On Gardening Leave
Joined: 24 Jul 2006
|Posted: Sat May 12, 2007 7:42 am Post subject: The Globalization of Electronic Election Theft
|The Globalization of Electronic Election Theft
By Bob Fitrakis and Harvey Wasserman
The Free Press
Friday 11 May 2007
From Ohio and California to Scotland and France, the disputes surrounding electronic voting machines have gone truly global.
E-voting machines have already been extensively studied and condemned by a wide range of expert committees, commissions and colleges, including the General Accountability Office, the Carter-Baker Commission, Johns Hopkins University, Princeton University, Stanford University and others. Rigging of a recount in Cleveland has resulted in two felony convictions. The failures of e-voting machines have been the subject of numerous documentary films, including the aptly titled HBO special "Hacking Democracy."
Now the secretaries of state in Ohio and California are subjecting e-voting to still more official review. Ohio's Jennifer Brunner has announced she'll seek bids to conduct independent studies of both touch-screen machines, which record votes electronically, and optical scanners, which tabulate paper ballots electronically.
Brunner has already removed the entire board of elections of Cuyahoga County (Cleveland) in part because of a major fiasco caused by new electronic machines in the state's 2006 primary election. Voting rights activists vehemently opposed the $20 million purchase, but it was rammed through by Board Chair Robert Bennett and Executive Director Michael Vu.
The machines then caused long reporting delays. Vu resigned under pressure from the board. Bennett then resigned - along with the rest of the board - under pressure from Brunner. Bennett chairs the Ohio Republican Party, works closely with White House advisor Karl Rove, and was instrumental in delivering Ohio's decisive votes to George W. Bush in the 2004 presidential election. Two felony convictions have so far arisen from what prosecutors call a "rigged" recount that occurred that year in Cleveland, under Bennett's supervision.
The specifics of Brunner's investigation, which she wants done by September, are not yet public. But the newly elected Democrat says she intends to "fill in the gaps" on studies of Diebold, ES&S and Hart InterCivic machines whose vote tallies were key to giving Bush a second term. The conservative Columbus Dispatch has already predicted that the results of the investigation "likely will disappoint conspiracy theorists."
California's new Secretary of State Deborah Bowen will begin her study May 14, and wants it done by late July. An interagency agreement with the University of California will use three "top-to-bottom review teams" with about seven people each to inspect documents, previous studies, computer source code and a penetration attack to test system security. Cost is estimated at $1.8 million to be covered by system vendors and the Help America Vote Act. Systems from Diebold, ES&S, HartIntercivic, Sequoia and InkaVote of Los Angeles will be examined.
Other states are also re-evaluating their electronic voting systems, and fierce controversy is raging nationwide over a federal bill from Representative Rush Holt (D-NJ) which institutes certain voting reforms but allows the use of electronic machines to continue.
Now the issue has spread worldwide. Widespread cries of theft and fraud erupted in Ukraine, just before the US 2004 election. A forced re-vote ousted the "official" winner.
In Mexico, leftists contend the recent presidential election there was stolen just as Bush did it in the US, with some of the same personnel pulling it off.
Now similar cries are coming from Scotland and France. May 3 elections in Scotland using new electronic counting systems resulted in as many as 100,000 votes being classed as "spoilt papers." (About 90,000 such ballots from Ohio 2004 remain uncounted to this day).
Complex methods of tabulating and weighting the Scottish votes yielded "chaos." Several vote counts were suspended. In some races the tally of rejected ballots was greater than some candidates' winning margin. "This is a temporary interruption to one small aspect of the overall process," says a spokeswoman for DRS, the company responsible for the vote counting technology.
The language in France has not been so polite. A watershed presidential election has just been won by Nicolas Sarkozy, a blunt right-wing Reagan-Bush- style extremist over the socialist Segolene Royal. Sarkozy is a hard-edged authoritarian whose intense anti-immigrant rhetoric matches his support for the American war in Iraq and his avowed intent to slash France's social service system, including a public health program widely considered among the best in the world.
