Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
United States Government Security Politics

Security Firm Shows How To Hack a US Voting Machine (bleepingcomputer.com) 209

An anonymous reader writes: "Three days before the US Presidential Election takes place, California-based security firm Cylance showed the world how easy it is to hack one of the many [electronic] voting machine models that will be deployed at voting stations across the US on Election Day." Bleeping Computer reports that "The machine that Cylance researchers chose for their test was the Sequoia AVC Edge Mk1, one of the most popular models... The technique researchers created modifies the Public Counter, but also the Protective Counter, which is a backup mechanism that acts as a redundant verification system to ensure the first vote results are valid." Physical access is needed to hack the machine, but the hack takes a short time to perform.
FBI Director James Comey said in September that America's voting machines would be hard to compromise because they're not connect to the internet, but these researchers simply used a PCMCIA card to reflash the machine's firmware. Comey also made the reassuring point that it's hard to "hack into" America's voting system because "it's so clunky and dispersed. It's Mary and Fred putting a machine under the basketball hoop at the gym."
This discussion has been archived. No new comments can be posted.

Security Firm Shows How To Hack a US Voting Machine

Comments Filter:
  • by OffTheLip ( 636691 ) on Monday November 07, 2016 @07:40AM (#53228243)
    How do bad actors accomplish that on a large scale?
    • by Zak3056 ( 69287 ) on Monday November 07, 2016 @08:01AM (#53228357) Journal

      They and a few hundred of their friends could register to vote?

      Guaranteed physical access to at least one machine per person involved in the conspiracy. Flipping a few key precincts is all you need to have a high probability of changing a US presidential election outcome.

      • by Entrope ( 68843 )

        For the most part, they'd need to be registered in each precinct. Registering with a fake address is one of the easier forms of voting fraud to detect.

        • by rmdingler ( 1955220 ) on Monday November 07, 2016 @08:25AM (#53228517) Journal

          For the most part, they'd need to be registered in each precinct. Registering with a fake address is one of the easier forms of voting fraud to detect.

          Yes. There is also little need to rig the precincts because the two-party system itself dominates the electoral landscape.

          Here are your "choices", voters! Aren't you grateful you live in a free Republic?

        • by Zak3056 ( 69287 )

          You'll note that, apart from rigging the machine, I did not suggest any other form of voter fraud needed to be a part of the conspiracy. Your confederates could actually live in those precincts (or live there just long enough to establish residency and vote there).

          I'm not suggesting this especially realistic, just that this is how one could gain physical access to many voting machines to tamper with an election, which was the question asked by the OP.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      How do bad actors accomplish that on a large scale?

      For example, there are Democratic Party's employees in every single town in the US, they are very well funded and organized, and even an 80 year old drunkard can simply insert and remove a pre-configured PCMCIA card, there's no need for "hackers"...

    • Everybody knows a four hundred pound hacker can cyber in and PCMCIA over the Internet. The security aspect of cyber is very, very tough.

    • by ArchieBunker ( 132337 ) on Monday November 07, 2016 @08:37AM (#53228607)

      Break into the warehouse where the machines sit for 4 years...

    • And this isn't the only make of voting machine used in the US. Large scale voting fraud just isn't possible in the US. Thousands of jurisdictions, potentially unique ballots for each jurisdiction, several different types of voting machines, plus absentee and early voting.

      • You don't need large scale fraud, you only need to defraud key population centers in a state. Think of how the electoral college works, you have districts broken up geographically and weighted by relative population. Take my state of New York for instance, this place is a solid lock for Hillary but most people don't realize how red it is; because of the overwhelming number of people in NYC we always come up blue in the polls. There are literally millions of people elsewhere in the state that are die hard re

      • Large scale voting fraud just isn't possible in the US

        And you know this how? Because the fact is, you can't possibly assure me that there is no large scale fraud, because we have absolutely no way to detect and protect the vote against fraud. Just because you say it, doesn't mean it isn't happening.

        My guess, is that fraud is happening in just about every precinct. Which means it is large scale. It may or may not be organized, we wouldn't know. Unless you watch Project Veritas which kinda shows it is organized and large scale.

    • by Geoffrey.landis ( 926948 ) on Monday November 07, 2016 @09:19AM (#53228881) Homepage

      How do bad actors accomplish that [physical access] on a large scale?

