More backdoors in Diebold voting machines-new supplemental study 5/23/06

Posted on Tuesday, May 23, 2006 - 01:52 pm:

--------------------------------------------------------------------------------
On May 11, 2006 the Black Box Voting "Hursti II" report was released, showing devastating security flaws in the Diebold touchscreen machines. This study has now been covered by Newsweek and the New York Times.

A small supplemental report was issued today pointing out additional concerns and high priority areas for further study.

The supplemental study can be found here:
http://www.blackboxvoting.org/BBVtsxstudy-supp.pdf
(many photographs, allow time for download)

Excerpts:
1. Flash memory erasure:

There seems to be a memory card-triggered feature to erase the contents of flash memory. This destructive function was started in the TS6 with the file , and there are indications that the feature is carried over to the TSx with trigger file , if it is found on the memory card. This feature was not tested in Emery County and should be examined further.

2. Further study needed on macros:

TS6 and TSx machines have as built-in features new kinds of macro capabilities. These capabilities make use of a simplistic Windows Window Manager Message recording and play function. Presumably the feature has been designed for automation of volume testing. If this is the case it is important to understand that this approach bypasses part of the system and therefore is by no means equal to end-to-end testing. There are a number of concerns around this feature functionality warranting further studies.

more at:
http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/1954/29817.html
via:
http://www.dailykos.com/storyonly/2006/5/23/193548/941

"bypasses part of the system...".

Meanwhile, a memory card is used "to erase the contents of flash memory."

And in these functions that are zinging electrons here and there (your votes)--in ways that no ordinary voter can understand, and which NO ONE is permitted to see--lay the carnage of Iraq, the torture of prisoners, and the tyrant who claims the right to spy on anyone and everyone, to raid Congressional offices (expressly forbidden by the Constitution), to detain and render anyone he wants to, and to decide which laws apply to him and his junta, and which do not.

Secret, obscure processes of "counting" votes are the very definition of tyranny. That's what we have.

Did you see where Christopher Dodd, the architect of the "Hack America's Vote Act" of 2002 (along with his criminal pals Tom Delay and Bob Ney) thinks he may run for president? Now there's a man who could follow Bush's act with the complete smash-up of American democracy, so that it will never be heard from again. Bilderberg School of Global Corporate Predators. Smarter than Bush. Engineered the re-installation of Bush as the puppet. Advised John Kerry on electronic voting.

Sort of the real power behind Karl Rove, is he? Oh-kay.

Wednesday, June 30, 2004

Quote # 4: To test the machine, you plug that card in and vote in every race that pops up, testing the calibration along the way, then you print the result to see if it adds up. The testers cast 95 votes each time. If the printout shows more or fewer than that, then there's a problem with the machine.

No, actually an automated test is conducted by the software not a manual casting of votes by the elections official. And none of this testing has anything to do with the actual software used on election day. For instance, the database which stores the votes isn't even live during an L&A test. From the Diebold GEMS user manual (see items 15 through 17, specifically) - the instructions are exactly the same for the TouchScreen in the manual:
http://web.archive.org/web/20050202082412/http://countthevote.org/

The source for your Quote #4 is your web site it looks like. Am I understanding this correctly that you are comparing it with a general introductory line in the introduction paragraph in Hursti Report supplement?

I think you are referring to this:



But to say "been there done that" would take the findings out of context. That sentence is only an introduction not the findings. Here are the findings in the Hursti Report:



I am not an expert but three parts jump out and anyone can understand they are not too good:

The files are stored on the removable memory card as unprotected plain-text files. There are no protection mechanisms against modifications to these files.

Two machines with completely identical software release numbers had different behavior with the same macro.

(uh-oh!)

The macro is not contained in the user interface logic. Because of this, the macro can access settings, changing the telephone number / ip address and initiating calls.

Shit. If a computer person can weigh in, my logic and basic reading comprehension tells me that the above three things say that:

You can change the macro files because there are no protections. Different machines already behave differently so there might be different programs in them already. The macro can initiate calls to remote locations or change where calls go.

That sounds pretty bad to me.

edit notes: I did change this post because re-reading it, I could see that it was arguing with boredtodeath and instead I want to clarify and expand. From the call last night I can see that people are coming from different places but we can all work together if we try.

