Hack the vote: Cyber experts say ballot machines easy targets

From: foxnews.com,  by Malia Zimmerman,  on June 14, 2015,  see the article HERE. Emphasis is Garnet92’s

Sharon Franz, right, votes at one of five electronic voting machines, as over a 100 people stand in an two hour line to cast their ballots on the campus of Brigham Young University in Provo, Utah, Feb. 5, 2008. Five voting districts were combined into this one location with only five voting machines available for voting, causing a backlog. (AP Photo/George Frey)

The recent cyber theft of millions of personnel records from the federal government was sophisticated and potentially crippling, but hackers with just rudimentary skills could easily do even more damage by targeting voting machines, according to security experts.

Voter fraud is nearly as old as elections themselves, and different states and precincts use different voting systems and machines. But in many cases, even the electronic ballots could be manipulated remotely, according to a new report by the Commonwealth Security and Risk Management for the Virginia Information Technologies Agency. That report found that the AVS WINVote machines Virginia has used since 2002 have such flimsy security that an amateur hacker could change votes from outside a polling location.

“Our entire democracy depends on systems with minimal, easily bypassed security.”

– Cris Thomas, Tenable Network Security,

“This means anyone could have broken into the machines from the parking lot,” said Cris Thomas, a strategist with the Columbia, Md.-based Tenable Network Security, one of the nation’s leading cyber and enterprise security firms. “Our entire democracy depends on systems with minimal, easily bypassed security.” 

The report was commissioned after one precinct in Virginia reported “unusual activity with some of the devices used to capture votes,” during last November’s statewide elections.

“Security deficiencies were identified in multiple areas, including physical controls, network access, operating system controls, data protection, and the voting tally process,” the report found. “The combination of critical vulnerabilities in these areas, along with the ability to remotely modify votes discretely, is considered to present a significant risk. This heightened level of risk has led VITA security staff to conclude that malicious third party could be able to alter votes on these devices. These machines should not remain in service.”

Mississippi and Pennsylvania decertified the machines years ago, because they used an outdated version of Windows that had not been updated since 2004 and had default passwords that could allow for wifi access, Thomas noted.

The report is “very alarming,” said Hans von Spakovsky, manager of Election Law Reform Initiative and senior legal fellow for The Heritage Foundation, noting while there is no evidence that a Virginia election was compromised because of these security vulnerabilities in the WINVote machines, but there is no way to really know.

“Anyone who thinks that there are not folks out there – from lone hackers to foreign governments – who are willing to exploit the security vulnerabilities of our election system is living in a fantasy world,” said von Spakovsky, who co-authored the book, “Who’s Counting? How Fraudsters and Bureaucrats Put Your Vote at Risk.”

Similar vulnerabilities have been previously discovered in machines from Diebold, Premier Elections Solutions, Sequoia, Hart, ES&S and others, Thomas said. FoxNews.com reported in 2011 about problems with Diebold Accuvote TS electronic voting machines.

The problems fall into two areas, Thomas said. Manufacturers are not sufficiently testing systems before selling them to municipalities, often using off-the-shelf hardware and software with minimal security; and local government certification agencies seldom have the time, resources or knowledge to properly test machines for vulnerabilities and often just accept the manufacturer’s claims for security.

The National Institute of Standards and Technology and the Election Assistance Commission has a program to help municipalities certify election machines, but, Thomas noted, participation in the program is voluntary.

Reports in Virginia and other states over the past few years about the low quality of the software and hardware used in electronic voting machines, make it even more important that the standards for such machines be upgraded, said vonSpakovsky.

John Fund, co-author of two books on voter fraud, agreed.

“We trust ATM’s with our money, but companies spend a lot on the technology to make them reliable,” said Fund, who details many election vulnerabilities in his book, “Who’s Counting? How Fraudsters and Bureaucrats Put Your Vote at Risk.” “We spend a tenth of the cost of an ATM on our voting machines even though they carry the currency of our democracy. We need to spend more on them to increase public confidence in their results.”

