back to article Democracy-minded DEF CON hackers promise punishing probe on US election computers

Organizers at the DEF CON hacking conference in July are planning a mass cracking of US electronic election machines. The event, which for over 20 years has attracted the best and the brightest in the hacking community, will see a group hackathon against the voting machines that are used in every US election these days. The …

  1. Anonymous Coward
    Anonymous Coward

    Everything worth knowing about electronic voting...

    ...and the reasons why a paper ballot is always best.

    Internet Voting: A Requiem for the Dream

  2. Anonymous Coward
    Anonymous Coward

    "[...] and the DEF CON crews should find lots of interesting holes."

    With hanging chads?

  3. Anonymous Coward
    Anonymous Coward

    "[...] and the DEF CON crews should find lots of interesting holes."

    I'd make some sexual innuendo, but, you know, Def Con.

    And now I'm going to be all hacked to shit.

  4. a_yank_lurker

    Hacking or Deliberate

    Where I grew up, the donkeys were well known for their ballot box stuffing and election manipulations (think Boss Tweed, et. al.). With paper ballots, there is a physical trail that can be checked even if some 'voted early and often'. But with electronic voting there is no paper trail and it is possible for the vote totals to be manipulated particularly by an insider (think a modern day Boss Tweed).

    The problem with FL in 2000 was that the donkeys tried to get a recount in only a few counties using different rules than how the ballots were counted in the rest of the state. If the donkeys had asked for a recount using the same rules for handling certain ballots of the entire state Gore still loses but he looks a lot better. There was a statewide recount by the media and they found Bush wins by about the same number of votes. It was not widely announced.

    1. tom dial Silver badge

      Re: Hacking or Deliberate

      Many, if not most, US electronic voting machines do have a paper trail in the form of a printed paper tape. During the final part of the voter interaction the tape was printed and displayed under a locked transparent panel as the voter's choices were shown on the screen. A diligent voter would have no trouble verifying that (a) the selections shown on the screen were those he or she made during the vote collection phase, and (b) were the same as those shone on the paper tape.

      That was true of the Diebold machines in Ohio that I used and, as an election official, managed during the period from about 2002 to 2005, and also of the identical appearing machine with a different label that I used last election in Utah.

      That said, it probably is true that corrupt software in the machines could show one thing on the screen, the same thing on the tape, and something a bit different on the memory card used for the data collection. To make that stick, it also would be necessary for the same corrupt software to show identical sums on the screen, the end of the tape, and internal to the memory card, but the same corrupt software should have no trouble with that.

      Probably the best compromise overall is the manually prepared optically scanned ballot, which gives decently rapid results, is easy for the voter, and also easy to recount if there is a question. I understand Ohio transitioned to that as the earlier machines got to EOL, and I was a bit surprised to see the older variety in Utah.

    2. Fehu

      Re: Hacking or Deliberate

      According to the provided link, Gore won the recount. But this is from The Guardian and we know conservatives hate The Guardian.

      https://www.theguardian.com/world/2001/jan/29/uselections2000.usa

      1. tom dial Silver badge

        Re: Hacking or Deliberate

        The Wikipedia article, which discusses the various complexities involved in the Florida vote counting, is a much better source here.

        The plain fact is that in Florida, in the 2000 election, the presidential race was a tie and could have been settled as reasonably by a few tosses of a fair coin.

  5. Anonymous Coward
    Anonymous Coward

    Holding a voting machine hackathon

    I suppose that's fine if your voting machines are open source, but if you try to keep them under wraps you probably just make them easier to hack. If you wanted to hack voting machines, you might participate in the hackathon to get access to them, but keep any holes you find to yourself and tell the organizer "wow, these are very secure!"

    Then you have the knowledge to hack into them later using the holes you found and didn't tell them about, which left them unfixed.

  6. John Smith 19 Gold badge
    Unhappy

    Here's the thing.

    Once any kind of hard copy paper trail printer is no longer directly connected to the selection controls the only assurance you have that who you chose is who was recorded is the software controlling the process.

    Which is the thing people are concerned about.

    BTW even if the code shows they are linked the obvious tactic is to "pre load" or "post load" a bunch of votes for a candidate before or after the official voting process.

    A thoroughly corrupt design would allow this through a separate data port to speed things up.

    My instinct is a "voting machine" should be as simple as possible. It's reporting to the final tally should be secret (so no one knows the result early) and incorruptible (so it can't be changed)

    1. Mark 85

      Re: Here's the thing.

      The stuffing of the electronic ballet box has be brought several times in the past. I don't recall off the top of my head if they were valid or just BS to misdirect any questions.

  7. Eclectic Man Silver badge

    paper trails and vote counting

    If a paper trail is produced along with the electronic votes, then it can be used as a sample test of the veracity of the electronic count, as well as for any re-count.

    Election observers could have the right to choose which machines' paper trails were collated with the electronic votes they registered. Of course with human counted voting, you rarely get the same numbers twice, and with machine counted voting, you are relying on the machines.

    However, in the USA where politicians get to decide on the constituency boundaries (Gerrymander comes from a US politician's name, man who designed the constituency boundaries to ensure he got elected), the electoral system has other equally or even more serious problems.