      Voting machines are stored when they are not in use, and in general, the places they are stored are not guarded by armed guards. (And, more to the point, are not guarded by pairs of armed guards.)

      To get physical access to the machines, you just need to get a key to the warehouse that they're kept in. Try the janitor.

      There are a large number of people associated with each voting precinct. You just need to insert one person. And you don't need to alter all the machines-- just a few.

      • To get physical access to the machines, you just need to get a key to the warehouse that they're kept in.....And you don't need to alter all the machines-- just a few.

        I think you're overstating the ease of this. I have absolutely no idea where they keep the voting machines in my city between elections. I don't know if it's in one location or many. I don't know if they are somewhat distributed based on where they are used, or all in one central location. I'm guessing that only a small handful of people know these details. How do you propose figuring that out without arousing suspicion? Take all the janitors out for drinks and ask them about the warehouse contents? How do

        • You just proposed the "security by obscurity" approach to voting machine security.

          You said it's hard for you to know what the security-- if any-- is for the physical location of voting machines, and since you don't know how to find out, that means they're secure!

          Note that you haven't pointed to any reason to think at all that this information is being kept secret-- you just stated that you don't know, and therefore since you don't know, you "guess" that only a handful of people know.

    • Pay residents (or even better, just ask rabid supporters of one party amd tell them they can help their party win) of different voting districts to register and then do the 'needful' on voting day.

      Considering recent fraud operations ny syndicates have managed to withdraw funds from 1400 ATMs in 2 hours (e.g. http://money.cnn.com/2016/05/2... [cnn.com]) it really shouldn't be significantly more difficult to swing an election result.

    • Doesn't need to be a very large scale-- a few key precincts in each of a few key states could likely tilt the presidential election and be very hard to detect. P0wning a single county could easily skew a senate race, a couple house races, and maybe a governor.

      Unfortunately with the state of politics in the US, it is so stupidly divisive and partisan that few places have a margin of more than 3-5% on a presidential election.
    • They don't need to, they just need to go after a few machines in Florida or some other closely contested district. But still a good point, would a gamble like this be worth the cost and the risk? Maybe, since the risk could be limited to the dupes who did the actual work.
    • by TheRaven64 ( 641858 ) on Monday November 07, 2016 @09:34AM (#53229003) Journal

      You don't need to do it on that large a scale, especially for the Presidential elections. In 2012, which wasn't a particularly close election, flipping 63 electoral college votes would have let the Republicans win. Either Washington State or Colorado and California turning red would have changed the election outcome. Changing California red (by one vote) would have required changing 1,507,164 votes. Los Angeles alone had enough votes for Obama that compromising it and making it around 80% Romney would have been enough to flip California. It would probably be quite suspicious if polling were that wrong, but scattering a few attack devices throughout Democrat-voting areas and reducing the majority there would probably not have been picked up, and if it's only two states where the polling is particularly different from the eventual outcome then people won't be too suspicious.

      2000 was a lot closer. Changing only 5 Electoral College votes would have changed the outcome. If Al Gore had carried his home state, no one would have been particularly surprised and that would have ensured that he won with a fairly large margin. Rigging the voting machines so that 40,115 Republican votes across the state were counted as Democratic wouldn't have raised any eyebrows, but would have inverted the outcome of the national election. The election was hotly contested because Bush won Florida by a mere 537 votes, giving him all of the state's 24 Electoral College votes. A single compromised voting machine could easily have moved 269 votes from Bush to Gore and changed the election outcome. Of course, some will claim that compromised voting machines did flip around that number in the opposite direction...

      • 2000 was a lot closer.

        Indeed, Al Gore only got 543895 votes more than Bush, so Bush would have had to compromise only a few machines to switch 275000 votes in order to win.
        Wait a minute! Your electoral system is fricking retarded, so Bush didn't have to change anything!

    • How do bad actors accomplish that on a large scale?

      You don't need to do it on a large scale, with the Electoral College Electors allocated on a all or nothing basis in all but 2 states, a small amount of fraud conducted in a few swing-states is enough to change a national election. Basically all you have to do is look at where the candidates are conducting rallies in the last 2 weeks, and you'll see where a little fraud will go a long way.

  • So Sanders has a chance after all.
  • by geekmux ( 1040042 ) on Monday November 07, 2016 @07:45AM (#53228277)

    "Comey also made the reassuring point that it's hard to "hack into" America's voting system because "it's so clunky and dispersed..."

