Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Princeton Research Group Demonstrates Vote-Stealing and Virus Attacks on D

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
This topic is archived.
Home » Discuss » Archives » General Discussion (01/01/06 through 01/22/2007) Donate to DU
 
helderheid Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 02:19 PM
Original message
Princeton Research Group Demonstrates Vote-Stealing and Virus Attacks on D
Princeton Research Group Demonstrates Vote-Stealing and Virus Attacks on DESI's AccuVote-TS


Ari Feldman, Alex Halderman and Ed Felten of Princeton's Center for IT Policy have released a paper and video that demonstrates a series of serious attacks against the DESI AccuVote-TS (used statewide in Maryland and Georgia). They were able to, with one-minute of physical access to this machine, inject "vote stealing" code that would completely erase all evidence of its presence after an election. They were also able to "infect" memory cards such that the malicious program could be distributed to a wide population of machines (given enough time).


Security Analysis of the Diebold AccuVote-TS Voting Machine http://itpolicy.princeton.edu/voting/
Executive Summary:

The Diebold AccuVote-TS and its newer relative the AccuVote-TSx are together the most widely deployed electronic voting platform in the United States <8>. In the November 2006 general election,
The Diebold AccuVote-TS voting machine in our lab these machines are scheduled to be used
in 357 counties representing nearly 10%
of registered voters.

This paper reports on our study of an AccuVote-TS, which we obtained from a private party. We analyzed the machine's hardware and software, performed experiments on it, and considered whether real election practices would leave it suitably secure. We found that the machine is vulnerable to a number of extremely serious attacks that undermine the accuracy and credibility of the vote counts it produces.

Computer scientists have generally been skeptical of voting systems of this type, Direct Recording Electronic (DRE), which are essentially general-purpose computers running specialized election software. Experience with computer systems of all kinds shows that it is exceedingly difficult to ensure the reliability and security of complex software or to detect and diagnose problems when they do occur. Yet DREs rely fundamentally on the correct and secure operation of complex software programs. Simply put, many computer scientists doubt that paperless DREs can be made reliable and secure, and they expect that any failures of such systems would likely go undetected.

Previous security studies of DREs affirm this skepticism, but to our knowledge ours is the first public study encompassing the hardware and software of a widely used DRE. The famous paper by Kohno, Stubblefield, Rubin, and Wallach studied a leaked version of the source code for parts of the Diebold AccuVote-TS software and found many design errors and vulnerabilities, which are generally confirmed by our study. Our study extends theirs by including the machine's hardware and operational details, by finding and describing several new and serious vulnerabilities, and by building working demonstrations of several security attacks.

Main Findings The main findings of our study are:

1. Malicious software running on a single voting machine can steal votes with little if any risk of detection. The malicious software can modify all of the records, audit logs, and counters kept by the voting machine, so that even careful forensic examination of these records will find nothing amiss. We have constructed demonstration software that carries out this vote-stealing attack.

2. Anyone who has physical access to a voting machine, or to a memory card that will later be inserted into a machine, can install said malicious software using a simple method that takes as little as one minute. In practice, poll workers and others often have unsupervised access to the machines.

3. AccuVote-TS machines are susceptible to voting-machine viruses — computer viruses that can spread malicious software automatically and invisibly from machine to machine during normal pre- and post-election activity. We have constructed a demonstration virus that spreads in this way, installing our demonstration vote-stealing program on every machine it infects.

4. While some of these problems can be eliminated by improving Diebold's software, others cannot be remedied without replacing the machines' hardware. Changes to election procedures would also be required to ensure security.


The details of our analysis appear in the full version of this paper .

http://itpolicy.princeton.edu/voting/ts-paper.pdf
Security Analysis of the Diebold AccuVote-TS Voting Machine http://itpolicy.princeton.edu/voting/
Printer Friendly | Permalink |  | Top
TexasLawyer Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 02:44 PM
Response to Original message
1. kick n/t
Printer Friendly | Permalink |  | Top
 
helderheid Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 02:56 PM
Response to Reply #1
2. thank you!
Printer Friendly | Permalink |  | Top
 
KoKo Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 02:57 PM
Response to Original message
3. This is out new today? n/t
Printer Friendly | Permalink |  | Top
 
helderheid Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 03:07 PM
Response to Reply #3
5. I got an email about it today
:shrug:
Printer Friendly | Permalink |  | Top
 
KoKo Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 03:10 PM
Response to Reply #5
7. Great...Thanks! I'll check it out in PDF...
:hi:
Printer Friendly | Permalink |  | Top
 
Nikki Stone 1 Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 03:00 PM
Response to Original message
4. K & R
:kick:
Printer Friendly | Permalink |  | Top
 
Chimichurri Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 03:08 PM
Response to Original message
6. Wow. Just wow.
Printer Friendly | Permalink |  | Top
 
blm Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 03:11 PM
Response to Original message
8. This is SO IMPORTANT, yet left bloggers leave it alone for the most part.
Why?

