Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Chimp Can Hack Diebold Electronic Voting System

Posted by michael on Fri Sep 24, 2004 06:59 PM
from the don't-say-we-didn't-warn-you dept.
United States Security Government Politics
rbuysse writes "A million monkeys can write Shakespeare, but it only takes one to mess up an election. Scoop here." Blackboxvoting is behind this demonstration; there's also a lengthy thread on the Bugtraq mailing list.
+ -
story
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Chimp Can Hack Diebold Electronic Voting System 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Nuff Said (Score:5, Funny)

    by (54)T-Dub (642521) * <tpaine@gmail.MOSCOWcom minus city> on Friday September 24 2004, @07:00PM (#10345455) Journal
    The Diebold central tabulators use a program called "GEMS" that saves vote totals in Microsoft Access ...
    I think that's all we really need to say about Diebold.

    • Your first clue (Score:5, Funny)

      by nerd256 (794968) on Friday September 24 2004, @07:20PM (#10345577) Homepage
      "saves vote totals in Microsoft Access"
      Hey, at least its accurate advertising

      • Monkeys (Score:5, Funny)

        by Mistlefoot (636417) on Friday September 24 2004, @07:24PM (#10345604)
        "State elections officials also said Wednesday that they are confident they can protect the system from a decidedly lower-tech threat.

        Elections administrator Linda Lamone said" that monkeys will be prevented from accessing the machines during the elections..... :P

    • for-profit voting systems (Score:5, Insightful)

      by cgenman (325138) on Friday September 24 2004, @07:46PM (#10345716) Homepage
      Isn't it basically unconscionable that the actual process of elections be a for-profit venture? While the military may buy hardware from outside vendors, it does so because certain problems require such specific, high-level technical knowledge and manufacturing know-how which they don't posess in-house. A voting system is, at it's core, a system of adding numbers together that any first-year comp sci student could create. Why is something so basic to the legitimacy of our government being given to for-profit ventures with closed systems?

      At the government's disposal are hundreds of public universities with some of the brightest minds in the country, many of whom would gladly work on implementing the great american open-source voting system. Even if these graduate students and professors were paid market rates for their work, it would still be much cheaper than what Diebold systems are costing the US. There is also no competitive advantate go keeping the system closed-source... so what if Austrailia decides they want to run their elections on our software? We've proud of other countries copying our constitution and systems of government, why not our systems of elections too? Especially if they improve it, and give those improvements back to us? What, are we suddenly going to be exporting less consumables to them because they have more legitimate elected officials?

      • Re:for-profit voting systems (Score:5, Insightful)

        by Frizzle Fry (149026) on Friday September 24 2004, @07:55PM (#10345755) Homepage
        Isn't it basically unconscionable that the actual process of elections be a for-profit venture?

        This is already the case today. Do you think the current voting booths or the printed ballots are manufactured by the Salvation Army? Why should it be a surprise that when the government moves from lower to higher tech forms of voting it continues to buy from private industries? I agree that buying from a corrupt and/ or incompetent company is reprehensible. I also agree that everything should be accountable to the voters and the software, security mechanisms, etc., should not be kept secret. But I don't like the idea that the government should be unable to give a contract to any private company to manufacture any of the tools used to run the election. That is neither workable nor desirable.

        • Re:for-profit voting systems (Score:5, Insightful)

          by Aadain2001 (684036) on Friday September 24 2004, @08:10PM (#10345807) Journal
          True, but I think the system the grandparent was promoting was using public funds to create a public solution, which still requires buying/paying for tools from the private sector. Instead of buying a "black box" and just trusting the company that made it to Do The Right Thing(tm), you buy the hardware from one company/group, pay another group to write the software with public funds (thus making the results open to the public so anyone can find problems/backdoors), and another group to actually run things. This is a great example of checks and balances: spreading power between many groups instead of just a few or only one, thus reducing the change of tyranny and power grabs. It's what a lot of our Constituion is based on, and I would welcome seeing the same happen to our voting system, seeing as how voting is the greatest power in the country.

