,000 charged on county credit cards.

Add that misplaced "trust and faith in elections officials" to the many other cases of felony indictments for elections officials including three recently in Ohio where Cuyahoga County election workers were found to have gamed the Green and Libertarian party sponsored 2004 Presidential recount in the crucial Buckeye State.

And add to that a recent report [PDF] from the U.S. Dept. of Defense which, as Congressman Rush Holt (D-NJ) pointed out in a speech last month, "noted that a total of 1,213 public officials had been federally charged with corruption in 2004, that 1,020 of them had been convicted of corruption, and that 419 cases remained pending."

...DIEB-THROAT SAYS: 'WE PUT OUT JUNK'...

Electronic voting systems such as those made by Diebold and a hand-full of other private corporations now litter the electoral landscape across the nation as the Help America Vote Act (HAVA), passed by the U.S. Congress in 2002, kicks in in full for the first time as of this year. Major problems with the systems have been previously confirmed by independent scientists, revealing dozens of vulnerabilities and many problems and meltdowns have cropped up on the machines throughout the 2006 primary season, affecting elections in dozens of states.

Critics have charged that the systems, which are disallowed from full, independent testing and so-called "red team" hack attempts by computer security professionals at either the federal, state or county level, were rushed out by the companies in order to take advantage of the $3.8 billion in federal money made available by HAVA to encourage jurisdictions to "upgrade" their older voting systems in light of the 2000 election debacle in Florida. Ironically enough, it was a Diebold electronic system which reported some negative 16,000 votes in Volusia County, Florida on election night which then kicked off the eventual 36-day firefight surrounding the counting of the older punch-card systems in the Sunshine State back in 2000.

"We put junk out there when HAVA came out, and now they've gotten caught," explained one of the Diebold insiders who The BRAD BLOG has reported on for some time. The source --- code-named "DIEB-THROAT" due to their sensitive relationship with the company – said, "They hate this, they don't want publicity. They want to run this [their election division] like their banking side. Quietly. Hoping nobody will notice."

But Americans have noticed.

Computer scientists and security experts, as well as a vocal election integrity activist community, have been reporting on, and revealing vulnerabilities in systems made by Diebold as well as ES&S, Sequoia Voting systems and Hart InterCivic for some time. The mainstream media, however, as well as the political parties --- and certainly elections officials who have staked their reputations on the accuracy and security of such machines --- have been slow to catch up with the extraordinarily detailed and documented threats.

...ELECTIONS OFFICIALS STILL IN DENIAL (MOST OF THEM ANYWAY)...

Study after study has found scores, if not hundreds of vulnerabilities in such systems. The Princeton study radically ups the ante in its first-hand, explicit, before-your-very-eyes hack of one such system. Even while the issue has been largely ignored over the past several years by both the media and the political parties, many of those elections officials continue to publicly deny the concerns of scientists and activists in the face of what is now a towering mountain of evidence documenting the insecurity of these systems.

Deborah Hench, Registrar of Voters in San Joaquin County, California has gone on record denying the vulnerabilities and failures of the systems even after California conducted the largest mock-election test ever held in her own warehouse, on her own Diebold touch-screen voting systems. That test, conducted in July of 2005 found that the systems failed to operate properly nearly 30% of the time.

Later, after the California Secretary of State's office issued their own scientific study [PDF], conducted at UC Berkley and finding more than 16 new vulnerabilities, Hench was, remarkably enough, quoted telling a local San Joaquin paper; "The state tested this system seven ways to Sunday…They didn't find anything wrong."

Hench furthered the denial and public misinformation when she told the PBS News Hour that a virus hacked into a Diebold voting system by a single person simply couldn't work, because "You're going to have to break into my warehouse before we deploy. You're going to have to change 1,660 units." Neither of those requirements, we now learn, are necessary according to Princeton.

Once again, the latest study proves Hench, an election official who has succeeded in encouraging her county to allocate millions of dollars for these systems, is entirely wrong.

On the other hand, there are some elections officials, such as Leon County, Florida's Ion Sancho and Yolo County, California's Freddie Oakley who have been far more honest in their public comments.

Sancho, who was forced by the state of Florida to use Diebold voting machines even after he allowed computer hackers the opportunity to test – successfully – their theoretical hack, which flipped a mock election on an optical scan paper ballot system manufactured by Diebold told an election integrity gathering last May that the public should "Trust no one," when it comes to our electoral system. "If it can't be verified, it can't be used," he told the enthusiastic crowd.

Oakley was even more to the point in an email sent to The BRAD BLOG as the "sleepover" controversy erupted after the June elections in California: "If, as a practical matter," she wrote about the Diebold electronic voting machines used in the election, they "can't be secured, then perhaps they ought not be used at all. Period."

In the meantime, there is also a notable lack of computer scientists or security experts who are willing to declare the current systems being used across the nation are a secure way to carry out our precious democracy. In two-plus years that The BRAD BLOG has been reporting on these issues, we've yet to come across a single one who is willing to declare these systems are secure and ready for prime time voting.

The Diebold voting system obtained by Princeton for use in their investigation was obtained in cooperation with the election integrity umbrella group VelvetRevolution.us. As explained in their report, the machine was "obtained from a private party." The details of that acquisition, however, reveal even more damning information about the way in which Diebold rushed these systems to market. A full report on that background, including exclusive insider details obtained by The BRAD BLOG, will be forthcoming in the near future.

While virtually all of the systems manufactured by all of the major American voting machine companies currently set for use this November have been found to be vulnerable to hacking, tampering, inaccuracy and error, various elements of the Diebold voting systems have found their way into more independent hands-on investigations than any of the other companies' systems to date. As access is gained by private individuals to machines made by the other manufacturers, more vulnerabilities on those systems as well are likely to be revealed. A recent landmark report issued by NYU's Brennan Center for Justice detailed some 120 threats to e-voting security across all such systems. So the worst is likely still ahead.

But for now, Diebold once again finds itself in the cross-hairs of election integrity advocates and computer scientists.

Said Johns Hopkins computer scientist and elections-security expert, Aviel Rubin recently – one of the original voices to declare the dangers of Diebold's systems after he analyzed source code from their voting machines which was left, by the company, unsecured on a public Internet site --- "If Diebold had set out to build a system as insecure as they possibly could, this would be it."

===

Brad Friedman is an Investigative Journalist and Editor-in-Chief of the popular progressive website The BRAD BLOG (www.BradBlog.com) where he has broken enumerable stories related to election integrity issues and electronic voting machine meltdowns. He has appeared to discuss his reporting on ABC News, CNN, and CourtTV. He's a contributor at Huffington Post, and has written for Mother Jones, Hustler, Editor & Publisher, Columbus FreePress, TruthOut.org, Harvard's Neiman Foundation of Journalism and whoever else will have him. He is also the co-founder of VelvetRevolution.us, an umbrella organization of citizens groups taking on everything from Election Reform to Media Reform to the War in Iraq.

Share article...