Like the balloting in Ukraine, the US, Scotland and Mexico, Sarkozy's victory was marred by angry, widespread complaints about dubious vote counts whose discrepancies always seem to favor the rightist candidate. Throughout France, the cry has arisen that the conservatives have done to Segolene Royal what Bush/Rove did to John Kerry.
In the not-so-distant past, other elections were engineered by George H.W. Bush, head of the Central Intelligence Agency and father of the current White House resident. During the Reagan-Bush presidencies, in the Philippines, Nicaragua, El Salvador and other key third world nations, expected leftist triumphs somehow morphed into rightist coups. "CIA destabilizations are nothing new," said former CIA station chief and Medal of Merit winner John Stockwell in 1987. "Guatemala in 1954, Brazil, Ghana, Chile, the Congo, Iran, Panama, Peru, Bolivia, Ecuador, Uruguay - the CIA organized the overthrow of constitutional democracy."
The recent trend to privatizing vote counts, with corporations claiming "proprietary rights" to keep their hardware and software covert, has added a new dimension to an old tradition. The recent "e-victories" in the US and France have significantly tipped to the right the global balance among the major powers. So while Ohio and California conduct their studies of electronic voting, the whole world will be watching.
Bob Fitrakis's forthcoming book, "The Fitrakis Files: Cops, Coverups and Corruption," is at http://www.freepress.org/, where this article first appeared. Harvey Wasserman's "Solartopia! Our Green-Powered Earth, A.D. 2030," is at http://www.solartopia.org/.
The Medium is the Massage - Marshall McLuhan.
Trustworthy Freedom Fighter
Joined: 30 Jul 2006
Location: East London
|Posted: Fri Sep 04, 2009 8:21 pm Post subject: Diebold sold
|Premier Election Solutions (Diebold) sold to ES&S:
September 4, 2009
ES&S Acquires Premier Election Solutions. This is just wrong on so many levels.
By Lani Massey Brown
When Voting News reported on on ES&S acquiring Premier Election Solutions, they commented, “Monopoly anyone?” But this acquisition is just wrong on so many levels.
Yes, the monopoly. ES&S's website boasts that ES&S voting systems counted approximately 50% of the votes in the last four major elections. 67 million registered voters vote on ES&S machines. 97K iVotronic touch screens are installed in 20 states and approximately 30K scanner tabulators are installed in 43 states and worldwide. While Premier Election Solutions (Diebold) Global Election Management System (GEMS) is used in more than 1,000 election environments throughout North America.
While the acquisition of Premier indeed adds munitions to ES&S's arsenal. The monopoly is but a part of the troubling equation.
Consider the Government Accountability Office's (GOA) stunted investigation of Sarasota's 2006 District 13 with its 18,000 missing votes. While the investigation fizzled with inconclusive results and investigative paths not taken, the initial findings of the investigation revealed an end-to-end ES&S election process lacking good business practices and void of independent checks and balances. ES&S virtually owns the election process. ES&S manufactures the machines, produces test data, defines the testing process, counts the votes, determines the winner, and declares the election valid. While Florida's Secretary of State and Sarasota's Supervisor of Elections simply follow the ES&S directions. (1)
Consider the absence of election laws and comprehensive processes that recognize bogus election results and mandate clear and immediate corrective action. This void has actually enabled election blunders since 2000.
More importantly, the lapse in business standards in tandem with the absence of such laws make it all the more possible for a lone techie, a company insider to slip some crafty little program code into the election program mix. As long as this techie stays smart and keeps the win within the margin of error he or she can effectively alter and even spot control election results.
Consider the technical challenges experienced by these two companies. Nine states reported voting problems with their Diebold equipment, including: California, Colorado, Connecticut, Georgia, Iowa, Maryland, Ohio, Utah, Virginia. Eight states reported problems with their ES&S voting equipment: Arkansas, Indiana, Kansas, Minnesota, North Carolina, Ohio, Wisconsin, and West Virginia. And five states reported voting problems with both ES&S and Diebold voting equipment: Florida, Indiana, Pennsylvania, Tennessee, and Texas. (2).....................
'And he (the devil) said to him: To thee will I give all this power, and the glory of them; for to me they are delivered, and to whom I will, I give them'. Luke IV 5-7.