    At least in the UK we have an independent electoral commission, but how effective they are at ensuring fairness, I do not know.

  8. Herb LeBurger

    Won't they get sued?

    Won't the voting machine manufacturers just sue (or just threaten to sue) the researchers?

    1. EnviableOne

      Re: Won't they get sued?

      Its a red team exercise and they will have permission and proof of findings...

  9. ChrisPBacon

    Revisionist History

    America was one of the earliest adopters of electronic voting systems, in part due to the fiasco of the 2000 presidential election that saw lawsuits over partially punched paper ballots.

    >> Not entirely true. Electronic voting was implemented much earlier. Concerns over the ability to manipulate the machines was poo-pooed as the conspiratorial drivel of tin-foil hat ilk. That is, until there was an election result that the $shadowy_group didn't appreciate.

    While there has never been definitive proof of election machine hacking...

    >> Simply a false statement. There proof aplenty of manipulated machines. Philadelphia is the poster child for election hacking, including delivery of voting machines to polling stations that already contained votes for $guess_which_party candidates.

  10. Eddy Ito
    Go

    Hmm

    A most interesting take on the Pwn2Own contest. This should be fun.

  11. allthecoolshortnamesweretaken

    Paper ballots. Every time.

    Over the last 16 years I've been in charge of a polling station1) in a dozen or so elections. Federal, state, council, mayor, citizens' referendums, you name it. The first time I was kinda drafted to volunteer - by now I honestly volunteer each time. It's actually an enjoyable way to do your bit. I'm not affiliated with any political party or movement. It's no big deal, but I know that on my watch, everything will be done correctly. I also know how the drill works and how complicated it would be to rig it on a large enough scale to have any impact. Can't say the same thing for voting machines.

    1) Not always the same. Never the one I cast my own ballot in.

    BTW: Mission: Impossible - Season 1, Episode 7: Wheels

  12. Phukov Andigh Bronze badge

    too bad no one cared

    at state elections over the last couple decades in California. Or local elections. Or the Federal over the last decade, except when the Party not supported by Social and Tech Media wins.

    But at least now it's "cool" to actually criticize the President again instead of pretty much ignoring everything as "Okay" because it worked out the way Media moguls wanted it to.

    When a large bay area County elects a Sheriff that no one admits to voting for, from the half dozen "conservatives" to the millions of "liberals" who all agreed on opposing her, but no one bothers to questions the Diebold machines deployed...when no receipt of vote results for a voter is available at any election office in the area and has not been since the machines went online a decade ago, in spite of the area chock full of people who can demonstrate the systems' shortcomings...where was the attention?

    But get one Hollywood reality star on the "wrong side" in office suddenly everyone is Security Conscious about voting machines again.

    Will we get this scrutiny at the midterm elections when the Trump Backlash brings in Democrats by the score to take both houses in a Majority? Or will the machines be "okay" by then and the security hype pretty much ignored?

    A bad lock is a bad lock regardless of who's on the inside. Anything else is propaganda or worse. A bad padlock is a bad padlock. It doesn't swing between good or bad depending on the partisanship it secures.

    1. Version 1.0 Silver badge

      Re: too bad no one cared

      Given that hackers appear to be able to get into ATM's in the banking system, I think it's a certainty that the voting machines can be hacked - our local machines connect via TCP/IP through the local school network so it would not be hard to intercept the data for post analysis.

      However, hacking individual machines is not the best way to throw an election - access to the servers that maintain the counts would be much more effective.

      The voting machines that we use in Louisiana are very basic - you walk into the booth, make selections on a touch-screen, press the "vote" button and leave, there's no paper trail or even any indication that your vote was recorded. It's a joke.

  13. steve 124

    Never been hacked?

    "While there has never been definitive proof of election machine hacking"

    Really? What about the "Hursti Hack"? How about the work Dr. Herbert Hugh Thompson showed back in 2006 that clearly showed the results could be changed without any paper or electronic trace?

    You should watch the HBO special "Hacking America".

  14. j0nnyf1v3

    Seriously...Are we still on this voting business???

    I ask that because much like the lie that Apple DOESN'T work for the government, namely NSA, people all over this crippled land still live with the romantic notion that your vote freakin' matters.. Votes are bought long before regular citizens spend all that money on Election Days(traveling, eating out, basically it's nothing more than an economy stimulus)to go into a claustrophobic box, and fill out something that resembles a PowerBall bubble sheet.... YOUR VOTE DOES NOT COUNT. VOTING AS A GENERAL CITIZEN DOES ABSOLUTELY NOTHING TO INFLUENCE THE OUTCOME OF THE ELECTION. If you are not a member of the delegation, also known as the Electoral College, then you are not heard. In fact, These United States as we know her today, are not even a democracy. We are a republic... Further cementing the above statement. This is nothing more than smoke and mirrors, probably to create a solution for this "voting issue" that is really a facad covering up something much more serious. Or creating solutions that can be used by the ones it is protecting, as a weapon, and further surveillance. #FacePalm

    ***Drops Mike***

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like