How to hack an election in seven minutes

Numerous problems reported across the U.S. involving electronic voting machines could mean many Americans just can’t be sure that their vote was counted properly when they cast their ballots tomorrow.

With at least two of the machines brands being used shown to capable of being easily hacked into in a matter of minutes, e-voting experts warn the election could be compromised by undetectable fraud.

A 2006 video from Princeton University shows how easily an e-voting machine can be hacked.

Problems with touch screen devices have already cropped up in early voting, and more problems are anticipated tomorrow as Americans are expected to go to the polls in droves.

The reliability of e-voting machines is a big focus area for the Association for Computing Machinery (ACM), a New York-based organization with a mandate to advance computing as a science and a profession.

Members of the ACM’s public policy committee will be monitoring the reliability of voting equipment on Election Day.

“We will have some races at a local, or even state level that are contested, in part, because the results are questionable,” says Eugene Spafford, executive director of the Center for Education and Research in Information Assurance and Security at the West Lafayette, Ind.-based Purdue University.

“My confidence that there will be no problems is zero – there have already been problems.”

A leaked video clip circulating the Web from The Simpson’s newest episode depicts e-voting problems to comedic effect.

Homer attempts to cast his vote for democratic candidate Barack Obama on a touch screen device, only to rack up six votes for republican John McCain. But the real early voting problems aren’t so funny for voters in several states including Colorado, West Virginia and Texas.

Problems stemming from the touch screen voting devices fall into two categories – either the machines are not calibrated properly (not properly detecting where a user touches) or there is a programming error relating to the straight-party ballot option.

Touching the screen to cast a vote for one candidate displays a result in favour of the other candidate, Spafford explains.

In those cases, poll workers have not calibrated the machines properly. A recalibration will solve the problem in most scenarios.

In some jurisdictions, voters are able to cast a ballot for their chosen party – Republican or Democrat.

But in many cases such a ballot does not cover the presidential ticket, and machines are either not alerting voters to that fact, or are simply leaving out the vote because of poor programming.

“Many people who cast a straight-party vote believe they are casting a ballot for the Presidential candidate,” Spafford says. “But the program’s not carrying that over either because of state law or because of programming errors.”

Glitches across many e-voting machines during early voting caused some machines to be taken out of service.

It is unclear whether the remaining machines will hold up with a heavy voter turnout expected Tuesday. In Pennsylvania, last Wednesday, the U.S. supreme court ordered polling stations to have paper ballots on hand if more than half machines do fail.

Further concerns were raised about the Sequoia AVC Advantage 9.00H when the Center for Information Technology Policy at New Jersey-based Princeton University released a damning independent study about the machine on Oct. 17.

This version of the machine is used in most of New Jersey, and other versions are used by  more than one million voters across the U.S.

The report details how in seven minutes, using simple tools, the software in the machine can be replaced with a fraudulent program designed to steal votes from one candidate and give them to another.

The program used was capable of passing the machine’s accuracy tests, and then cheating when a real election was occurring. There would be no way to discern fraud had occurred.

“Someone that can make the malicious software and then get access to the machine to replace the chip is the most serious risk,” says Ed Felten, director of CITP at Princeton. “It would require some programming skill as well as physical access to a machine.”

Neither of which is hard to get. You don’t exactly have to be a computer scientist to write the malicious software, Felten says.

“It’s something that a good university student in a computer science program could do,” he says. “It doesn’t require an elite level of programming skill.”

Getting access to the machines also doesn’t require any stealth skills. A resident of New Jersey, Felten can attest to easy access to the machines in public places.

He spent 15 minutes loitering suspiciously around the machines at a polling station located in an elementary school and no one even noticed. The likelihood is he could have spent the entire night alone with the machines, or even could have stolen one for examination.

But election riggers don’t even need to turn to theft to get their hands on a machine. One of Felten’s colleagues purchased five older models of the e-voting machines at a government surplus auction for $82 plus shipping.

“We fully understood the hardware and we understood a lot of the software,” based on examining the older machine, he says.

The report on Sequoia’s machine is similar to a report the Princeton centre released on the Diebold AccuVote-TS and AccuVote-TSx machines before the 2006 elections.

At the time the machines were the most widely deployed in the U.S. In 2008, more than five million Americans will be casting votes on the machines in 492 jurisdictions, according to the Verified Voting Foundation.

“All independent studies of the Diebold touch screen voting machines show the machines can be hacked,” Felten says.

Much like the Sequoia machines, Diebold machines can also be hacked in a few minutes by picking a lock with basic tools and inserting a memory card with malicious software. The machine uses a combination of compact flash cards and PC cards widely available for purchase.

“There is still a concern and I can tell you the machines are still being used because I cast my vote on one,” Spafford says.

Both Diebold and Sequoia have come to the defence of the e-voting machines.

Sequoia issued a written court response to the Princeton study, calling the hack “next to impossible” to perform in the real world. The scenarios depend on corrupt poll workers and some cases would require voters to also be inattentive. The machines are also harder to break into than the Princeton study makes it seem.

“This is yet another classroom experiment conducted by academics with over a month of unfettered access to election equipment, its source code and compilers,” says Michelle Shafer, vice president communications with Sequoia. “It is like giving bank robbers a key to the vault and turning off all security precautions and allowing them complete access to the money.”

There were also numerous factory-installed safety measures that were removed from the machines studied, Shafer says.

Measures such as a plastic panel cover and a security screw that protects the computer chips containing the vote-counting software weren’t included in the study, according to Sequoia’s response. These and other simple precautions could provent tampering.

Diebold also issued a response to the 2006 study claiming the machine used didn’t have all 18 security screws in place. But the academics later countered that all of Diebold’s security measures were in fact taken into account – both physical and electronic.

Diebold did not respond to questions sent by at time of publication.

It’s not just the security flaws that are raising concerns. The Sequoia machines have also displayed programming errors and usability issues in early voting. One problem is that machines need to be “activated” by polling staff to properly record votes, but give no real indication to voters if not activated.

“A voter can push buttons for a candidate and a light will turn on, they can press the ‘cast vote’ button and the state of that button will change,” Felten says.

There’s also no real way to test the accuracy of the e-voting machines because there are no paper trails to follow if audits should be required.

Unlike in Canada, paper ballots aren’t easily used in U.S. elections. Voting day puts a number of options before voters, ranging from the presidential election to the local medical examiner.

There are also a host of local referendum questions put forward, and some ballots would have to run a dozen pages to cover all questions. But at least having a paper print out from e-voting machines could solve many problems.

“The main concern is based around the fact there is no way of knowing for certain if people’s votes are being accurately recorded or stored,” Spafford says. “A paper trail is one way of expressing that… the user can make sure there is an audit trail that matches their intent.”

The only real way to avoid serious problems in Tuesday’s election for President might be if a candidate wins by a huge margin. With Obama ahead of McCain by six points in the Oct. 30 RealClearPolitics poll of polls that may well be the case.

The Democratic candidate is also polling ahead of McCain in many battleground states.

But a close result in either direction could create a big mess. Such an incident could be a major blow to the U.S. democratic system.

“For people to have confidence in the results, they have to believe their vote isn’t lost,” Spafford says. “It doesn’t take too many incidents of electronic tampering or failure for people to lose faith in all votes cast. That’s very bad for the democratic process and people’s trust in the government.”

American voters who spot problems related to voting can report them to the Web site Our Vote Live, or call 1-866-OUR-VOTE.

The site is run by the independent Election Protection Coalition, which promises to assist voters who contact them.

Share on LinkedIn Share with Google+
More Articles