SoylentNews is people
SoylentNews
I Bought Used Voting Machines on eBay for $100 Apiece. What I Found Was Alarming
In 2016, I bought two voting machines online for less than $100 apiece. I didn't even have to search the dark web. I found them on eBay.
Surely, I thought, these machines would have strict guidelines for lifecycle control like other sensitive equipment, like medical devices. I was wrong. I was able to purchase a pair of direct-recording electronic voting machines and have them delivered to my home in just a few days. I did this again just a few months ago. Alarmingly, they are still available to buy online.
If getting voting machines delivered to my door was shockingly easy, getting inside them proved to be simpler still. The tamper-proof screws didn't work, all the computing equipment was still intact, and the hard drives had not been wiped. The information I found on the drives, including candidates, precincts, and the number of votes cast on the machine, were not encrypted. Worse, the "Property Of" government labels were still attached, meaning someone had sold government property filled with voter information and location data online, at a low cost, with no consequences. It would be the equivalent of buying a surplus police car with the logos still on it.
[...] I reverse-engineered the machines to understand how they could be manipulated. After removing the internal hard drive, I was able to access the file structure and operating system. Since the machines were not wiped after they were used in the 2012 presidential election, I got a great deal of insight into how the machines store the votes that were cast on them. Within hours, I was able to change the candidates' names to be that of anyone I wanted. When the machine printed out the official record for the votes that were cast, it showed that the candidate's name I invented had received the most votes on that particular machine.
This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines—those that were used in the 2016 election—are running Windows CE and have USB ports, along with other components, that make them even easier to exploit than the older ones. Our voting machines, billed as "next generation," and still in use today, are worse than they were before—dispersed, disorganized, and susceptible to manipulation.
(Score: 5, Interesting) by Thexalon on Thursday November 15 2018, @05:30PM
Not even techy type people can tell. For instance, even if you're a competent programmer, and you have complete access to the application code used for the election and believe it to be clean, it could be that the application is relying on compromised 3rd-party software such as a database. And even if you have complete access to the code of that 3rd-party software, and it's clean, the OS could still be compromised and be making changes behind the scenes. And even if you had all the code to the OS and ensured that it was completely clean (and we're already well into fantasy-land at this point), the hardware could have been compromised and you'd have absolutely no way to tell without a microscope and a bunch of training in electrical engineering and hardware design. Meanwhile, if you were someone who understood the hardware and were good at catching shenanigans at the hardware level, odds are you don't have the software security background needed to verify the application, 3rd-party packages, and OS are clean.
Based on the simple fact that a large number of people affiliated both with Republicans and Democrats have observed votes flipping, where the voter selects one choice but the machine changes it to another choice, I'd say it's safe to conclude that either the applications themselves are intentionally compromised, or the people programming them are complete idiots, or both. These machines should not be being used for anything important, but will be because crooked Secretaries of State would like to ensure that their team wins the election without having to do all that annoying work of convincing the citizens that they're the better choice.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.