Book Reviews | Gordon Campbell | News Flashes | Scoop Features | Scoop Video | Strange & Bizarre | Search

 


Diebold Confirms U.S. Vote Count Vulnerabilities

Diebold Internal Mail Confirms U.S. Vote Count Vulnerabilities


By Alastair Thompson


Scoop Full Coverage "A Very American Coup"

Scoop has obtained internal mail messages from Diebold Election Systems which clearly and explicitly confirm security problems in the GEMS vote counting software that were highlighted in reports published on Scoop.co.nz and widely elsewhere in July.

In the internal mail Diebold Election Systems principal engineer R&D Ken Clark - then working for Global Election Systems before Diebold took the company over - responded to an internal query over a security problem. The official certification laboratory responsible for assessing the voting technology company software's robustness had noticed a problem, and a staff member was seeking Clark's advice.

Diebold Election Systems technical writer R&D Nel Finberg wrote to the "support" list on 16th October 2001: "Jennifer Price at Metamor (about to be Ciber) [this is the certification lab responsible for certifying all United States voting software] has indicated that she can access the GEMS Access database and alter the Audit log without entering a password. What is the position of our development staff on this issue? Can we justify this? Or should this be anathema?"

The "GEMS Access database" that Finberg refers to is a piece of computer software which is loaded onto county election supervisors computers. It is responsible for tallying votes from county precinct voting booths, these results are typically modemed into the central computer.

Significantly this software is responsible for tallying all votes, optical scan, touchscreen and absentee ballots. It was this software that Scoop initially reported was all too easy to hack in its July 8th report from Bev Harris.

In reply to Finberg's query Clark responded with an astonishingly frank posting which clearly confirms most of the worst aspects of the GEMS system security outlined by Harris in her July report.

Clark: "Right now you can open GEMS' .mdb file with MS-Access, and alter its contents. That includes the audit log. This isn't anything new. In VTS, you can open the database with progress and do the same. The same would go for anyone else's system using whatever database they are using. Hard drives are read-write entities. You can change their contents.

Now, where the perception comes in is that its right now very *easy* to change the contents. Double click the .mdb file. Even technical wizards at Metamor (or Ciber, or whatever) can figure that one out." (Clark's full email response is attached below)

In these two paragraphs Clark confirms:
- That anyone using an off-the-shelf copy of Microsoft Access can freely open and alter the election tally database;
- That in doing so they can also edit the audit log (which is hyped in sales literature as preventing tampering) thereby removing any evidence of their tampering;
- That these security flaws have been in place for a considerable period of time.

Clark here confirms the findings about GEMS first reported by Bev Harris and recently demonstrated by San Luis Obispo county voting activist Jim March.

**** SIDEBAR ****

CORRECTION/CLARIFICATION 29/11/2003: Scoop's copies of the memo's used for this article and others were supplied by "Black Box Voting in the 21st Century" author Bev Harris.

WHERE THE INTERNAL MAIL CAME FROM

The internal Diebold Election Systems – then Global Election Systems - communications come from a database of Diebold Election systems support staff internal communications which Wired Magazine reported on August 7th had been sent to the media.

"The unidentified attacker provided Wired News with an archive containing 1.8 GB of files apparently taken March 2 from a site referred to by the Ohio-based company as its 'staff website.' " Wired reported.

At the time of the breach Wired quoted representatives of Diebold Election Systems, saying the company was investigating the security breach and reviewing the contents of the archive.

"Director of Communications John Kristoff said the stolen files contained 'sensitive' information, but he said Diebold is confident that the company's electronic voting system software has not been tampered with.," Wired reported.

**** SIDEBAR ****

Reading further in the internal mail folder we discover how Global Election Systems responded to the software certification company Metamor, and how it is possible that these security flaws - noted by the certifier's in October 2001 – came to still be present in software found on the insecure Diebold Election Systems FTP site in early 2003.

Clark continues: " Bottom line on Metamor is to find out what it is going to take to make them happy. You can try the old standard of the NT password gains access to the operating system, and that after that point all bets are off. You have to trust the person with the NT password at least. This is all about Florida, and we have had VTS certified in Florida under the status quo for nearly ten years.

