Pointing to a little-noticed "Cyber Security Alert" issued by the United States Computer Emergency Readiness Team (US-CERT), a division of the U.S. Department of Homeland Security, the source inside Diebold -- who "for the time being" is requesting anonymity due to a continuing sensitive relationship with the company -- is charging that Diebold's technicians, including at least one of its lead programmers, knew about the security flaw and that the company instructed them to keep quiet about it.
"Diebold threatened violators with immediate dismissal," the insider, who we'll call DIEB-THROAT, explained recently to The BRAD BLOG via email. "In 2005, after one newly hired member of Diebold's technical staff pointed out the security flaw, he was criticized and isolated."
In phone interviews, DIEB-THROAT confirmed that the matters were well known within the company, but that a "culture of fear" had been developed to assure that employees, including technicians, vendors and programmers kept those issues to themselves.
The "Cyber Security Alert" from US-CERT was issued in late August of 2004 and is still available online via the US-CERT website. The alert warns that "A vulnerability exists due to an undocumented backdoor account, which could a [sic: allow] local or remote authenticated malicious user [sic: to] modify votes."
No comments:
Post a Comment