Princeton University Creates Virus That Hacks Diebold Accuvote-TS Machine


ALERT: Breaking News!
This is MAJOR! Princeton University's Information Technology Policy Department has just put out their press release and built a web page complete with video about their findings. Watch the video and spread this far and wide!


Here is the website with the full report and findings including the downloadable Windows Media Video: Center for Information Technology Policy - Princeton University

Download the video and then upload it to every video hosting service you know. I've already uploaded it to Google Video and to YouTube above.

Other locations it should be uploaded to: LiveDigital.com, DailyMotion.com and any others you can think of. Please do me a favor and "Digg" this story and then send it to as many news outlets as you can think of. When you're done doing that, send it to your representatives in Congress and the Senate.

As you can see, this is just starting to get some news coverage but it is mostly on the technical side and nobody is linking to the video demonstration yet as this story and video are less than 10 hours old. Forbes Article from the AP, Engadget. And here is a related article that makes this all the more upsetting: USA Today - Election Watchers Predict Glitches. And then there is this from my friend Eric who submitted this article about his personal experiences yesterday at a Maryland polling station to Crooks & Liars.

Here is the Executive Summary of their findings:
Security Analysis of the Diebold AccuVote-TS Voting Machine:
Executive Summary


Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten

The Diebold AccuVote-TS and its newer relative the AccuVote-TSx are together the most widely deployed electronic voting platform in the United States. In the November 2006 general election, these machines are scheduled to be used in 357 counties representing nearly 10% of registered voters. Approximately half these counties — including all of Maryland and Georgia — will employ the AccuVote-TS model. More than 33,000 of the TS machines are in service nationwide.

This paper reports on our study of an AccuVote-TS, which we obtained from a private party. We analyzed the machine's hardware and software, performed experiments on it, and considered whether real election practices would leave it suitably secure. We found that the machine is vulnerable to a number of extremely serious attacks that undermine the accuracy and credibility of the vote counts it produces.

Computer scientists have generally been skeptical of voting systems of this type, Direct Recording Electronic (DRE), which are essentially general-purpose computers running specialized election software. Experience with computer systems of all kinds shows that it is exceedingly difficult to ensure the reliability and security of complex software or to detect and diagnose problems when they do occur. Yet DREs rely fundamentally on the correct and secure operation of complex software programs. Simply put, many computer scientists doubt that paperless DREs can be made reliable and secure, and they expect that any failures of such systems would likely go undetected.

Previous security studies of DREs affirm this skepticism, but to our knowledge ours is the first public study encompassing the hardware and software of a widely used DRE. The famous paper by Kohno, Stubblefield, Rubin, and Wallach studied a leaked version of the source code for parts of the Diebold AccuVote-TS software and found many design errors and vulnerabilities, which are generally confirmed by our study. Our study extends theirs by including the machine's hardware and operational details, by finding and describing several new and serious vulnerabilities, and by building working demonstrations of several security attacks.

Main Findings The main findings of our study are:

1. Malicious software running on a single voting machine can steal votes with little if any risk of detection. The malicious software can modify all of the records, audit logs, and counters kept by the voting machine, so that even careful forensic examination of these records will find nothing amiss. We have constructed demonstration software that carries out this vote-stealing attack.

2. Anyone who has physical access to a voting machine, or to a memory card that will later be inserted into a machine, can install said malicious software using a simple method that takes as little as one minute. In practice, poll workers and others often have unsupervised access to the machines.

3. AccuVote-TS machines are susceptible to voting-machine viruses — computer viruses that can spread malicious software automatically and invisibly from machine to machine during normal pre- and post-election activity. We have constructed a demonstration virus that spreads in this way, installing our demonstration vote-stealing program on every machine it infects.

4. While some of these problems can be eliminated by improving Diebold's software, others cannot be remedied without replacing the machines' hardware. Changes to election procedures would also be required to ensure security.

Here is the
Tags: , , , , , , , , , , ,

|

Get In Their Face By Email!

Enter your Email and get one email per day from Get In Their Face!

Search GITF!


About Me

GITF THEATER

  • ROBERT NEWMAN - HISTORY OF OIL!
    Simply one of the best movie/standup/lesson/documentaries I have ever seen. Robert is a brilliant and commanding presence and this is simply a MUST SEE piece
  • IRAQ FOR SALE - THE WAR PROFITEERS
    Another spectacular documentary by Robert Greenwald. War is big business and evil men are getting filthy rich off the blood and sacrifice of our heroes
  • THE SECRET GOVERNMENT!
    The ninety minute PBS Special with Bill Moyers about America's shadow government - Originally aired on PBS in 1987
  • VOTERGATE!
    Great documentary about the state of our election system in America - Full Version
  • PEACE, PROPAGANDA AND THE PROMISED LAND
    Peace, Propaganda & the Promised Land provides a striking comparison of U.S. and international media coverage of the crisis in the Middle East, zeroing in on how structural distortions in U.S. coverage have reinforced false perceptions of the Israeli-Palestinian conflict
  • SIR, NO SIR!
    An awesome movie giving an unvarnished look at the underground G.I. Movements around the world that ended the Vietnam War - Full Version
  • WAR MADE EASY
    War Made Easy reaches into the Orwellian memory hole to expose a 50-year pattern of government deception and media spin that has dragged the United States into one war after another from Vietnam to Iraq - Full Version
  • THE BIG BUY!
    Comp movie and dissection of how Tom Delay raped the U.S. Congress - Full Version
  • IRAQ: THE HIDDEN STORY!
    An excellent documentary about what the world's media is NOT showing you in Iraq
  • THE REVOLUTION WILL NOT BE TELEVISED!
    An excellent and inside look at the attempted coup of Venezuelan president Hugo Chavez in 2003
  • IRAQ'S MISSING BILLIONS!
    A powerful documentary that aired on British TV about one major heist in the middle of what will likely go down as one of the worst crimes of this Century
  • ENRON - SMARTEST GUYS IN THE ROOM!
    What a story of hubris and greed

Archives

Links

Torture Awareness Month
Join Us!

    Weblog Commenting and Trackback by HaloScan.com


Image Hosted by ImageShack.us