It's not like they don't see this work - too many won't ACKNOWLEDGE it. It's important for those paying the bills for it to look like the Democrats really lost on the issues in 2000, 2002, and 2004.
Printer Friendly | Permalink |  | Top
 
glitch Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 04:07 PM
Response to Reply #8
11. Not just left bloggers. So called left journalists leave it alone mostly
too. It cannot be that dealing with tech issues is too complex for these people. And why, from all the election fraud investigators, is Bev Harris the one interviewed by MSNBC? It cannot be that she is the only one they are aware of, can it?
Because if so there is no excuse for their ignorance.
Printer Friendly | Permalink |  | Top
 
Leopolds Ghost Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 08:07 PM
Response to Reply #11
23. Could Bev Harris be a Trojan Horse designed to discredit BBV? n/t
Printer Friendly | Permalink |  | Top
 
blm Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 10:18 PM
Response to Reply #23
25. or just a bright but unstable personality?
I am not sure we really have that answer yet.
Printer Friendly | Permalink |  | Top
 
helderheid Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 04:49 PM
Response to Reply #8
14. This is THE issue.
Printer Friendly | Permalink |  | Top
 
blm Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 05:52 PM
Response to Reply #14
17. I thank you for your vigilance.
I put up your post in other forums.
Printer Friendly | Permalink |  | Top
 
BlueEyedSon Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 03:15 PM
Response to Original message
9. Dupe
Printer Friendly | Permalink |  | Top
 
electropop Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 03:42 PM
Response to Original message
10. I hope somebody reads this.
Somebody who can DO SOMETHING about it. We are so screwed.
Printer Friendly | Permalink |  | Top
 
glitch Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 04:07 PM
Response to Original message
12. K & R nt
Printer Friendly | Permalink |  | Top
 
mnhtnbb Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 04:17 PM
Response to Original message
13. Gee, what a surprise.
Printer Friendly | Permalink |  | Top
 
KoKo Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 05:14 PM
Response to Original message
15. From Princeton .....no less.....that "kinda conservative bastion."
I lived there...and it's conservative and Paul Krugman (the token liberal) is a trooper for existing in that environment.

So...it's good that Princeton Computer Experts come out...(a little late) and maybe TOO LATE...and maybe they are "TOO LATE" because the Conservatives know how to discourage voter turnout...but it's more evidence for 2008 even though it might have been honest research misused by Rove to dampen the vote for '06.

One always has to question everything these days. I wish we didn't but if it's good/honest research it will STAND and give us TIME for 2008 to shove the DRE's into the Garbage Pile where they belong.

PAPER BALLOTS! PENCIL AND PEN...AND if Volunteers for COUNTS aren't possible then PAY THEM!!! It's WORTH IT! So little money to elections and SO MUCH FOR WAR...ENDLESS WAR!
Printer Friendly | Permalink |  | Top
 
helderheid Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 05:17 PM
Response to Reply #15
16. Kick
Printer Friendly | Permalink |  | Top
 
Patsy Stone Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 07:03 PM
Response to Original message
18. Thanks for the great threads!
If it's up to us to spread this news, then it's up to us.

Printer Friendly | Permalink |  | Top
 
Lars39 Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 07:07 PM
Response to Original message
19. It doesn't get much more important than this. K&R
Send it to everyone you can think of, elected or not.
Printer Friendly | Permalink |  | Top
 
kpete Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 07:13 PM
Response to Original message
20. Amazingly Good Stuff On Elections Today!!!
Yoo hooooo!!!!
Printer Friendly | Permalink |  | Top
 
Karenina Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 07:16 PM
Response to Original message
21. Well, DUH!
Any 12 year-old on a MS platform TEN YEARS AGO could have told ANYONE, "Ummm, there ARE some problems." But somehow the installation of these machines progressed unimpeded. :eyes:
Printer Friendly | Permalink |  | Top
 
BeFree Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 07:55 PM
Response to Original message
22. No way
Diebold is a fine upstanding republican company that would never make a machine that could be so easily messed with.

Why?

Because with such a machine entire elections could be corrupted and the republicans would never let that happen.

It must be a bunch of acid-head computer wacks that jimmied this machine. A bunch of acid-headed democRAT computer nerds who just want to make our glorious leader look as bad as he really is.

Ignore this story. It's times like these that people should take care of what they do or say.
Printer Friendly | Permalink |  | Top
 
blm Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 10:12 PM
Response to Reply #22
24. Not to mention, Rev Rod Parsley blesses every machine with miracle water
before it is shipped.
Printer Friendly | Permalink |  | Top
 
Lydia Leftcoast Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Sep-13-06 10:24 PM
Response to Original message
26. As one who once years ago had an ATM fail to record a deposit,
even though it issued me a receipt, I don't trust any form of electronic voting. (I didn't find out about the problem until I started bouncing checks all over town. Fortunately, I had kept the receipt.)

I have had one computer science course, and that was 25 years ago. Even so, I can think up two algorithms for vote stealing that don't depend on inflating the number of voters.

1. Decide what margin of victory you want, based on the polls.
Depending on what you decide, every nth vote cast for candidate A goes to candidate B

2. Tally all votes as cast.
If A is greater than B, then give (A-B) +n to B.
Print
Printer Friendly | Permalink |  | Top
 
Kablooie Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Sep-14-06 10:40 AM
Response to Original message
27. This is a GREAT money making opportunity!
Edited on Thu Sep-14-06 10:41 AM by Kablooie
Someone should burn a bunch of cards.
Some let Dems win and some let Repubs win.

Then go on Craigslist and sell them to whoever wants their party to win!

Wonderful fun!


Printer Friendly | Permalink |  | Top
 
mhatrw Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Sep-14-06 03:20 PM
Response to Original message
28. Our whole electoral system is now infected! n/t
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view 
this author's profile Click to add 
this author to your buddy list Click to add 
this author to your Ignore list Thu Dec 26th 2024, 11:25 AM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Archives » General Discussion (01/01/06 through 01/22/2007) Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators


Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC