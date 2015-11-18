from the ¯\_(ツ)_/¯ dept.
I Bought Used Voting Machines on eBay for $100 Apiece. What I Found Was Alarming
In 2016, I bought two voting machines online for less than $100 apiece. I didn't even have to search the dark web. I found them on eBay.
Surely, I thought, these machines would have strict guidelines for lifecycle control like other sensitive equipment, like medical devices. I was wrong. I was able to purchase a pair of direct-recording electronic voting machines and have them delivered to my home in just a few days. I did this again just a few months ago. Alarmingly, they are still available to buy online.
If getting voting machines delivered to my door was shockingly easy, getting inside them proved to be simpler still. The tamper-proof screws didn't work, all the computing equipment was still intact, and the hard drives had not been wiped. The information I found on the drives, including candidates, precincts, and the number of votes cast on the machine, were not encrypted. Worse, the "Property Of" government labels were still attached, meaning someone had sold government property filled with voter information and location data online, at a low cost, with no consequences. It would be the equivalent of buying a surplus police car with the logos still on it.
[...] I reverse-engineered the machines to understand how they could be manipulated. After removing the internal hard drive, I was able to access the file structure and operating system. Since the machines were not wiped after they were used in the 2012 presidential election, I got a great deal of insight into how the machines store the votes that were cast on them. Within hours, I was able to change the candidates' names to be that of anyone I wanted. When the machine printed out the official record for the votes that were cast, it showed that the candidate's name I invented had received the most votes on that particular machine.
This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines—those that were used in the 2016 election—are running Windows CE and have USB ports, along with other components, that make them even easier to exploit than the older ones. Our voting machines, billed as "next generation," and still in use today, are worse than they were before—dispersed, disorganized, and susceptible to manipulation.
Government agencies sell items at auction all the time. Including cop cars. Voter information is, and should be, publicly available. I wouldn't want a secret election controlled by a select few.
A) They didn't wept data. Bad, bad, bad. That is something you should do when ever you sell an storage device.
B) He has discovered that its easily hackeable. Are you worried by Russian interfering in USA elections by Facebook? Forget it, next election they will tamper voting machines... it is easy.
How do you know that they didn't already do it this election?
You are answering to A). Ok if there is no data voter, just aggregate sums.
What about B)?
Recently poll results have started to be used as propaganda in themselves unlike just a few years ago, leading to ridiculous "Hillary has a 99% chance of winning" headlines and all that.
To some extent, candidates purchasing fake poll results is being interpreted as outside meddling.
There are somewhat scientific polls (as opposed to the modern PR polls) that seem to reflect actual results.
Also the election results don't seem really all that unusual. Its possible that some force would be amused at using random influence to destabilize the whole system, but unlikely, most groups want something for their money and nobody seems to be getting that.
Also there's no monopoly on corruption. If elections were hackable, the people hacking them would not be vague and nebulous forces on the other side of the planet, it would be stuff like the local zoning commission banning all legacy retail and only allowing the building of Amazon warehouses, for example, given that Amazon is a lot closer and has a lot more money and a lot more to gain or lose.
Hey! Don't be disrespecting Diebold! Those guys deliver [boingboing.net]!
That it's not an even more locked down proprietary system than it already is? It sounds like this article tries to claim that security-through-obscurity is desireable.
Those are for corrupting elections. If your state wants a fair election your state will mandate optical scan readers like where I live.
If your state mandates direct-recording machines, they are traitors to the concept of democracy. There's no reason to spec those other than to fake results.
Given that the state obviously knows all that and willfully and intentionally wants corrupt elections and the people living there don't care, there is little point to journalism pointing out that fact.
I'm just saying the story can be completely true and well written and interesting while having zero impact.
From a technical standpoint its interesting to see Windows Crash Everywhere edition. I though that was long dead, but like Cthulhu...
The best: box, paper and manual counting.
Machines are black boxes. No one, or at least most people, has the technical knowledge to tell if the aggregated results have been modified. With paper votes, any regular guy that can count can check results. And if you don't use aggregate results, the secrecy of vote disappears.
Replacing handwriting analysis humans with "fill in the dot" machines is basically the optical scan machines I mentioned. My ballot goes in the box at the end of the scanner and humans later use the physical ballots to audit the machines, although the machines historically are never wrong and machine counts can be reported a couple minutes after polls close.
There's no real need for manual counting as long as you can audit the machines result using paper ballots, and the machines historically have proven very accurate.
In this election cycle the corruption seems to be days after the election "finding" ballots suspiciously just enough to tip the election, and the machines must be good enough or they'd tamper the machines instead of "finding" ballots.
> If your state wants a fair election your state will mandate optical scan readers like where I live.
Same here. NY State went from the old mechanical lever machines (they really were security by obscurity, I understand they were fairly time consuming to set up) directly to optical scanners. In our case, we fill in the dots on the paper ballot, run through the scanner and then put it through a slot under the scanner where it drops into a closed bin for future audit or re-count.
My memory is that NY didn't even consider the "all electronic" touch-screen voting systems.
does any form of the word 'surprised' appear.
Read: "I know this is going to be bad, but I'm gonna pretend I didn't for dramatic effect."
Yeah, the fact that you can buy them is not "alarming". The public has a right to know and inspect how the voting process works, and what better way is there than being able to buy an old voting machine and examine it yourself? This is how vulnerabilities are found...and preventing this does not prevent the bad guys from finding vulnerabilities, only the good guys. The bad guys can just steal one.
Beware anyone who claims it should only be examined by "selected experts". Any system like that is highly vulnerable because you cannot trust the person who chooses the 'experts', and you cannot prevent political pressure on said 'experts'. Letting any Joe willing to buy an old machine examine it and publish their findings as they please solves this at little cost to anyone.