[ISN] Test shows voter fraud is possible

InfoSec News isn at c4i.org
Mon Jun 6 12:21:57 EDT 2005


By Tony Bridges
June 04, 2005

All it takes is the right access.

Get that, and an election worker could manipulate voting results in 
the computers that read paper ballots - without leaving any digital 

That was the verdict after Leon County Elections Supervisor Ion Sancho 
invited a team of researchers to look for holes in election software.

The group wasn't able to crack the Diebold system from outside the 
office. But, at the computer itself, they changed vote tallies, 
completely unrecorded.

Sancho said it illustrates the need for tight physical security, as 
well as a paper trail that can verify results, which the Legislature 
has rejected.

Black Box Voting, the non-profit that ran the test and published a 
report on the Internet, pointed to the findings as proof of an 
elections system clearly vulnerable to corruption.

But state officials in charge of overseeing elections pooh-poohed the 
test process and dismissed the group's report.

"Information on a blog site is not viable or credible," said Jenny 
Nash, a spokeswoman for the Department of State.

It went like this:

Sancho figured Leon County's security could withstand just about any 
sort of probing and wanted to prove it.

He went to one of the most skeptical - and vocal - watchdogs of 
election procedures. Bev Harris, founder of Black Box Voting, had 
experience with voting machines across the country.

She recruited two computer-security experts and made the trip to 
Tallahassee from her home in Washington state three times between 
February and late May.

Leon County is one of 30 counties in Florida that use Diebold optical 
scanners. Voters darken bubbles on a sheet of paper, sort of like 
filling in the answers on the SAT, and the scanners read them and add 
up the numbers.

So the task was simple. Get in, tamper with vote numbers, and get out 

They made their first attempts from outside the building. No success.

Then, they sat down at the vote-counting computers, the sort of access 
to the machines an employee might have. For the crackers, security 
protocols were no problem, passwords unnecessary.

They simply went around them.

After that, the security experts accomplished two things that should 
not have been possible.

They made 65,000 votes disappear simply by changing the real memory 
card - which stores the numbers - for one that had been altered.

And, while the software is supposed to create a record whenever 
someone makes changes to data stored in the system, it showed no 
evidence they'd managed to access and change information.

When they were done, they printed the poll tapes. Those are paper 
records, like cash register tape, that show the official numbers on 
the memory cards.

Two tapes, with different results. And the only way to tell the fake 

At the bottom, it read, "Is this real? Or is it Memorex?"

"That was troubling," Sancho said.

Leon County more secure

A disaster?

Not exactly.

In Leon County, access to the machines is strictly controlled, limited 
to a single employee. The memory cards are kept locked away, and 
they're tracked by serial number.

Those precautions help prevent any tampering.

"You've got to have security over the individual who's accessing the 
system," Sancho said. In fact, "you've got to have good security and 
control over every step of this process."

The trouble is, not every county is as closely run.

In Volusia County, her group has found what they think was memory-card 
tampering during the 2000 election. More than 16,000 votes for Al Gore 

Harris said her research turned up memos - obtained from the elections 
supervisor's office - that blamed the failure on an extra memory card 
that showed up, and disappeared, without explanation.

She believes that was an attempt to change the outcome of the 
election, but one carried out clumsily. The test in Leon County proved 
it was possible, if done by more experienced computer programmers, she 

So what does the Department of State say?

Nash, the spokeswoman, said that the Diebold systems were designed to 
be used in secure settings, and that, by giving the testers direct 
access to the computers, Sancho had basically allowed them to bypass 

In other words, not much of a test.

Except that the security experts were given only as much opportunity 
as any other election worker would have. Less so, considering that 
Sancho did not provide them with passwords or any other way to 
actually get into the programming.

As for the exact vulnerabilities that Harris reported - and Sancho 
confirmed - Nash said no one from the state could comment, since they 
hadn't been present at the test.

She added later that Sancho could request help from state certifiers 
if he had concerns, but had not asked yet.

To read the entire report, visit www.BlackBoxVoting.org. 

Ion Sancho, supervisor of elections, will post a summary of the test 
results this weekend at www.leonfl.org/elect/

More information about the ISN mailing list