Joined: 25 Jul 2005
Location: St. Pauls, Bristol, England
|Posted: Thu Feb 19, 2015 12:59 am Post subject: step by step how to hack an election
|step by step how to hack an election
Inside A U.S. Election Vote Counting Program
Tuesday, 8 July 2003, 6:20 pm
Article: Bev Harris
Inside A U.S. Election Vote Counting Program
By Bev Harris*
* Bev Harris is the Author of the soon to be published book " Black Box Voting: Ballot Tampering In The 21st Century "
*** NEW *** FOLLOW UP STORY
Bald-Faced Lies About Black Box Voting Machines
The Truth About the Rob-Georgia File
IMPORTANT NOTE: Publication of this story marks a watershed in American political history. It is offered freely for publication in full or part on any and all internet forums, blogs and noticeboards. All other media are also encouraged to utilise material. Readers are encouraged to forward this to friends and acquaintances in the United States and elsewhere.
Part 1 - Can the votes be changed?
Part 2 - Can the password be bypassed?
Part 3 – Can the audit log be altered?
According to election industry officials, electronic voting systems are absolutely secure, because they are protected by passwords and tamperproof audit logs. But the passwords can easily be bypassed, and in fact the audit logs can be altered. Worse, the votes can be changed without anyone knowing, even the County Election Supervisor who runs the election system.
The computer programs that tell electronic voting machines how to record and tally votes are allowed to be held as "trade secrets." Can citizen's groups examine them? No. The companies that make these machines insist that their mechanisms are a proprietary secret. Can citizen's groups, or even election officials, audit their accuracy? Not at all, with touch screens, and rarely, with optical scans, because most state laws mandate that optical scan paper ballots be run through the machine and then sealed into a box, never to be counted unless there is a court order. Even in recounts, the ballots are just run through the machine again. Nowadays, all we look at is the machine tally.
Therefore, when I found that Diebold Election Systems had been storing 40,000 of its files on an open web site, an obscure site, never revealed to public interest groups, but generally known among election industry insiders, and available to any hacker with a laptop, I looked at the files. Having a so-called security-conscious voting machine manufacturer store sensitive files on an unprotected public web site, allowing anonymous access, was bad enough, but when I saw what was in the files my hair turned gray. Really. It did.
The contents of these files amounted to a virtual handbook for vote-tampering: They contained diagrams of remote communications setups, passwords, encryption keys, source code, user manuals, testing protocols, and simulators, as well as files loaded with votes and voting machine software.
Diebold Elections Systems AccuVote systems use software called "GEMS," and this system is used in 37 states. The voting system works like this:
Voters vote at the precinct, running their ballot through an optical scan, or entering their vote on a touch screen.
After the polls close, poll workers transmit the votes that have been accumulated to the county office. They do this by modem.
At the county office, there is a "host computer" with a program on it called GEMS. GEMS receives the incoming votes and stores them in a vote ledger. But in the files we examined, which were created by Diebold employees and/or county officials, we learned that the Diebold program used another set of books with a copy of what is in vote ledger 1. And at the same time, it made yet a third vote ledger with another copy.
Apparently, the Elections Supervisor never sees these three sets of books. All she sees is the reports she can run: Election summary (totals, county wide) or a detail report (totals for each precinct). She has no way of knowing that her GEMS program is using multiple sets of books, because the GEMS interface draws its data from an Access database, which is hidden. And here is what is quite odd: On the programs we tested, the Election summary (totals, county wide) come from the vote ledger 2 instead of vote ledger 1, and ledger 2 can be altered so it may or may not match ledger 1.
Now, think of it like this: You want the report to add up only the actual votes. But, unbeknownst to the election supervisor, votes can be added and subtracted from vote ledger 2. Official reports come from vote ledger 2, which has been disengaged from vote ledger 1. If one asks for a detailed report for some precincts, though, the report comes from vote ledger 1. Therefore, if you keep the correct votes in vote ledger 1, a spot check of detailed precincts (even if you compare voter-verified paper ballots) will always be correct.
And what is vote ledger 3 for? For now, we are calling it the "Lord Only Knows" vote ledger.
Detailed Examination Of Diebold GEMS Voting Machine Security ( Part 1)
CAN THE VOTES BE CHANGED?