          • Re:for-profit voting systems (Score:5, Informative)

            by laird (2705) <<moc.odnap> <ta> <drial>> on Friday September 24 2004, @09:41PM (#10346138) Homepage Journal
            "I think the system the grandparent was promoting was using public funds to create a public solution, which still requires buying/paying for tools from the private sector"

            Exactly. Please visit http://www.openvotingconsortion.org/. We're a consortium dedicated to creating an open source voting system. The idea, exactly as you propose, is that many commercial vendors can take the open source platform and package it with hardware, training, and so on. Or a particularly motivated (or cheap) organization could run their own election system using internal technical resources. :-) The project has been under active development for several years, and has produced a system that's been publicly demonstrated.

            • Re:for-profit voting systems (Score:5, Interesting)

              by tsm_sf (545316) * on Friday September 24 2004, @10:05PM (#10346238) Journal
              And not to make light of your accomplishments, but how fucking tough could this be? Seems like they want big holes in their security, doesn't it?

              To change the subject slightly, at what point does sabotage become a morally acceptable alternative? I'm assuming that a knife dragged across the touch-screen would ruin the machine, but I won't assume that ruining a voting booth for others would help... any thoughts?

              "Hell, I'll piss on the spark plugs if that'll help"

        • And it's working out so well? (Score:5, Interesting)

          by scruffyMark (115082) on Friday September 24 2004, @11:29PM (#10346515)
          As compared to Canada (I know, you've probably heard this a bazillion times). AFAIK, there is not a single private company involved in the Federal elections here.

          Say what you will about the relative scale of the elections in the two countries, one thing is certain - the elections work here. The results are in very quickly, the security protocols surrounding voting and counting are simple enough to be comprehensible and auditable by just about anyone, and the whole thing is done with exemplary transparency.

  • So, uh (Score:5, Funny)

    by Anonymous Coward on Friday September 24 2004, @07:00PM (#10345458)
    Is that chimp one of the Diebold engineers?

    • Re:So, uh (Score:5, Funny)

      by cgranade (702534) <cgranade@gmail.cCOUGARom minus cat> on Friday September 24 2004, @07:03PM (#10345472) Homepage Journal
      Don't insult the monkeys!

    • Re:So, uh (Score:5, Funny)

      by Anonymous Coward on Friday September 24 2004, @07:29PM (#10345626)
      You fools laugh, but this could be serious. Maybe it's some kind of super monkey. What if there's more supermonkeys like it? WHAT IF THEY'RE CREATING AN ARMY OF THEM? Holy shit. It must be a conspiracy like in the X-Files... ROSWELL style. This little monkey could be the fuckin' damn dirty ape responsible for the fall of the human race. In this world gone mad, we won't spank the monkey- the monkey will spank us. And after the fall of man, these monkey fucks'll start wearing our clothes and rebuilding the world in their image. OH and only those as super smart as me will be left alive to bitterly cry - DAMN YOUS DIEBOLD. Goddamn yous all to hell.

  • In other news (Score:5, Funny)

    by Anonymous Coward on Friday September 24 2004, @07:02PM (#10345470)
    A new denial of service attack is spreading through the wild. It involves hurling feces...

  • Video Mirror (Score:5, Informative)

    by chrispyman (710460) on Friday September 24 2004, @07:03PM (#10345476)
    Incase of the enevitable slashdotting, here's the movie of the chimp hacking the vote [chrispyman.com].

  • No kiddin' (Score:5, Funny)

    by HateBreeder (656491) on Friday September 24 2004, @07:03PM (#10345477)
    A million monkeys can write Shakespeare, but it only takes one to mess up an election.

    I'm a proud Bush voter, You insensitive clod!

    • Re:No kiddin' - FOR REAL... (Score:5, Interesting)

      by neil.pearce (53830) on Friday September 24 2004, @07:48PM (#10345722) Homepage
      A million monkeys can write Shakespeare...

      Perhaps you'd like to visit The Monkey Shakespeare Simulator [tninet.se], which randomly attempts to duplicate Shakespeare's work (don't worry about legal aspects, you can generally assume it's out of copyright).

