Roger Johnston is the head of the Vulnerability Assessment Team at Argonne National Laboratory. Not long ago, he and his colleagues launched security attacks on electronic voting machines to demonstrate the startling ease with which one can steal votes. Even more startling: Versions of those machines will appear in polling places all over America on Tuesday. The touchscreen Diebold Accuvote-TSX will be used by more than 26 million voters in 20 states; the push-button Sequoia AVC Voting Machine will be used by almost 9 million voters in four states, Harper's magazine reported recently (subscription required). Here, Johnston reveals how he hacked the machines--and why anyone, from a high-school kid to an 80-year-old grandmother, could do the same.--Ed
The Vulnerability Assessment Team at Argonne National Laboratory looks at a wide variety of security devices-- locks, seals, tags, access control, biometrics, cargo security, nuclear safeguards--to try to find vulnerabilities and locate potential fixes. Unfortunately, there's not much funding available in this country to study election security. So we did this as a Saturday afternoon type of project.
It's called a man-in-the-middle attack. It's a classic attack on security devices. You implant a microprocessor or some other electronic device into the voting machine, and that lets you control the voting and turn cheating on and off. We're basically interfering with transmitting the voter's intent.
We used a logic analyzer. Digital communication is a series of zeros and ones. The voltage goes higher, the voltage goes lower. A logic analyzer collects the oscillating voltages between high and low and then will display for you the digital data in a variety of formats. But there all kinds of way to do it. You can use a logic analyzer, you can use a microprocessor, you can use a computer--basically, anything that lets you see the information that's being exchanged and then lets you know what to do to mimic the information.
So we listened to the communications going on between the voter, who in the case of one machine is pushing buttons (it's a push-button voting machine) and in the other is touching things on a touchscreen. Then we listened to the communication going on between the smarts of the machine and the voter. Let's say I'm trying to make Jones win the election, and you might vote for Smith. Then my microprocessor is going to tell the smarts of the machine to vote for Jones if you try to vote for Smith. But if you're voting for Jones anyway, I'm not going to tamper with the communications. Sometimes you block communications, sometimes you tamper with information, sometimes you just look at it and let it pass on through. That's essentially the idea. Figure out the communications going on, then tamper as needed, including with the information being sent back to the voter.
We can do this because most voting machines, as far as I can tell, are not encrypted. It's just open standard format communication. So it's pretty easy to figure out information being exchanged. Anyone who does digital electronics--a hobbyist or an electronics fan--could figure this out.
The device we implanted in the touchscreen machine was essentially $10 retail. If you wanted a deluxe version where you can control it remotely from a half a mile away, it'd cost $26 retail. It's not big bucks. RadioShack would have this stuff. I've been to high school science fairs where the kids had more sophisticated microprocessor projects than the ones needed to rig these machines.
Because there's no funding for this type of security-testing, we relied on people who buy used machines on eBay [in this case the touchscreen Diebold Accuvote TS Electronic Voting Machine and the push-button Sequoia AVC Advantage Voting Machine]. Both of the machines were a little out-of-date, and we didn't have user manuals and circuit diagrams. But we figured things out, in the case of the push-button machine, in under two hours. Within 2 hours we had a viable attack. The other machine took a little longer because we didn't fully understand how touchscreen displays worked. So we had learning time there. But that was just a couple days. It's like a magic trick. You've got to practice a lot. If we practiced a lot, or even better, if we got someone really good with his hands who practiced a lot for two weeks, we're looking at 15 seconds to 60 seconds go execute these attacks.
The attacks require physical access. This is easy for insiders, who program the machines for an election or install them. And we would argue it's typically not that hard for outsiders. A lot of voting machines are sitting around in the church basement, the elementary school gymnasium or hallway, unattended for a week or two before the election. Usually they have really cheap cabinet locks anyone can pick; sometimes they don't even have locks on them. No one signs for the machines when they show up. No one's responsible for watching them. Seals on them aren't much different from the anti-tamper packaging found on food and over-the-counter pharmaceuticals. Think about tampering with a food or drug product: You think that's challenging? It's really not. And a lot of our election judges are little old ladies who are retired, and God bless them, they're what makes the elections work, but they're not necessarily a fabulous workforce for detecting subtle security attacks.
Give people checking the seals a little training as to what to look for, and now they have a chance to detect a reasonably sophisticated attack. Do good background checks on insiders, and that insider threat would be much less of a concern. Overall, there's a lack of a good security culture. We can have flawed voting machines, but if we have a good security culture, we can still have good elections. On the other hand, we can have fabulous machines, but if the security culture is inadequate, it doesn't really matter. We've really got to look at a bigger picture. Our view is: It's always going to be hard to stop James Bond. But I want to move it to the point where grandma can't hack elections, and we're really not there.
Read more about elections security here.
What this hacking leaves off is all the security systems and security people surrounding it, which would defer it being hacked in the first place.
But yea, sure, if I write yes for one thing and somebody changes it to a no after me, it has been hacked and has broken the law too.
I would hope the chassis of these electronic devices have tamper alarms that go back to a dispatch security center as well as local security guards around the said devices, with all sorts of redundant security measures, cameras and other devices.
