This story has been percolating in the blogosphere for some time, but I’ve yet to report it here as I’ve been trying to look into it to make sure that it held up first.
It’s big. And now that The Washington Times(!) — the Bush Administration’s #1 mouthpiece in the print media, in other words, the Fox News of newspapers — has admitted and reported the problem via this breaking UPI report, I’m happy to take that as confirmation of the huge and hackable security hole smack dab in the middle of Diebold’s proprietary vote-counting software source code that those “reckless conspiracy-theorists (American citizens) in the blogosphere” have been reporting for some time!
…
Computer Science Professor Avi Rubin of John Hopkins University analyzed Diebold’s 47,609 lines of code and found it uses an encryption key that was hacked in 1997 and no longer is used in secure programs.
…
The Digital Encryption Standard 56-bit encryption key used can be unlocked by a key embedded in all the source code, meaning all Diebold machines would respond to the same key.
Rubin, his graduate students and a colleague from Rice University found other bugs, that the administrator’s PIN code was “1111” and that one programmer had inserted, “This is just a hack for now.”
The implication is that by hacking one machine you could have access to all Diebold machines.
The story also notes that “Diebold has said it repaired the security flaws in subsequent programs, but that the company has not produced the code for analysis.” In other words, they claim that they’ve fixed the software they said was secure in the first place, but wouldn’t allow anyone to verify it. The security hole was only discovered in the first place when BlackBoxVoting.org discovered thousands of Diebold’s “secret” source-code files sitting out in the open on a publically-accessable internet file-transfer site. Somehow or another, they are legally allowed to keep their source-code secret and unverified by any oversight committees!
I should also note that while the fact that their vote-counting software could be hacked, it doesn’t necessarily mean that it has been hacked. However, the disturbing admission now in the Mainstream Media — confirming what so many have been “running around with their hair on fire” warning people about for so long — that the private, Ohio-based corporation and huge Republican supporter Diebold, Inc. has created hackable software to manage the bulk of our country’s electoral system, and all without governmental and/or nonpartisan oversight is a startling milestone in this matter.
For data-heads interested in more of the actually geeky background details on this gaping, hackable, security hole in Diebold’s software, please see this discussion over at DailyKos where they’ve been reporting, discussing and examining it for some time.
This is now — officially — very major and very notable news!
(Thanks Desi for the tip on the UPI/Washington Times breaking news report on this!)
(Comments are now closed.)