      The current record is 20 letters from "Coriolanus" after 462,060,000,000 billion billion monkey-years. Sent in by Jens Ulrik Jacobsen from Denmark on 31 Aug 2004.
      "1. Citizen. Before w ZgJ 8GPxwFnwvG&iX4tKfo("2ny!3Pp..."
      matched
      "1. Citizen. Before w e proceed any further, heare me speake All. Speake, speake 1.Cit. You are all resolu'd rather to dy then to famish? All. Resolu'd, resolu'd..."
  • Final_Results.Mdb
    Look for this attatchment on the Electoral College's Outlook Express inbox.

  • Coral Cache of video (Score:4, Informative)

    by Meostro (788797) * on Friday September 24 2004, @07:05PM (#10345492) Homepage Journal
    http://www.blackboxvoting.org.nyud.net:8090/baxter /baxterVPR.mov [nyud.net]

    Although it's pretty weak... just a bunch of cuts of a monkey and a computer.

  • It's all a liberal conspiracy (Score:5, Funny)

    by Anonymous Coward on Friday September 24 2004, @07:06PM (#10345500)
    That's why the liberal media, like Fox, is reporting on it.

  • I love this quote... (Score:5, Insightful)

    by cmowire (254489) on Friday September 24 2004, @07:11PM (#10345535) Homepage
    "Dacek said Wednesday that she fears that critics of the new voting system may try to physically sabotage the machines."

    Wow. That's so..... scaremongering.....

  • What I don't understand is why... (Score:5, Interesting)

    by MarcoAtWork (28889) on Friday September 24 2004, @07:20PM (#10345570)
    rather than going 'all electronic' there are not more efforts to have a hybrid paper-computer model, off the top of my head:

    - the voter comes to the poll, is identified and is given a paper token with a barcode that contains the polling ID station ID and a sequential number (note that the ID is not humanly readable, important for privacy)

    - the voter goes in the box, which has a touch screen and an 'easy' UI, voter inserts the paper token in the box which scans it

    - voter votes on the touch screen (make it really easy, BIG buttons, BIG text, whatever)

    - machine prints out a ballot with the voter's vote in humanly readable form (say, prints out a 'real' ballot with blackened out rectangles on the relevant candidate(s)) and a 2D barcode at the bottom with the vote in machine readable form including the ID on the 'paper token'

    - voter looks at the ballot to make sure it's ok, folds it, comes out, puts the ballot in one box and the paper token in the other. If the ballot is not ok there is a shredder right there inside the poll station and the voter votes again.

    ========= election over ===========

    the paper token are shipped to the central office, scanned (should be very fast via the 2d barcodes) and votes tabulated accordingly; for an additional level of security you can always count the votes via the 'human readable' part of the ballot before shipping them.

    If a recount or anything is necessary there are several safeguards with this system:

    - you can't have ballot box stuffing, because 1 'token' = 1 vote and if those ID are generated 'well' you could even double check that all IDs make sense, sort of like a 'there are only so many valid serial numbers' there. Multiple votes with the same 'ID' will be discarded.

    - you can't have doubts on the voter intent, they'll vote on the screen *AND* look at the paper copy before putting it in the ballot box later on

    - if there is really no trust in the computers no problem, you can just look at the 'human readable' portion of the ballot as many times as you want: no nonsense about hanging chads or anything.

    this (or something like it) would cover all the bases in terms of fast results (via scanning ballots, ship them all to a central location and do it), paper trail and so on. I really can't understand who in their right mind would consider putting the fate of the election in the hands of MS Access, for crying out loud!

      • Re:What I don't understand is why... (Score:5, Insightful)

        by Woody77 (118089) on Friday September 24 2004, @08:03PM (#10345785)
        1-2: Handled by millions of point-of-sale terminals already. This is no large feat of engineering that needs to be reinvented.

        3: Scantrons are ancient, and work well, with a very low error rate, at least, lower than hanging chads when you've got machines to properly mark the cards in the first place.

        4: He walks out of the booth with it, and right up to the ballot box, just like we do currently. No big deal, and after that, he can have proof he voted, but the card with the actual votes on it is in the box.

        =====

        I wouldn't be amiss to a mis-vote called whenever the election was indeterminate with a known (low) level of error. Like, 0.01% or less (or some other number, that one was pulled out of thin air). To cover error in the system.

        Automatic revote.