"I sense a loosing battle here though. The changes to put a password on the .mdb file are not trivial and probably not even backward compatible, but we'll do it if that is what it is going to take."

As it turns out Clark was wrong. His battle to maintain an easily compromiseable vote counting software architecture was entirely successful.

Nel Finberg's response to Ken shows the official software certification laboratory bought the "the old standard" explanation hook line and sinker – notwithstanding the fact that this is in fact no solution at all, and that even Clark is acknowledging this to be the case.

Finberg: " Thanks for the response, Ken. For now Metamor accepts the requirement to restrict the server password to authorized staff in the jurisdiction, and that it should be the responsibility of the jurisdiction to restrict knowledge of this password. So no action is necessary in this matter, at this time."

And so in other words nothing was done. The security hole was left wide open for Bev Harris to discover this year.

Moreover Clark is saying here in his reference to Florida that this hole has been open for at least a decade!

In layman's terms the effect of the above is to show this.

The election supervisor or anyone else with administrator access to the Windows NT machine running the tally - which is hackable by definition as Windows NT is hackable - can alter the vote tally in the course of an election and delete any evidence of their tampering with impunity. All they would need to know, as Bev Harris exposed recently, is that they need a copy of Microsoft Access. And this software need not even be located on the machine that is being tampered on.

Moreover if Clark is to be taken on his word (see below) then the fact that Microsoft Access can be used in this way is fairly well known in election supervisor circles. Clark refers in his email (read in full below) to "fancy footwork" being done in Gaston County, and to King County, Washington State, being "famous" for end-running the database – a phrase which on its face appears to mean hacking with the election tallying database.

And so in a single email message Diebold Election Systems' Ken Clark has effectively placed not only his own competence and integrity into question, but also that of the official voting software certification lab and that of numerous election officials. And remember that this is just one of well over 15,000 internal Diebold Election Systems internal mail messages that are now in public circulation.

Watch this space for more….

**** BACKGROUND LINKS ****

(For further information on how easy it is to tamper with GEMS see... "Inside A U.S. Election Vote Counting Program"
Part 1: Can the votes be changed?
Part 2 - Can the password be bypassed?
Part 3 – Can the audit log be altered?

To download a copy of GEMS and demonstrate these vulnerabilities on your own computer Click Here…)

**** BACKGROUND LINKS ****

APPENDICES:

EMAIL 1

To: "support"
Subject: alteration of Audit Log in Access
From: "Nel Finberg"
Date: Tue, 16 Oct 2001 23:31:30 -0700
Importance: Normal


Jennifer Price at Metamor (about to be Ciber) has indicated that she can access the GEMS Access database and alter the Audit log without entering a password. What is the position of our development staff on this issue? Can we justify this? Or should this be anathema?

Nel

EMAIL 2

To: "support"
Subject: RE: alteration of Audit Log in Access
From: "Ken Clark"
Date: Thu, 18 Oct 2001 09:55:02 -0700
Importance: Normal

Its a tough question, and it has a lot to do with perception. Of course everyone knows perception is reality.

Right now you can open GEMS' .mdb file with MS-Access, and alter its contents. That includes the audit log. This isn't anything new. In VTS, you can open the database with progress and do the same. The same would go for anyone else's system using whatever database they are using. Hard drives are read-write entities. You can change their contents.

Now, where the perception comes in is that its right now very *easy* to change the contents. Double click the .mdb file. Even technical wizards at Metamor (or Ciber, or whatever) can figure that one out.

It is possible to put a secret password on the .mdb file to prevent Metamor from opening it with Access. I've threatened to put a password on the .mdb before when dealers/customers/support have done stupid things with the GEMS database structure using Access. Being able to end-run the database has admittedly got people out of a bind though. Jane (I think it was Jane) did some fancy footwork on the .mdb file in Gaston recently. I know our dealers do it. King County is famous for it. That's why we've never put a password on the file before.

Note however that even if we put a password on the file, it doesn't really prove much. Someone has to know the password, else how would GEMS open it. So this technically brings us back to square one: the audit log is modifiable by that person at least (read, me). Back to perception though, if you don't bring this up you might skate through Metamor.