He admits in his "supplemental" report that his hack replacing the software didn't work. He just crashed both machines making them unusable!!!!!!!!!!!

- Two machines with completely identical software release numbers had different behavior with the same macro. Machine A just had a software crash and become unstable, while machine B produced an error message on the system log and contained the error while still resulting in loss of software functionalities. There were also other examples of different, but reproducible, software behaviors between machines with both modified and unmodified macros.
http://www.blackboxvoting.org/BBVtsxstudy-supp.pdf

So, tell me, if Bev's own "expert" couldn't hack the machines - with YEARS to figure out how - why this is such a radical and "dangerous" capability???????????

From his introduction at the very beginning he identifies these areas as important for further study. I don't think the Utah tests were hack tests they were a general evaluation of how the machines work. The report identifies vulnerabilities based on how the machines work.

It seems to me like Utah was different from Florida, because Florida was a hack demonstration and Utah was an overall evaluation of the issues based on looking at real TSx machines.

What he's pointing out is that the machines performed differently even when they had the same software. Supposedly the same. Also that the difference in behavior was reproduceable. If one machine acts different than another with the same input that seems like it warrants further study.

Because it's quite clear he's describing the inability to perform the supposed "hack."

Your reading of it: "He just crashed both machines making them unusable!!!!!!!!!!!"

My reading of it: He says one machine crashed (but does not say the machine became unusable) and it says one machine did not crash but logged an error message. When my computer crashes I just boot it up again and the report doesn't say whether he booted it up again or whether it wouldn't boot up again.

It's pretty clear that the behavior of the two machines was different and if he reproduced it that says to me there must be something different in the machines. It seems like that should be studied, why the machines acted differently with the same input.

(Edited to compare and contrast our reading of his statements)

It doesn't seem like he is trying to prove a hack, only trying to identify if there are problems that need to be looked at. In that context, being able to replace macros, that they can call out, that they aren't protected seems important to me. Can we agree that further study is warranted?

They've BEEN studied since 2004. See post #4.

Doesn't quote #4 refer to TS6 machines?

Here is a quote from Hursti II:


Which machines were studied since 2004, the TS6 or TSx? Can I get copies of the reports about the macros in either one? I just want to make sure it isn't comparing apples to oranges.

The TSx machines were delivered as early as 2003.

Which machines were studied since 2004, the TS6 or TSx?

Can I get copies of the reports about the macros in either one?

We're just waiting for Bev to finish making an ass of Hursti.

Citizens were supposed to somehow "know" that you and along with some undisclosed list of other individuals were "working on" a study for several years, although the existence of this study, what was being studied, and who was doing the study was never publicly announced.

Because of this unrevealed "study" by person or persons unknown, everyone else in the United States was supposed to accept on faith that somebody was doing "studies" and, therefore, do no studies of their own.

Why would you expect the entire United States of America to sit still waiting for a single study that has never been announced?

long ago.

was practically dead and the touch-screen unit would not properly illuminate.* Bruce gave Hursti full access to this machine BECAUSE it was unusable for voting purposes and was scheduled to be returned to Diebold.

It seems to me that a machine in this kind of condition would be a perfect candidate to study and examine, while testing it and attempting to make it functional again. In fact, Hursti must have restored it to some semblance of functionality, in order to run the macro on it that, at some point, rendered the computer unstable (not "unusable" as you stated.) He doesn't say whether that machine was left in that "unstable" state until the conclusion of testing or whether it recovered from the crash and was subjected to further testing. In addition, Hursti also doesn't say whether it was a modified macro (and, although a stretch, is therefore a "software replacement") or unmodified macro (built-in software program) that caused the software crash that made the machine unstable.

What he does say is that he was able to get a modified macro to run on these machines, which means that, in fact, his "hack replacing the software" did work.



This seems to be reasonable logic to me, but I'm not a computer expect, so tell me if I'm off base.


*I called BBV to confirm what Bruce said about the condition of that machine, but have not heard back yet.

:eyes:

was that the touch-screen wouldn't illuminate properly and that it had lines across the screen. I don't know what functions of the computer itself were affected -- only that it was "nearly dead".