  • Spin Spin Spin (Score:5, Insightful)

    by miu (626917) on Friday September 24 2004, @07:22PM (#10345591) Homepage Journal
    From the article:
    "Quite honestly it's somewhat insulting to elections officials and volunteers," he said to the idea that elections officers would tamper with vote results.
    -Some Diebold talking head.

    Sure we trust the election officials, but do we trust every contractor or tech who might work on those systems? Especially as Diebold seems so lax in checking backgrounds that people with convictions for fraud, blackmail, and embezzlement have access to their code. I'd bet that their contractors are even less subject to appropriate background checks.

  • Chimps can write News Articles, too... (Score:5, Informative)

    by Mulletproof (513805) on Friday September 24 2004, @07:22PM (#10345594) Homepage Journal
    Their "evidence" of a chimp hacking diebold is a series of poorly cut images of a chimp and a computer????? Come the fuck on now... First, half of the minute video is useless filler text and a picture of smiling chimp, which immedietly jumps to a sequence that could have only been cut by an editor with suffering from ADD syndrome. Seriously, where's that foot icon, because there's no way you could possibly take this story seriously.

    But for the inveitable slashdotting it'll receive, I'll summerize: Makers say Diebold works, opponents say it doesn't, que poorly edited movie of monkey sitting by computer hitting stuff, analogous to the new "Baby hitting mouse" AOL 9.0 commercial. The End.

    Thank me, beecause I just saved you 5-10 minutes of your life. Use it to get a free ipod or something.

  • Thankfully... (Score:5, Funny)

    by burtonator (70115) on Friday September 24 2004, @07:24PM (#10345605)
    The good thing is that even though a monkey can hack the system this still puts the hack out of the reach of the average Republican ;)

  • Really, no disrespect...but (Score:5, Interesting)

    by switcha (551514) on Friday September 24 2004, @07:30PM (#10345629)
    But Black Box Voting on Wednesday demonstrated two quick ways that "an unscrupulous person with no computer skills whatsoever" could sabotage vote totals, according to Associate Director Andy Stephenson.

    Judging by the fact that most people with the time to volunteer for poll work are our 'seasoned citizens' who, let's be honest, aren't, as a group, too computer savvy, I'd be more worried about the scrupulous people with no computer skills whatsoever messing things up.

    I know this makes me an ageist asshat, but how in the heck are all these people going to get up to speed on computers enough to ensure a little 'whoops' doesn't toss a whole county or something?

  • Insulting to officials? (Score:5, Insightful)

    by frdmfghtr (603968) on Friday September 24 2004, @07:32PM (#10345639)
    "Quite honestly it's somewhat insulting to elections officials and volunteers," he said to the idea that elections officers would tamper with vote results.

    I say "Quite honestly, it's somewhat insulting to the voters," to the idea that the voting public should naively disregard the human factor and that temptation/corruption/bribery "just don't happen."

    Never underestimate the power of money, especially in large, unmarked bundles.

        • Re:Insulting to officials? (Score:5, Interesting)

          by demachina (71715) on Saturday September 25 2004, @05:33AM (#10347497)
          I'm sure your proud of yourself playing doorman for America, but I'm already actively working on getting out of the U.S., don't need your help, the Bush administration is way better than you are at making anyone sane want to leave the U.S.

          I'd be cool with Christian's in power if they actually adhered to the teachings of Christ. Unfortunately I don't think rampant greed and bloodthirsty militarism are Christian values, and those are the two basic tenants of the so called "Christians" taking over America and the Republican party. Just as extremist Muslims are an abomination to Islam, extremist Christians are an abomination to Christianity. If there was a second coming and Christ appeared in America did the things he did, and said things he said 2000 years ago, he'd be locked up or killed by the "Christians" running the U.S.

          I'm working hard to line up a country where I can go and stay, and renounce my citizenship. No point in moving out of the U.S. and keep the passport and keep paying taxes to support the current madness. Its not easy. It takes a lot of work to find a country that will be a good place to live and that isn't completely under the thumb of the U.S. America's shadow has become so long there really aren't many places left in the world where you can escape it. I lost track but I think the U.S. has troops in something like 135 countries and I imagine the FBI and CIA are meddling in the same number or more.