So if this article is promoting a good hack of the equipment, it better include getting around electronic and physical security, too.
I think this fellow is suggesting the security is not there. I'm inclined to believe him.
The efforts of this group are important but there's no need to over sensationalize. Vote rigging is quite common I think, and at least now they need some expertise and more organization. It was much easier in the past (eg. just steal a ballot box). Now there is an electronic record which should make it easier for folks to check to make sure that their vote was correct. You can't stop the cheating but you can make it harder to organize on a wider scale.
Watch out for that gang of techno-grannies!
If a ballot box or electronic ballot box is sitting their unmonitored via electronic or live security, I consider the whole district in that area suspicious of being tampered with!
The voting machines in my location all print a paper trail as you go, so you can make sure the paper trail confirms your vote. If there are questions as to fraud, or a recount, the paper trail is then tallied and compared to the electronic count. As long as the voters confirm their paper trail when they vote, a recount will always confirm the real vote total. And if there are reasons to suspect a vote total (such as results that are way off from exit polling) then there will always be a recall.
However, vote tampering will become a huge issue if we ever move to internet-based voting, where there will be almost no way to certify who is voting and whether or not something is tampered with.
Obviously none of these people who wrote the previous comments READ the article. For security watching the machines, he plainly states that NO ONE is watching them BEFORE the elections, making them easy to rig. For the paper trail, it gets printed out AFTER the vote is logged. The manipulation comes inbetween the push of the button and the vote logged. All you have to do is add an extra step that prints out the actual button push result rather than what is logged in the system and that's easily bypassed.
This is the very reason for this article, because people can't read and they don't understand security basics.
Dumb people are easier to be herded.
Quite scary to see how simple it is to hack something like this.
I do question a couple of things, in the article it mentions that there appeared to be no security devices inside the machine. Perhaps the ones he used had the security devices removed for purposes of sale? It's a possibility.
Also, I think the old grannies are being underestimated. A lot of workers on election day have had training of what to look for and to report anything even remotely suspicious.
But going back to the hacking thing....I'd imagine these machines come with 'anti-tamper' devices on the inside to prevent anyone doing anything too radical, but without having access to a machine that is currently going to be used then I can't really say what will happen.
Interesting read overall. :)
I just got paid $6784 working off my laptop this month. And if you think that's cool, my divorced friend has twin toddlers and made over $9k her first month. It feels so good making so much money when other people have to work for so much less. This is what I do, Fox92.com
I'm not quite so ready to buy this. Possible, yes -- but the details may get a little sticky.
Firstly, you have to manage this on a significant percentage of the machines. So, the risk of detection is greater because there is a lot of activity.
Next, to do it efficiently, you need all of these subpanels -- for the machine in question. This could be a problem for various reasons. Say, there were several versions out there ( not uncommon). Not to mention that someone might notice fairly large quantities of spares being ordered -- by a non government agency. (Plus, the price is now a little more than the cheap microprocessor).
And then, there's the layout. I don't think that you can guarantee that the candidate selection is always in the same order. This could cause immense problems.
Not to mention that this particular 'hacker' is possibly a little more skilled than most.
I guess that I'm not sweating it.
As I said before, a electronic tamper switch or circuits can be installed in the chassis or devices.
Of course you vote privately, opening the door for tampering. But in reality, I think a person would get caught.
Does it matter?
Tampering may be easy, but getting away with it is entirely different.
There are people who pay no attention to the election because they know way ahead of time who is going to win.
You just have to see through the awesome campaign you are being bombarded with.
So forget about machine tampering, they are not a good way to get votes.
The hacking that was suggested in this article must have been successful. My candidate didn't win.
I was hurt and depressed when my lover of five years left me for another woman. One friend suggested the idea to contact a spell caster, which I would have never thought of myself. I contacted a few of them but prophetharry@ymail. com was the person I felt good with. She was understanding, replied all my emails promptly and patiently. Then I decided to place an order for his spell even if at that time I was still a bit skeptical about his capacity to bring my man back with me.
Only 1 week after the spell was actually cast, he returned to me and since then, it seems that there is no more mistrust and no more lies between us. For that reason, I am gladly leaving a testimonial on this page, which I believe will help persons to chose prophetharry for their case.
In Pakistan we have a National Voters data base which is linked to the Election Commission of Pakistan. We dial a SMS message and receive an instant feedback identifying the polling booth where we can vote.
My Company GRESHAM in Pakistan has developed and trademarked ( alongwith IP and Copyright ) a Election software called eLECT. So, with my cell phone,I can dial in my ID card ..send and receive an instant feedback of the polling station where I am registered and this will first let me know the Provincial member standing for election in my area. I click my selected member and software sends an encrypted message to the Election Commission My selection is confirmed and enables me to move on to selecting the National Assembly member in the same manner. We also have a Web Based system and Voting kiosk which first reads the ID card,then does the photo recognition ,compares it with voter and enables the process to move ahead. Since messages are encrypted voting fraud is more or less eliminated. We hoe to have the world's first election for Pakistan through this system in next 2-3months. Hopefully, elections the world over will be done this way. USA ,and many countries with ID can start now.