There might be some clever crypto techniques to make it even harder to change the log (for me, they guy with the password that is). We're talking big changes here though, and at the moment largely theoretical ones. I'd doubt that any of our competitors are that clever.

By the way, all of this is why Texas gets its sh*t in a knot over the log printer. Log printers are not read-write, so you don't have the problem. Of course if I were Texas I would be more worried about modifications to our electronic ballots than to our electron logs, but that is another story I guess.

Bottom line on Metamor is to find out what it is going to take to make them happy. You can try the old standard of the NT password gains access to the operating system, and that after that point all bets are off. You have to trust the person with the NT password at least. This is all about Florida, and we have had VTS certified in Florida under the status quo for nearly ten years.

I sense a loosing battle here though. The changes to put a password on the .mdb file are not trivial and probably not even backward compatible, but we'll do it if that is what it is going to take.

Ken

EMAIL 3

To: "support"
Subject: RE: alteration of Audit Log in Access
From: "Nel Finberg"
Date: Wed, 17 Oct 2001 14:48:16 -0700
Importance: Normal

Thanks for the response, Ken. For now Metamor accepts the requirement to restrict the server password to authorized staff in the jurisdiction, and that it should be the responsibility of the jurisdiction to restrict knowledge of this password. So no action is necessary in this matter, at this time.

Nel

# # # # #

Bev Harris is author of Black Box Voting: Ballot Tampering In The 21st Century … See http://www.blackboxvoting.com/ and it's activist arm http://www.blackboxvoting.org/


Pre-Order your copy of Black Box Voting today…

For more background and live news links on this news subject see also Scoop's Special Feature – A Very American Coup…

--- NOTE TO SCOOP EMAIL SUBSCRIBERS... THIS HAS BEEN POSTED AS A SPECIAL ITEM TO THE SLUDGE REPORT MAILING LIST ---

© Scoop Media

 
 
 
 
 
Top Scoops Headlines

 

Werewolf: Living With Rio’s Olympic Ruins

Mariana Cavalcanti Critics of the Olympic project can point a discernible pattern in the delivery of Olympics-related urban interventions: the belated but rushed inaugurations of faulty and/or unfinished infrastructures... More>>

Live Blog On Now: Open Source//Open Society Conference

The second annual Open Source Open Society Conference is a 2 day event taking place on 22-23 August 2016 at Michael Fowler Centre in Wellington… Scoop is hosting a live blog summarising the key points of this exciting conference. More>>

ALSO:

Buildup:

Gordon Campbell: On The Politicising Of The War On Drugs In Sport

It hasn’t been much fun at all to see how “war on drugs in sport” has become a proxy version of the Cold War, fixated on Russia. This weekend’s banning of the Russian long jumper Darya Klishina took that fixation to fresh extremes. More>>

ALSO:

Binoy Kampmark: Kevin Rudd’s Failed UN Secretary General Bid

Few sights are sadder in international diplomacy than seeing an aging figure desperate for honours. In a desperate effort to net them, he scurries around, cultivating, prodding, wishing to be noted. Finally, such an honour is netted, in all likelihood just to shut that overly keen individual up. More>>

Open Source / Open Society: The Scoop Foundation - An Open Model For NZ Media

Access to accurate, relevant and timely information is a crucial aspect of an open and transparent society. However, in our digital society information is in a state of flux with every aspect of its creation, delivery and consumption undergoing profound redefinition... More>>

Keeping Out The Vote: Gordon Campbell On The US Elections

I’ll focus here on just two ways that dis-enfranchisement is currently occurring in the US: (a) by the rigging of the boundary lines for voter districts and (b) by demanding elaborate photo IDs before people are allowed to cast their vote. More>>

Ramzy Baroud: Being Black Palestinian - Solidarity As A Welcome Pathology

It should come as no surprise that the loudest international solidarity that accompanied the continued spate of the killing of Black Americans comes from Palestine; that books have already been written and published by Palestinians about the plight of their Black brethren. In fact, that solidarity is mutual. More>>

ALSO:


Get More From Scoop

 
 
 
 
 
 
 
Top Scoops
Search Scoop  
 
 
Powered by Vodafone
NZ independent news