          I tried to read your link. It was pretty dumb. Its just further proof of how far off the deep end the right wing fringe in the U.S. has gone. I'm really sure there is a left wing conspiracy to use schools to convert everyone to Islam.

          I know you'll hate it but I think it is a good idea if schools teach courses in all the major religions, from a cultural and historical perspective. It might alleviate a lot of ignorance and promote more understanding and tolerance. It might fix the acute case of tunnel vision infecting most Christians in the U.S. Again they seem to regurgitate the New Testment the same way Madrasas regurgitate the Koran. No one actually listens to whats those books say, or connect that those teachings are pretty much the exact opposite of the things most of their political, economic and religious leaders are actually doing in the names of those great teachings.

  • Wrong headline (Score:5, Funny)

    by Oriumpor (446718) on Friday September 24 2004, @07:39PM (#10345685) Homepage Journal
    But I guess Chimp hacks Access Database isn't really news.

  • Has Black Box thought of this? (Score:5, Interesting)

    by Iphtashu Fitz (263795) on Friday September 24 2004, @07:43PM (#10345698)
    Because Access functions are already built in to the Windows operating system, the totals could be altered even if a computer did not have Access installed on it...

    But Maryland election officials agreed with Bear that no hacking can happen unless the hacker is physically at the computer.

    How long until somebody writes a virus/worm/trojan that does nothing on most Windows boxes (other than propagate) and on systems where GEMS is detected then around 8:00pm on election day just go wreak havoc with the election results? No physical access to the GEMS systems is needed. If those machines are hooked up to the internet at any time prior to the election (like to get Windoze updates) they could potentially become infected with just such a worm.

    Yeah, I know it's a stretch. Just playing devils advocate...
  • beowulf cluster of chimps could do.

  • Dacek does not have the right idea here... (Score:5, Insightful)

    by Awptimus Prime (695459) on Friday September 24 2004, @07:49PM (#10345731)
    Dacek said Wednesday that she fears that critics of the new voting system may try to physically sabotage the machines. She pointed to a recent incident in which a poll judge had to be ordered to return a voting machine that was used for demonstrations at an suburban folk festival.

    Does anyone else find it rather strange they are worried about the "critics" and not the ones who seem to be in a big hurry to get these insecure systems in place? In my mind, the critics are the ones trying to stop a possible hi-jacking of democracy.

    This reads like a AM radio talk show host comparing protestors at a convention to terrorists.

    • Bingo. It's classic kill-the-messenger stuff: critics = protestors = anti-American = TERRORISTS! Thus anyone who dares to criticize the machines, and to suggest that just maybe possibly there might be a little something wrong with the largest voting machine company in the country being run by someone who has publicly vowed to do everything in his power to deliver votes for a specific candidate ... can be written off as an America-hating nutcase.

      Why do YOU hate America so much, Citizen?

  • Fight back with your code... (Score:5, Insightful)

    by mantera (685223) on Friday September 24 2004, @08:02PM (#10345779)


    The idea that elections can be entrusted to the Diebold corporation is wholly absured when you consider that democracy is an activity of the people, for the people and by the people. Of course the results will be and ***SHOULD*** be questioned; that's the whole point of a democracy. That's why an open source voting system is and should be the only way to do computerized voting; it's open to scrutiny by anyone and everyone, and such it is, eventually and ultimately, beyond scrutiny when the final vote is out.

    The open source community should produce as soon as possible an effective, secure, and open source voting system that's ready for reliable usage. It's one thing to criticize Diebold, it's another thing to question an elected official why an open source solution that's proven and secure and anyone can know the ins and outs of is not implemented and another obscure, closed, and highly questionable one is entrusted.

  • Reset the Election (Score:5, Funny)

    by Soldrinero (789891) on Friday September 24 2004, @08:12PM (#10345818)
    Did anyone else burst out laughing when they read this?
    The entire voting record can be deleted by choosing "reset the election" on a drop-down menu, he said, or a hacker can destroy a tabulator's ability to recognize ballots by un-selecting three checkboxes on a program control panel.

    I mean, really. They practically have a button that says "Press to Hack Election."

  • Bulls**t (Score:5, Interesting)

    by uncoveror (570620) on Friday September 24 2004, @08:21PM (#10345847) Homepage
    Diebold says...
    Even if the system could be hacked, he said, it could only be done by a person with "unfettered access to the system." Bear noted that elections are not just the machines, but also the people who work the elections.

