From: foxnews.com, by Malia Zimmerman, on June 14, 2015, see the article HERE. Emphasis is Garnet92’s
The recent cyber theft of millions of personnel records from the federal government was sophisticated and potentially crippling, but hackers with just rudimentary skills could easily do even more damage by targeting voting machines, according to security experts.
Voter fraud is nearly as old as elections themselves, and different states and precincts use different voting systems and machines. But in many cases, even the electronic ballots could be manipulated remotely, according to a new report by the Commonwealth Security and Risk Management for the Virginia Information Technologies Agency. That report found that the AVS WINVote machines Virginia has used since 2002 have such flimsy security that an amateur hacker could change votes from outside a polling location.
“Our entire democracy depends on systems with minimal, easily bypassed security.”
– Cris Thomas, Tenable Network Security,
“This means anyone could have broken into the machines from the parking lot,” said Cris Thomas, a strategist with the Columbia, Md.-based Tenable Network Security, one of the nation’s leading cyber and enterprise security firms. “Our entire democracy depends on systems with minimal, easily bypassed security.”
The report was commissioned after one precinct in Virginia reported “unusual activity with some of the devices used to capture votes,” during last November’s statewide elections.
“Security deficiencies were identified in multiple areas, including physical controls, network access, operating system controls, data protection, and the voting tally process,” the report found. “The combination of critical vulnerabilities in these areas, along with the ability to remotely modify votes discretely, is considered to present a significant risk. This heightened level of risk has led VITA security staff to conclude that malicious third party could be able to alter votes on these devices. These machines should not remain in service.”
Mississippi and Pennsylvania decertified the machines years ago, because they used an outdated version of Windows that had not been updated since 2004 and had default passwords that could allow for wifi access, Thomas noted.
The report is “very alarming,” said Hans von Spakovsky, manager of Election Law Reform Initiative and senior legal fellow for The Heritage Foundation, noting while there is no evidence that a Virginia election was compromised because of these security vulnerabilities in the WINVote machines, but there is no way to really know.
“Anyone who thinks that there are not folks out there – from lone hackers to foreign governments – who are willing to exploit the security vulnerabilities of our election system is living in a fantasy world,” said von Spakovsky, who co-authored the book, “Who’s Counting? How Fraudsters and Bureaucrats Put Your Vote at Risk.”
Similar vulnerabilities have been previously discovered in machines from Diebold, Premier Elections Solutions, Sequoia, Hart, ES&S and others, Thomas said. FoxNews.com reported in 2011 about problems with Diebold Accuvote TS electronic voting machines.
The problems fall into two areas, Thomas said. Manufacturers are not sufficiently testing systems before selling them to municipalities, often using off-the-shelf hardware and software with minimal security; and local government certification agencies seldom have the time, resources or knowledge to properly test machines for vulnerabilities and often just accept the manufacturer’s claims for security.
The National Institute of Standards and Technology and the Election Assistance Commission has a program to help municipalities certify election machines, but, Thomas noted, participation in the program is voluntary.
Reports in Virginia and other states over the past few years about the low quality of the software and hardware used in electronic voting machines, make it even more important that the standards for such machines be upgraded, said vonSpakovsky.
John Fund, co-author of two books on voter fraud, agreed.
“We trust ATM’s with our money, but companies spend a lot on the technology to make them reliable,” said Fund, who details many election vulnerabilities in his book, “Who’s Counting? How Fraudsters and Bureaucrats Put Your Vote at Risk.” “We spend a tenth of the cost of an ATM on our voting machines even though they carry the currency of our democracy. We need to spend more on them to increase public confidence in their results.”
Many critics to call for voting machines to have a voter-verified paper audit trail to allow the voter to verify that the vote that was cast was in fact the vote they placed, however, Thomas noted while they do offer one more layer and allow for an audit trail, VVPATs are not a foolproof solution, they do increase costs, and can be difficult to install and manage.
A “better alternative”, von Spakovsky said, is the opti scan ballot, which counts votes at the speed of a computer scanner, while keeping original paper ballots so any question over the software or other issues can easily be resolved.
Evidence that the interest in tampering with U.S. elections could extend beyond our shores came recently when the federal government declassified dozens of books found in Usama bin Laden’s Pakistan compound during the May 2, 2011 raid in which the terror kingpin was killed by Navy SEALs.
Among the titles was “Black Box Voting: Ballot Tampering in the 21st Century,” by Bev Harris.
I know that it sounds simplistic, but why couldn’t a hybrid system use a simple touch-screen voting mechanism (like we’re using now), but instead of accumulating the vote(s) internally on a memory chip, actually print a ballot with mark-sensing votes printed on it. The voter could visually verify that his/her votes are correctly assigned to the candidates as shown on the ballot and then drop the ballot into a locked collection box. The ballots would later be machine scanned and votes accumulated. This also provides a recount ability if necessary by re-scanning the ballots in question. It’s just a hybrid between an old pencil-marked paper ballot and today’s easy-to-use touch screen entry system.
After voting, when the voter visually scans the printed ballot to verify his/her vote, if he/she sees anything incorrectly recorded, he/she simply drops the ballot into a shredder (and actually sees it destroyed), and he/she votes again, receiving another (corrected) printed ballot. The corrected ballot is then dropped into the location’s collection box.
When the polls close, the number of physical paper ballots must correspond with the records maintained by the polling officials. Then the ballots can be scanned locally or collected for scanning by a centralized office.
Additional ballots can’t be introduced (a la Al Franken) since a newly inflated count wouldn’t agree with the polling place’s register (complete with voter’s signatures). One problem could exist with the printers in the voting machines not producing scan-able documents (not dark enough, etc.) – that could be remedied by incorporating a scanner in the vote collection box to verify each ballot as being scan-able as it is collected – that method could also show a running count for that polling location that must reconcile with the location’s voter register. Might not hurt to include a GPS tracking chip in the collection box either.
Just a thought. There was always an advantage in paper ballots – for instance, the ability to do a real recount and for the voter to see the votes as cast. Another advantage was that votes couldn’t be changed by someone sitting in a car in the parking lot.