Many critics to call for voting machines to have a voter-verified paper audit trail to allow the voter to verify that the vote that was cast was in fact the vote they placed, however, Thomas noted while they do offer one more layer and allow for an audit trail, VVPATs are not a foolproof solution, they do increase costs, and can be difficult to install and manage.

A “better alternative”, von Spakovsky said, is the opti scan ballot, which counts votes at the speed of a computer scanner, while keeping original paper ballots so any question over the software or other issues can easily be resolved. 

Evidence that the interest in tampering with U.S. elections could extend beyond our shores came recently when the federal government declassified dozens of books found in Usama bin Laden’s Pakistan compound during the May 2, 2011 raid in which the terror kingpin was killed by Navy SEALs.

Among the titles was “Black Box Voting: Ballot Tampering in the 21st Century,” by Bev Harris.

~~~~~~~~~~

I know that it sounds simplistic, but why couldn’t a hybrid system use a simple touch-screen voting mechanism (like we’re using now), but instead of accumulating the vote(s) internally on a memory chip, actually print a ballot with mark-sensing votes printed on it. The voter could visually verify that his/her votes are correctly assigned to the candidates as shown on the ballot and then drop the ballot into a locked collection box. The ballots would later be machine scanned and votes accumulated. This also provides a recount ability if necessary by re-scanning the ballots in question. It’s just a hybrid between an old pencil-marked paper ballot and today’s easy-to-use touch screen entry system. 

After voting, when the voter visually scans the printed ballot to verify his/her vote, if he/she sees anything incorrectly recorded, he/she simply drops the ballot into a shredder (and actually sees it destroyed), and he/she votes again, receiving another (corrected) printed ballot. The corrected ballot is then dropped into the location’s collection box.

When the polls close, the number of physical paper ballots must correspond with the records maintained by the polling officials. Then the ballots can be scanned locally or collected for scanning by a centralized office.

Additional ballots can’t be introduced (a la Al Franken) since a newly inflated count wouldn’t agree with the polling place’s register (complete with voter’s signatures). One problem could exist with the printers in the voting machines not producing scan-able documents (not dark enough, etc.) – that could be remedied by incorporating a scanner in the vote collection box to verify each ballot as being scan-able as it is collected – that method could also show a running count for that polling location that must reconcile with the location’s voter register. Might not hurt to include a GPS tracking chip in the collection box either.

Just a thought. There was always an advantage in paper ballots – for instance, the ability to do a real recount and for the voter to see the votes as cast. Another advantage was that votes couldn’t be changed by someone sitting in a car in the parking lot.

Garnet92

 

 

Tagged . Bookmark the permalink.

12 Responses to Hack the vote: Cyber experts say ballot machines easy targets

  1. Hardnox says:

    Good post. We’ve talked about this topic many many times. It seems inconceivable in this day and age that our votes can be manipulated. In fact it is easier than ever as your post points out.

    A friend of mine is employed with a lottery security firm that maintains the software security of several state lotteries. His firm also had the task of checking voting machine integrity. He explained that a simple handheld flip phone has more security than our voting machines. In other words our voting machines have no security at all.

    Advocates of voting machines tout the fact that individual voting machines are not linked to the net and therefore cannot be hacked. True… but their collection systems are linked.

    Further, software can be written and introduced into voting machines that will produce a preselected outcome then once downloaded scrub it, rewrite the machine’s software, and reset the machine making it impossible to see the phantom software.

    I have never trusted the electronic machines. I always ask for a paper ballot which I believe must be available to voters in most states. Most people don’t know to ask for them.

    I agree, paper ballots or a paper record is the only way to go. It’s crazy that this is even a topic today.

    • Garnet92 says:

      Thanks ‘Nox, I know that we’re both very aware of the antics of our political opposition and the lengths to which they’ll go to win elections. That’s what worries me. To many voters just don’t seem to care enough to make their voices heard. The voting process in our United States is under attack and if we don’t recognize that, we’re doomed to lose.

      With the recent exposure of hacks of top government computing systems, how can a citizen be confident that his/her vote is actually counted correctly? To those of us who are concerned about integrity in the voting process, the answer is easy; we CAN’T.

