Shedding Light in the Darkness
How Democracy is Hacked – Rigging Voting Machines
April 8, 2016Posted by on
Last summer Fox News reported on a study by the Commonwealth Security and Risk Management for the Virginia Information Technologies Agency. They found that the AVS WINVote machines Virginia has used since 2002 have such flimsy security that an amateur hacker could change votes from outside a polling location. “This means anyone could have broken into the machines from the parking lot,” said Cris Thomas, a strategist with the Columbia, Md.-based Tenable Network Security, one of the nation’s leading cyber and enterprise security firms. “Our entire democracy depends on systems with minimal, easily bypassed security.”
The report was commissioned after one precinct in Virginia reported “unusual activity with some of the devices used to capture votes,” during last November’s statewide elections. “Security deficiencies were identified in multiple areas, including physical controls, network access, operating system controls, data protection, and the voting tally process,” the report found. “The combination of critical vulnerabilities in these areas, along with the ability to remotely modify votes discretely, is considered to present a significant risk. This heightened level of risk has led VITA security staff to conclude that malicious third party could be able to alter votes on these devices. These machines should not remain in service.”
“Anyone who thinks that there are not folks out there – from lone hackers to foreign governments – who are willing to exploit the security vulnerabilities of our election system is living in a fantasy world,” said Hans von Spakovsky, who co-authored the book, “Who’s Counting? How Fraudsters and Bureaucrats Put Your Vote at Risk.”
Similar vulnerabilities have been previously discovered in machines from Diebold, Premier Elections Solutions, Sequoia, Hart, ES&S and others.
In 2012 Popular Science published an article “How I Hacked an Electronic Voting Machine.” The writer noted: “If we practiced a lot, or even better, if we got someone really good with his hands who practiced a lot for two weeks, we’re looking at 15 seconds to 60 seconds go execute these attacks. I’ve been to high school science fairs where the kids had more sophisticated microprocessor projects than the ones needed to rig these machines.”
Back in 2006, Gizmodo published “How to Steal an Election with a Diebold Machine.” “Some Princeton researchers made a demonstration video of how it’s possible to steal an election with a Diebold voting machine in under a minute. Anyone with physical access to the machine can put in malicious software to steal votes—such as election workers who have unsupervised access to the machines before elections. All they have to do is open up the machine with a key (or pick the lock), remove the old memory card, stick in your own memory card, boot the machine, and it automatically installs any software that was on the memory card.”
“Every piece of evidence of how the election actually went reflects the “wrong” result. And, after the election is over, the vote stealing software can delete itself. There’s no evidence left that the vote has been conducted incorrectly.”
A Salon article in 2011 revealed this shocking news: It could be one of the most disturbing e-voting machine hacks to date. Voting machines used by as many as a quarter of American voters heading to the polls in 2012 can be hacked with just $10.50 in parts and an 8th grade science education, according to computer science and security experts at the Vulnerability Assessment Team at Argonne National Laboratory in Illinois. The experts say the newly developed hack could change voting results while leaving absolutely no trace of the manipulation behind.
“We believe these man-in-the-middle attacks are potentially possible on a wide variety of electronic voting machines,” said Roger Johnston, leader of the assessment team “We think we can do similar things on pretty much every electronic voting machine.”
The Argonne team’s attack on a touch-screen Direct Recording Electronic machine required no modification, reprogramming, or even knowledge, of the voting machine’s proprietary source code. It was carried out by inserting a piece of inexpensive “alien electronics” into the machine. A cheap remote control unit can enable access to the voting machine from up to half a mile away.
“This is a national security issue,” says Johnston. “It should really be handled by the Department of Homeland Security.”
Almost all voters in states like Georgia, Maryland, Utah and Nevada, and the majority of voters in New Jersey, Pennsylvania, Indiana and Texas, voted on touch-screen Direct Recording Electronic voting systems on Election Day in 2012.
Private cybersecurity expert Ed Felten demonstrated in 2008 that Sequoia Voting Machines could be hacked in seven minutes. Only four years before that, allegations arose that electronic voting machines made by Diebold in Ohio were fraudulently tilting that state to President George W. Bush.
The HBO documentary “Hacking Democracy,” in 2006, investigated anomalies and irregularities with electronic voting systems during the 2000 and 2004 elections in the U.S.A., especially in Volusia County, Florida. The film investigated the flawed integrity of electronic voting machines, particularly those made by Diebold Election Systems.
The first signs that the Diebold-made system in Volusia County was malfunctioning came early on election night, when the central ballot-counting computer showed a Socialist Party candidate receiving more than 9,000 votes and Vice President Al Gore getting minus 19,000. Another 4,000 votes poured into the plus column for Bush that didn’t belong there. Taken together, the massive swing seemed to indicate that Bush, not Gore, had won Florida and thus the White House. Election officials restarted the machine, and expressed confidence in the eventual results, which showed Gore beating Bush by 97,063 votes to 82,214. After the recount, Gore picked up 250 votes, while Bush picked up 154. But the erroneous numbers had already been sent to the media.
Election reform activist Bev Harris reported: “Had it not been for these [computer] errors, the CBS News call for Bush at 2:17:52 AM would not have been made.” The 20,000-vote error shifted the momentum of the news reporting and nearly led Gore to concede. Harris said the errors were caught only because an alert poll monitor noticed Gore’s vote count going down through the evening, which of course is impossible. Diebold blamed the bizarre swing on a “faulty memory chip,” which Harris claimed is simply not credible.
The film culminated with the on-camera hacking of the in-use/working Diebold election system in Leon County, Florida – the same computer voting system which has been used in actual American elections across thirty-three states.
Alastair Thompson, writing for scoop.co of New Zealand, explored whether or not the 2002 U.S. mid-term elections were “fixed by electronic voting machines supplied by Republican-affiliated companies.” The Scoop investigation concluded that: “The state where the biggest upset occurred, Georgia, is also the state that ran its election with the most electronic voting machines.”
Those machines were supplied by Diebold. ES&S and Diebold would later merge and now count about 80 percent of all U.S. votes. Wired News reported that “a former worker in Diebold’s Georgia warehouse says the company installed patches on its machine before the state’s 2002 gubernatorial election that were never certified by independent testing authorities or cleared with Georgia election officials.”
Questions were raised in Texas when three Republican candidates in Comal County each received exactly the same number of votes – 18,181 – on ES&S machines. Johns Hopkins researchers at the Information Security Institute later issued a report declaring that Diebold’s electronic voting software contained “stunning flaws.”
In October 2013, Diebold was indicted for a “worldwide pattern of criminal conduct.” Federal prosecutors filed charges against Diebold, Inc. alleging that the North Canton, Ohio-based security and manufacturing company bribed government officials and falsified documents to obtain business in China, Indonesia and Russia. Diebold agreed to pay $48 million to settle the two criminal counts against it.