Bev's was in a meeting when I called BBV and her voice mail was full. Where's Steve A Play when we need him? :)

be indicted over this dealings with Abramoff.

In case you don't know, :yourock: :yourock: :yourock: :yourock: :yourock: and your efforts are not only much appreciated, but is providing an essential ingrediant to our nation, be proud, be very proud.
Peace

Point blank --

Nobody should have to "hack" these machines. It's totally fucked up that we don't have the source code, and that these bogus machines cannot be easily turned over by election officials to qualified engineers for very intensive tear down and examination.

To trust these machines I would want to see hundreds maybe thousands of people examining the actual source code, and a similar number of machines randomly selected, disassembled and examined to make certain they are secure and what they claim to be -- this would include grinding the covers off the integrated circuits to examine the chips.

But I honestly do not believe any voting machine based on a general purpose computer could survive such thorough examination. Every general purpose computer made has it's vulnerabilities.

So it's likely the only machines I would trust are machines that produce a paper ballot. That does NOT include the current crop of machines equipped with thermal printers. I think these thermal "paper tapes" are too easy to forge. Anyone with an identical printer can run off their own fake ballots. It's much more difficult to reproduce and switch out an actual ballot box stuffed full of actual hand marked paper ballots than it is to print and switch out rolls of paper. (Sure, I care about disabled people. They can use a machine to mark their ballots, ballots identical to hand marked ballots.)

I think the United States is rapidly approaching a place where elections become entirely bogus. The people in power will decide upon acceptable election results beforehand, including all sorts of convoluted explanations as to why voters "unexpectedly" voted the way they did, should questions come up.

I strongly suspect the current Bush Administration is illegitimate. This was probably achieved the old fashioned way this time, but I'm certain corrupt politicians can't wait to have the entire process automated. DRE voting machines and privatized election roll supervision are the perfect way to do this.

And, oh yeah, has Bev posted her financials yet? How much did they pay their sexy little hacker from Finland? (Hursti can be charming. Maybe he's doing it for the face time?) I don't doubt this is a good story the press will eat up, but I don't believe for a second it's the real story.

The real story is that our elections are crap.

Rant off.

Why are you upset that studies have been publicly released?

We don't trust experts in the United States any more because there are so many fake experts.

Years ago, when real computer scientists looked at these machines they were horrified.

But nobody pays attention. And then people come along and confuse the issue.

The quality of discussion in this forum is very low.

I sorta reached my breaking point this morning.

Shape up, people!

Are you saying that Hursti is a fake expert?

How is he "confusing the issue"?

If no one was paying attention but now they are why is that a bad thing?

The best thing you said (in my opinion) is that we don't trust experts because no one knows what experts to trust. Isn't that the whole problem with any elections model that is dependent on experts? It's like in court when you have two competing experts and both are tuned out.

Maybe experts should be tuned out of our elections process and it should be given back to the people so they can oversee it themselves without having to have computer expertise.

I wouldn't trust the person who cuts my hair to do brain surgery, nor would I trust any brain surgeon to cut my hair.

We got into this mess because so many election officials were utterly naive and trusting. The fancy sales people came with their fancy machines and HAVA money, and here we are.

It's almost as if the system was designed from the ground up to facilitate corruption, isn't it?

I appreciate pointing out the areas that I can understand more easily. I will say what I have learned from this and perhaps those with computer expertise can correct me if I am a little "off" before I compose my letters to editors and my representatives.

First, I noticed the picture with "page 4 of 3" and I am pointing out that the machines have been proven to perform incorrectly giving a screen for a page that does not legitimately exist.

Second, I am pointing out that the machines don't seem to behave consistently even when they have the same situation. I don't really understand enough about macros to discuss them and I couldn't answer questions if I talked about that, but I can discuss that machines with the same software act differently.

Third, I was quite shocked to see how terrible the paper trail actually is. The photographs in the report are very telling. I have printed several copies of those pages to send with my letters.

Thank you so very much for these new tools. I try to make a habit of writing letters each week to those persons who I believe have influence. To do this effectively I must always have something "new" to offer. I enjoyed these reports because they give me the kind of solid reference material I need to keep up the pressure.

Thank you again,

Leona