    Did the FBI just use "clunky and dispersed" as an excuse to dismiss the lack of security surrounding the very core of our democratic process?

    What kind of ignorant fuckery is this shit?

    How about we properly mitigate security risks with a common sense approach that's a bit better than relying on Mary and Fred under the basketball hoop.

    Did he recently meet someone out on a tarmac or something? Just curious...

    • How is that a bullshit defense?
      I've heard the self-appointed security experts scream about how bad "monocultures" are for security, and Comey basically just said that there isn't a monoculture in the voting systems. That should be a good thing.

      • by GNious ( 953874 )

        Mono-cultures are bad, but heterogenic IT environments are not inherently good - they still need to be otherwise safe, and not merely rely on being "varied".

      • How is that a bullshit defense?
        I've heard the self-appointed security experts scream about how bad "monocultures" are for security, and Comey basically just said that there isn't a monoculture in the voting systems. That should be a good thing.

        Because it would be fairly easy to buy off a few "Marys and Teds" in a few key districts. You likely wouldn't even need to buy them off. Becoming a janitor at the place where the machines are stored would probably be sufficient. Clunky and dispersed is not a security strategy. It does make it slightly harder to coordinate a large scale attack but only slightly. You lose the advantage of doing it all at once but you gain the advantage that each place has it's own security and my guess is that many of th

    • Re:Bullshit defense (Score:5, Interesting)

      by dywolf ( 2673597 ) on Monday November 07, 2016 @08:17AM (#53228459)

      its not ignorant just because you don't understand the point being made.

      theyre making the point that because we don't have a uniform centralized system controlled from the top down anyone who actually wants to attack the electoral process would have to expend a tremendous amount of resources to have any affect.

      my county uses paper ballots, that go into a scantron type scanner permanently attached to a large pelican case. the scanner is non-networked. the next county over still uses punch cards (hopefully of a better quality than Florida's). in both cases the final tally is only accessibly by authorized personnel who must physically transcribe the number, with multiple person verification, onto a form that's reported to the sec state.

      the clunky and dispersed nature of the system IS a form of security, rather than a lack of it.
      an attacker might be able to exploit a flaw in the machines or even the people used by one county, but that's it. the attack can't proceed any further than that one county. to scale up requires an equal level scaling up in the size of the conspiracy and it simply becomes unworkable and unreasonable to actually pull off.

      • All it takes is a centralized organization wanting to empower multiple parties to carry out the attack on a local scale. It might be easier to get caught with more people in play, but you aren't talking about some conspiracy of thousands-- 40-50 people might have a substantial impact.
        • by dywolf ( 2673597 )

          you still missed the part where its not "the attack" but the "several dozens of different attacks".
          40-50 people wouldn't even get you one state.

          no, the voting machines simply aren't a practical workable attack vector.

          no, I think the best place to try to influence the instead is a single point of failure, say, a single person, easily corruptible.
          like say the person who runs the state elections, the state Secretary of State.

          and oddly enough, it seems that's exactly what has been done, such as the one in North

      • ...and that's assuming nobody notices a voter shutting down the machine, opening the case, installing a PCMCIA card, and bringing it back up... Pretty dubious, if you ask me. The level of conspiracy required to give someone enough time to not be detected while doing that would almost require a totally compromised election process to begin with--and if you have that, why bother compromising the machines?

      • The way the election works you don't need to rig it in a massive number of systems. There's no point in rigging an election in Illinois.

        Find a battle ground state.

        Find a battle ground county.

        Flip a small few hundred votes.

    • Comey is quite correct actually. The USA is very large, with thousands of voting stations. Compromising one or two machines may be easy, but compromising thousands, not. Maybe you should come out for fresh air more often for a reality check.
      • Comey is quite correct actually. The USA is very large, with thousands of voting stations. Compromising one or two machines may be easy, but compromising thousands, not. Maybe you should come out for fresh air more often for a reality check.

        Here's a breath of fresh air for you. The wealthy and powerful spend millions of dollars to essentially buy (the legal term is fund) an election to ensure their selected candidate wins, so never underestimate the effort many take to ensure a win. A Secretary of State used connections to threaten Attorney Generals on tarmacs to avoid prosecution, forensically nuked evidence, ensured all those involved were untouchable with an unprecedented amount of immunity deals, and then lied to the American people abou

    • by Calydor ( 739835 )

      How clunky and dispersed was Hillary's email server?