      It’s simply too easy for unscrupulous agents to “adjust” the vote counts to award the outcome to whoever is the highest bidder. Democrats are known to stop at nothing to win an election – and that includes fraudulent voting, multiple voting, dead people and felons voting and stuffing the ballot box. Why would anyone think that they’d stop at hacking an electronic voting system?

      Consider this: say that Harry the Hacker secretly made known to Hillary’s inner circle that he had a foolproof and “undetectable” method of “adjusting” the vote totals in selected battleground states. Do you think that Hillary would refuse to avail herself of that opportunity? Do you think that Hillary’s character and honesty would preclude her signing onto such an undertaking?

      Let’s face it, if you believe as I do, that Hillary would STOP AT NOTHING to win the presidency, you’d better be prepared to FIGHT for the integrity of the voting process – ’cause it is under attack.

      For new readers who aren’t aware of all of the ways that our votes can be manipulated, I wrote a two-part series on voter fraud in January of 2014. You can read them here:
      Part One, and Part Two of “Can Voter Fraud Cancel Your Vote?”

      • Uriel says:

        Hasn’t it already been proven since the Obunski had voter fraud in his pocket?

        • Garnet92 says:

          Unfortunately, there have been few convictions of people who’ve been involved in voter fraud. There have been MANY cases of suspected fraud, but somehow, it’s always been swept under the rug and seldom results in conviction. We have a lot of evidence of probable vote manipulation – like when more votes are recorded than registered voters in a precinct. Absentee ballots and military votes are also two of the most obvious areas of fraud.

        • upaces88 says:

          Voting machines hacked; can a paper trail stop election fraud?

  2. Kathy says:

    Not only affected by hackers in the parking lot, but by the very guys that manufacture them. I remember reading a story, after the 2012 elections, where a guy in the business was bought off to rig some machines before they were distributed. He programmed some of them so that it changed the voters’ choices behind the scenes.

    A guy with money problems can change the outcome for thousands of votes cast.

    • Garnet92 says:

      Right Kathy, and the really disturbing thing about some of the programming code that was introduced is that it was designed to delete the “foreign” code after the deed was done, thereby erasing the tracks (evidence) that the results had been changed.

      A rhetorical question: How many qualified programmers might have the expertise and the opportunity to execute such a plan if enough money is waved at them?

  3. Uriel says:

    Sounds to me like we need to go back to paper ballots

    • Garnet92 says:

      I believe we do Uriel. It’s a shame that some of us can’t be trusted to rely on an accurate vote to determine our representative government, they’ve got to “put their thumb on the scale” to influence the outcome.

      As someone who has spent his entire adult life designing, writing, and testing computer software, I understand how easy it is to make a change – have that change affect totals – and then have your code intentionally overwrite itself, leaving no tracks. Without help from someone on the “inside,” i.e., the programmer, it would be very difficult to identify and prove that it ever happened. As was stated in the piece, some equipment even allows access from a parking lot. Is this what we signed up for?

      We need REQUIRE a system that is easy-to-use, fast, cheap, and verifiable. And we need it NOW.

  4. Clyde says:

    Excellent post, and commentary, Garnet. With the left being responsible, in MOST cases for programming these things, I definitely see the connection. As Uriel said, time to BACK to paper ballots, ONLY on election day, unless you are in the military, or in the damn hospital. Early voting is a HUGE democrat scam.

    • Garnet92 says:

      I don’t disagree Clyde. I admit to being one who always votes early – to beat the crowd. But, I’d be willing to stand in line if I can be assured that my vote will be recorded accurately and for the candidate that I actually voted for. The trouble is, too many of “us” don’t really care enough to pressure our state’s election offices to acquire equipment that can’t be manipulated. And for the companies who provide the voting equipment to be held to account for ANY discrepancies in accumulating the true vote. And that means HEFTY penalties and jail time for the management.

  5. vonmesser says:

    I could hope someone OUTSIDE OF THE UNITED STATES AND NOT A US CITIZEN might hack the machines for the primary election and ensure that Joseph Stalin wins the Democrat nomination and Joshua Ben Joseph wins the Republican nomination.

    This would open up the whole electronic voting for the fraud that it is.