Here's what we're going to do: We'll go in and run a totals report, so you can see what the Election Supervisor sees. Then we'll tamper with the votes. I'll show you that our tampering appears in Table 2, but not Table 1. Then we'll go back and run another totals report, and you'll see that it contains the tampered votes from Table 2. Remember that there are two programs: The GEMS program, which the Election Supervisor sees, and the Microsoft Access database that stores the votes, which she cannot see.
Let's run a report on the Max Cleland/Saxby Chambliss race. (This is an example, and does not contain the real data.) Here is what the Totals Report will look like in GEMS:
CLICK FOR BIG VERSION
As it stands, Cleland is stomping Chambliss. Let's make it more exciting.
The GEMS election file contains more than one "set of books." They are hidden from the person running the GEMS program, but you can see them if you go into Microsoft Access. You might look at it like this: Suppose you have votes on paper ballots, and you pile all the paper ballots in room one. Then, you make a copy of all the ballots and put the stack of copies in room 2.
You then leave the door open to room 2, so that people can come in and out, replacing some of the votes in the stack with their own.
You could have some sort of security device that would tell you if any of the copies of votes in room 2 have been changed, but you opt not to.
Now, suppose you want to count the votes. Should you count them from room 1 (original votes)? Or should you count them from room 2, where they may or may not be the same as room 1? What Diebold chose to do in the files we examined was to count the votes from "room2." Illustration:
If an intruder opens the GEMS program in Microsoft Access, they will find that each candidate has an assigned number:
One can then go see how many votes a candidate has by visiting "room 1" which is called the CandidateCounter:
In the above example, "454" represents Max Cleland and "455" represents Saxby Chambliss. Now let's visit Room2, which has copies of Room1. You can find it in an Access table called SumCandidateCounter:
Now let's put our own votes in Room2. We'll put Chambliss ahead by a nose, by subtracting 100 from Cleland and adding 100 to Chambliss. Always add and delete the same number of votes, so the number of voters won't change.
Notice that we have only tampered with the votes in "Room 2." In Room 1, they remain the same. Room 1, after tampering with Room 2:
Now let's run a report again. Go into GEMS and run the totals report. Here's what it looks like now:
CLICK FOR BIG VERSION
Now, the above example is for a simple race using just one precinct. If you run a detail report, you'll see that the precinct report pulls the untampered data, while the totals report pulls the tampered data. This would allow a precinct to pass a spot check.
Detailed Examination Of Diebold GEMS Voting Machine Security ( Part 2)
CAN THE PASSWORD BE BYPASSED?
At least a dozen full installation versions of the GEMS program were available on the Diebold ftp site. The manual, also available on the ftp site, tells that the default password in a new installation is "GEMSUSER." Anyone who downloaded and installed GEMS can bypass the passwords in elections. In this examination, we installed GEMS, clicked "new" and made a test election, then closed it and opened the same file in Microsoft Access.
One finds where they store the passwords by clicking the "Operator" table.
Anyone can copy an encrypted password from there, go to an election database, and paste it into that.
Example: Cobb County Election file
One can overwrite the "admin" password with another, copied from another GEMS installation. It will appear encrypted; no worries, just cut and paste. In this example, we saved the old "admin" password so we could replace it later and delete the evidence that we'd been there. An intruder can grant himself administrative privileges by putting zeros in the other boxes, following the example in "admin."
CLICK FOR BIG VERSION
How many people can gain access? A sociable election hacker can give all his friends access to the database too! In this case, they were added in a test GEMS installation and copied into the Cobb County Microsoft Access file. It encrypted each password as a different character string, however, all the passwords are the same word: "password." Password replacement can also be done directly in Access. To assess how tightly controlled the election files really are, we added 50 of our friends; so far, we haven't found a limit to how many people can be granted access to the election database.
CLICK FOR BIG VERSION
Using this simple way to bypass password security, an intruder, or an insider, can enter GEMS programs and play with election databases to their heart's content.
Detailed Examination Of Diebold GEMS Voting Machine Security ( Part 3)
CAN THE AUDIT TRAIL BE ALTERED?