    • by jez9999 ( 618189 ) on Monday November 07, 2016 @12:29PM (#53230529) Homepage Journal

      Comey is the guy who's come out and said Hillary Clinton is basically innocent of any criminal wrongdoing. You'll forgive me if I don't have too much faith in his opinion.

      • He basically said she was "not charged", and incompetent. The problem is, liberals only see that as "innocent" and not the "incompetent" part.

        Any sufficient level of incompetence is indistinguishable from malice. (apologies to Arthur C Clarke)

        (NO, I am not voting for Trump either)

  • by account_deleted ( 4530225 ) on Monday November 07, 2016 @07:54AM (#53228327)
    Comment removed based on user account deletion
    • by Joe_Dragon ( 2206452 ) on Monday November 07, 2016 @08:00AM (#53228347)

      and your boss can force you to vote their way with that as well.

      • The receipt can be some soft of salted checksum/encrypted key of your vote. It should be easy for the system to verify that your vote counted without revealing how you voted.

        This would solve both problems of verifying your vote counted, and keeping it secret.

    • "Vote for $CANDIDATE or your daughter has an accident. Bring me your ballot receipt on Tuesday night and we can forget this conversation ever happened."

      We have secret ballots for a reason.

    • by CajunArson ( 465943 ) on Monday November 07, 2016 @08:13AM (#53228435) Journal

      Scantron is fine since it combines a simple, reliable, non-networked and relatively hard to hack scanner at each polling location with easy to read paper ballots as a backup in case of mischief. That combines the basically instantaneous and accurate results of a machine with the

      The receipt of who you voted for is a disastrously bad idea though. First of all, there's no way that receipt could ever be used in a recount for obvious chain-of-custody reasons so it doesn't reduce fraud at all. Second of all, it makes it so that a black voter in Philly better show that he voted for Hillary or else -- or that a white voter in rural Alabama better show he voted for Trump or else. Nobody (ok, nobody with any integrity) wants that.

    • by Anonymous Coward on Monday November 07, 2016 @08:24AM (#53228507)

      *Sigh* - the voting system shouldn't have a receipt you can use to prove who you voted for. This leads to (a) vote selling and (b) coercion. This is a simple basic requirement of the voting system. Please don't make recommendations until you learn the basics.

    • Instant voter fraud protection because if your vote mysteriously goes from Clinton to Trump or vice versa

      Vote swapping is far from the only type of voter fraud out there and this wouldn't address the others.

      It also gives rise to voter intimidation. Currently there is the one copy of the vote and the voter is the only person that actually knows who they voted for. So if someone is intimidating them to vote one way or another, they can still vote as they want and tell the intimidator whatever they want to hear. Add in receipts and not the intimidator can verify that they voted as directed and take action if they

    • by ghoul ( 157158 )

      This would work if instead of giving the receipt to the voter the receipt was put into a ballot box and the ballot boxes stored. If anyone disputes the electronic count as they find it not matching their expectation you file a challenge and the stored ballot boxes are counted manually. This also solves the issue of pushing the wrong button. As the vote is printed out the voter can see they pushed the worng button so they can cancel the vote and do another. Machine will store which votes were cancelled so du

    • You press down hard and get a carbon copy of your ballot to take home.

      I don't WANT a carbon copy to take home; so after the revolution the other side finds my old ballots and puts me up against the wall.

      I want the electronic voting machine to spit out a receipt summarizing my choices that I can look over and drop in the guarded box on the way out. If fraud/bugs/whatever is suspected in the machine's tally then the election officials can manually add up the papers from the box.

  • by Anonymous Coward

    ... some months from now, regarding the alleged vote-rigging through hacked voting machines during the 2016 presidential elections:

    "Although we did not find clear evidence that Hillary Clinton or her colleagues intended to violate laws governing federal elections, there is evidence that they were extremely careless in the handling of voting machines...".

    Following the above statement, and after riots and protests in the streets, the FBI reopens the investigation, analyzing 650K contested votes in Florida whi

  • by Anonymous Coward

    Is wireless access to the machines. A machine does not have to be connected to the internet to be hacked remotely. How many of these machines have wireless cards? Then, all a hacker (or insider) needs to do is pull up to the voting location with a laptop that has a wireless connection and all the right passwords and . . . . code adjusted! There are reports of this happening in Virginia when Mitt Romney went up against Ron Paul in 2012. It was a very close election at one precinct that was going up and

  • Paper... (Score:5, Insightful)

    by JasterBobaMereel ( 1102861 ) on Monday November 07, 2016 @09:00AM (#53228755)

    The paper and pencil voting system with manual counting is even more unhackable, and easily verifiable whilst still being anonymous and immune to vote selling ad coercion ...and is used all over the world with no real issues ....

