Can you provide some details of your effort to hack into Leon County's Diebold e-voting machines on Dec. 13?
We conducted a hack of the Diebold AccuVote optical scan device. I wrote a five-line script in Visual Basic that would allow you to go into the central tabulator and change any vote total you wanted, leaving no logs. It requires physical access to a machine. In Leon County, they have good policies and procedures in place. But in many counties, where such awareness doesn't exist, that brings up some serious concerns about someone being able to tamper with the results.
[Finnish security specialist] Harri Hursti [who also took part in the hacking exercise] changed the contents of a memory card used in the optical scan device and preloaded it. If you can get access to the memory card, you can change its logic and have it do whatever you want. That hack was like prestuffing a ballot box to handicap one candidate by giving them negative votes and giving another positive ones.
Do you think e-voting security has become a political issue?
I'm strictly an independent person donating my time. It's not political. Bad software is the issue. I'm a software security guy. I see a lot of bad software. All software has security vulnerability -- this is just particularly bad. As an election official, you have to be wary when touching a tabulator or a memory card; it has to be treated like a box of live ballots.
How do you respond to Diebold's claims that the hacks were unfair?
I would love to do a demonstration where Diebold participates. There are certainly other voting companies that make tabulation software as well as optical scan gear, and we're seeing the same vulnerabilities as we've seen in Diebold's systems, which raises a broader question. That's about whether the verification and validation processes these machines go through are woefully inadequate or not. The e-voting companies aren't volunteering their systems for independent audits and analysis.
No comments:
Post a Comment