Britain J. Williams, Ph.D., is the official voting machine certifier for the state of Georgia, and he sits on the committee that decides how voting machines will be tested and evaluated. Here's what he had to say about the security of Diebold voting machines, in a letter dated April 23, 2003:
"Computer System Security Features: The computer portion of the election system contains features that facilitate overall security of the election system. Primary among these features is a comprehensive set of audit data. For transactions that occur on the system, a record is made of the nature of the transaction, the time of the transaction, and the person that initiated the transaction. This record is written to the audit log. If an incident occurs on the system, this audit log allows an investigator to reconstruct the sequence of events that occurred surrounding the incident.
In addition, passwords are used to limit access to the system to authorized personnel." Since Dr. Williams listed the audit data as the primary security feature, we decided to find out how hard it is to alter the audit log.
Here is a copy of a GEMS audit report.
CLICK FOR BIG VERSION
Note that a user by the name of "Evildoer" was added. Evildoer performed various functions, including running reports to check his vote-rigging work, but only some of his activities showed up on the audit log.
It was a simple matter to eliminate Evildoer. First, we opened the election database in Access, where we opened the audit table:
CLICK FOR BIG VERSION
Then, we deleted all the references to Evildoer and, because we noticed that the audit log never noticed when the admin closed the GEMS program before, we tidily added an entry for that.
CLICK FOR BIG VERSION
Access encourages those who create audit logs to use auto-numbering, so that every logged entry has an uneditable log number. Then, if one deletes audit entries, a gap in the numbering sequence will appear. However, we found that this feature was disabled, allowing us to write in our own log numbers. We were able to add and delete from the audit without leaving a trace. Going back into GEMS, we ran another audit log to see if Evildoer had been purged:
CLICK FOR BIG VERSION
As you can see, the audit log appears pristine.
In fact, when using Access to adjust the vote tallies we found that tampering never made it to the audit log at all.
Although we interviewed election officials and also the technicians who set up the Diebold system in Georgia, and they confirmed that the GEMS system does use Microsoft Access, is designed for remote access, and does receive "data corrections" from time to time from support personnel, we have not yet had the opportunity to test the above tampering methods in the County Election Supervisor's office.
From a programming standpoint, there might be reasons to have a special vote ledger that disengages from the real one. For example, election officials might say they need to be able to alter the votes to add provisional ballots or absentee ballots. If so, this calls into question the training of these officials, which appears to be done by The Election Center, under the direction of R. Doug Lewis. If election officials are taught to deal with changes by overwriting votes, regardless of whether they do this in vote ledger 1 or vote ledger 2, this is improper.
If changing election data is required, the corrective entry must be made not by overwriting vote totals, but by making a corrective entry. When adding provisional ballots, for example, the proper procedure is to add a line item "provisional ballots," and this should be added into the original vote table (Table 1). It is never acceptable to make changes by overwriting vote totals. Data corrections should not be prohibited, but must always be done by indicating changes through a clearly marked line item that preserves each transaction.
Proper bookkeeping never allows an extra ledger that can be used to just erase the original information and add your own. And certainly, it is improper to have the official reports come from the second ledger, which may or may not have information erased or added.
But there is more evidence that these extra sets of books are illicit: If election officials were using Table 2 to add votes, for provisional ballots, or absentee voters, that would be in their GEMS program. It makes no sense, if that's what Diebold claims the extra set of books is for, to make vote corrections by sneaking in through the back door and using Access, which according to the manual is not even installed on the election official's computer.
Furthermore, if changing Table 2 was an acceptable way to adjust for provisional ballots and absentee votes, we would see the option in GEMS to print a report of both Table 1 totals and Table 2 so that we can compare them. Certainly, if that were the case, that would be in the manual along with instructions that say to compare Table 1 to Table 2, and, if there is any difference, to make sure it exactly matches the number of absentee ballots, or whatever, were added.
Using Microsoft Access was inappropriate for security reasons. Using multiple sets of books, and/or altering vote totals to include new data, is improper for accounting reasons. And, as a member of slashdot.org commented, "This is not a bug, it's a feature."
*** ENDS ***
"The maintenance of secrets acts like a psychic poison which alienates the possessor from the community" Carl Jung