    "Quite honestly it's somewhat insulting to elections officials and volunteers," he said to the idea that elections officers would tamper with vote results.

    At every election I have voted in, the officials and volunteers are retirees who have VCRs flashing 12:00! They would never know it if some young whipper-snapper was farting aroung with the newfangled high-tech whizbang voting machines, nor will they be able to help anyone if the machines screw up.

  • Diebold responds (Score:5, Funny)

    by HangingChad (677530) on Friday September 24 2004, @09:16PM (#10346025) Homepage
    When asked about the chimp hacking their voting machine a Diebold spokesman shrieked loudly, barred his teeth and threw feces at the offending reporters.

  • Missing the point, they don't understand computing (Score:5, Insightful)

    by t_allardyce (48447) on Friday September 24 2004, @09:28PM (#10346082) Journal
    What Diebold clearly don't understand (or care about) is that while trust in the election officials has always been very important, never before could one single person change all the votes in seconds leaving no evidence! Its like being able to stick your coat hanger through a stack of 50 million punch-cards and have the chads disappear into thin air. But that's not even half of it - they just assume that it can only be done with physical access to that machine - how can they be sure the data is secure on its way to the machine? What if its already been compromised? With a system as complex as the average computer you have allot of exits to cover. At least with paper it would take an army of people to fake 50 million ballots, with computers it could potentially take a few lines of code and an opportunity. Its not even in Diebolds interests to secure things like verifiable election logs, because, if something does screw up Diebold certainly wont want you to know. This is why we call privatisation "The short-sighted or externally lobbied greed of a government in which an enterprise requiring only better management is aquired by worse management who take all profits and place them in a tax haven or a yacht."

  • e-voting machines are horseshit (Score:5, Insightful)

    by maxpublic (450413) on Saturday September 25 2004, @12:34AM (#10346728) Homepage
    That's the plain and simple of it. No one has ever been able to demonstrate that they'll save money during an election, nor that they're anywhere close to being secure. Diebold's machines are black-box proprietary and it's essentially impossible to determine if someone (say, a bought-and-paid-for Diebold exec) has tampered with the results.

    I used to work with county and city elections. No machines were used, just a supervisory staff of elections officials and a horde of volunteers. All voting locations would count each box of ballots twice, each time by a different person, and if the tallies weren't exact they'd go through the whole process again for that ballot box. This would continue until two separate individuals got the same count for the box.

    Afterwards, all of the paper ballots would be boxed and stored in a secure location in case it became necessary to do a recount. And again, all recounts were done by box, twice, and any discrepancies meant starting over from scratch for that box.

    This wasn't a terribly expensive way of doing things. The primary cost was in printing and mailing the ballots (for mail-ins). The elections sites themselves were run by volunteers, and the supervisory staff was already paid for. Fraud was rather difficult to pull off on the part of the volunteers and the entire process was 'open source'. Individual citizen groups could demand to have a representative sit in on the recounts, as could any political party that was running a candidate.

    Why, exactly, are we dumping a system like this for Diebold machines? It makes no sense at all unless someone is specifically looking for a way to fuck up the elections in their favor, or in favor of whomever happens to be paying them off.

    And don't tell me that this system can't be scaled; that's bullshit. The system I'm speaking of here was used on the city, county, and state level. If it can be done by one state, it can be scaled for any state, and it's the STATES who run the elections, not the federal government.

    Max

    • Re:Fair and balanced?? (Score:5, Insightful)

      by stockmaster (574940) on Friday September 24 2004, @07:23PM (#10345601) Homepage
      I agree that there is an apparent bias in the politics of the stories submitted by CmdrTaco, though I feel any individual contributor to Slashdot is certainly entitled to have a bias. That's the great thing about the availability of feedback; we can all express our opinions.

      However, most of the rejected stories you listed have nothing to do with technology; they merely describe political news or events. I think the bias Slashdot has toward "news for nerds" is appropriate; we can get our pure political news from other sources.

      When I'm reading slashdot, I'm looking for info about tech trends and social impacts therefrom, nothing more.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.