    • The paper and pencil voting system with manual counting is even more unhackable, and easily verifiable whilst still being anonymous and immune to vote selling ad coercion ...and is used all over the world with no real issues ....

      Yes, this is correct. As Stephen Spoonamore says, "Paper ballots, please".

      These touch-screen voting machines cannot be trusted. If for no other reason than their code is proprietary. If they can't be independently audited, they can't be trusted. In some cases machines have been observed to flip votes and count backwards. Why would a voting machine need to be able to subtract or process negative numbers? In short, they shouldn't.

      Paper ballots, please.

      • by Durrik ( 80651 )
        Even if their code was open source, you still can't trust them. Especially if the people rigging the machines is the people who own the machines.

        Who is going to be able to verify all the lines of code? Even if you had a million programmers looking at it, something will probably still slip through, after all there are contests every year on making code that looks legit but is actually nefarious.

        Who makes the compiler? Can you trust them? Has the code for the compiler been checked into? There's a legend
    • The paper and pencil voting system with manual counting is even more unhackable, and easily verifiable whilst still being anonymous and immune to vote selling ad coercion ...and is used all over the world with no real issues ....

      Agreed. And in most of the rest of the world they require 1) a photo ID and 2) dye a finger. Put all that together and elections are are pretty easy to do. It's odd that there's one party that is against common-sense voting laws.

      • by sbaker ( 47485 )

        The "dye a finger" thing has some concerns. In some elections, you really want a certain class of person to just not vote. The dyed finger is proof that you voted - and it's hard to wash off (intentionally, obviously). So the bad guy can threaten to beat the crap out of people who voted and still gain an edge. This isn't a theoretical problem.

        Of course, you can achieve a similar effect by simply hanging out outside the voting location and noting which people went inside.

        But the easier you make it, th

    • by Mitreya ( 579078 )

      The paper and pencil voting system with manual counting is even more unhackable, and easily verifiable whilst still being anonymous and immune to vote selling ad coercion ...

      But you cannot sell expensive machines at a large markup if you used reliable paper-and-pencil voting.

    • by BenBoy ( 615230 )
      This! Pushing electronic voting is inexplicable unless you're either in sales for voting machines or want riggable elections. And if it's the latter, better hope you're the only party interested in doing the rigging. I'm a big fan, btw, of broken-arrow ballots [stackexchange.com]
  • How about an article on hacking an election? Oh wait that's what politicians normally do. No news there.
  • Geez, it's like no one ever thought of protecting the counters by making a hand-written backup of those numbers after the machines have been certified, but before voting begins.

    I am a volunteer poll worker in Virginia. Not only do we record in pen those numbers when we open the equipment, we do a running comparison of the public counter totals to the total number of people who were checked-in on the poll books, every hour. If those numbers are off by even 1, it is a major event, we have to make an immediate

    • by sbaker ( 47485 )

      So if someone shows up, checks in, then doesn't actually vote...it throws you into chaos? I think that's something you might not want to advertise too widely!

    • Thanks for the info. Let's go a bit deeper.

      Say the totals don't match by a couple. What happens to the votes from that particular machine (or the polling place in general)?

      Could these type of activities be used not to alter the results of an election, but for disruption?

  • So to pull this off you need (a) a voting machine to play with to learn the techniques and (b) physical access to every voting machine you need to influence.

    My approach is to make a completely fake voting machine, with the same interfaces as the real thing - and just swap the whole machine out when I have physical access to it.

    This thought-experiment shows that with those two things (a machine to play with and physical access) there is no conceivable security measure that'll be 100% effective. So control

  • Man, seems like everyone is wanting to spread FUD on elections items.

    Let's see, OH, yes, Wired ran a guide yesterday to how to rig an election in 10,000 easy steps:

    https://www.wired.com/2016/10/wireds-totally-legit-guide-rigging-presidential-election/?mbid=social_twitter

    Way easier just to pay off your special interest groups.

Computers are not intelligent. They only think they are.

Working...