back to article It took DEF CON hackers minutes to pwn these US voting machines

After the debacle of the 2000 presidential election count, the US invested heavily in electronic voting systems – but not, it seems, the security to protect them. This year at the DEF CON hacking conference in Las Vegas, 30 computer-powered ballot boxes used in American elections were set up in a simulated national White House …

  1. Anonymous Coward
    Anonymous Coward

    Notice how the author tries hard to make it seem like the Democrats' arse-covering fantasy known as "Russia hacked the election" is now an accepted fact. No need to "prove" anything any more, just like CAGW no longer needs to be backed up with actual observations. I suppose the Dems just ran some sims, and the results always came up as "Russian hacking stole the election from Hillary." Case closed!

    To reiterate, NO evidence at ALL has appeared showing the Russians did anything but employ propaganda as usual. Just like the rest of us did. Nor has any evidence appeared to link Trump or his people to any such purported cheating. But now we're finding out the Dems set up this fraud specifically to have an excuse for using the FBI to spy on political opponents, something Nixon would have loved. THAT is the real crime here, but you won't hear about it from articles like this.

    Meanwhile most of the Dem-controlled states are stonewalling any attempt to actually discover how much illegal voting was going on. They say it's all "voter suppression" and NOTHING ELSE!

    Yah, right.

    1. Doctor Syntax Silver badge

      Big John,

      Could you please provide the URL of the story you're commenting on as it doesn't seem to resemble the one I read.

    2. Adrian 4

      @Big John

      When politics becomes partisan, it turns from something useful into a joke. I doubt that there's a country functioning that hasn't already proved this, but America is the poster child.

      Please stop ranting about your absurd dislike of the other party. They're indistinguishable. Every criticism of one can be applied to the other. Standing up and shouting about how wonderful 'your' side is and how awful the 'other' side is just make you look foolish.

      Pipe down and go away. You're a waste of oxygen.

      1. Anonymous Coward
        Anonymous Coward

        Big John lives in a world of alternative facts, because actual facts have a liberal bias. He happily accepted Trump's word that no one in his campaign had any contact with Russians, and any story to the contrary was "fake news", until that was shown to be a lie. As the story has evolved time and again he's accepted their various "corrections" and claims of "fake news", until his own son publicly confirmed that he took a meeting for the express purpose of getting dirt on Hillary from Russians who had a goal of supporting Trump's campaign. How many times does Trump have to be exposed as a liar before one stops taking everything he says over the mainstream media, intelligence agencies, and even congressmen in his own party?

        Since they can no longer claim there was no Russian collusion since his son admitted to it, now right wing nutjobs like him are trying to sell the story that Hillary Clinton colluded with the Russians to put them up to it - trying to turn the story around that "our collusion was only because we were fooled by Russians who were colluding with Clinton to bait us into collusion". Yes really, that's their latest story! In their world Hillary is responsible for everything, even their own lawbreaking.

        When the special counsel eventually finds proof that Trump's businesses are up to their neck in Russian money laundering, which is why he's so terrified of the investigation, they'll find some way to blame their lawbreaking on Hillary, even though it goes back to long before she was SoS. They will be defending him even when he becomes the first sitting president to be impeached and removed from office.

        1. Anonymous Coward
          Anonymous Coward

          "When the special counsel eventually finds proof that Trump's businesses are up to their neck in Russian money laundering"

          Serious, non-tinfoil-hat journals have suggested that it isn't so much money laundering by Russians per se as by members of the Chabad sect who happen to be strong in NY and Russia and are deeply involved in "property development". The fact that a senior Chabadnik seems to be a friend of Putin is by the way.

          Lest I be accused of promoting "world Jewish conspiracy" nonsense let me just add that Chabad is a very odd sect indeed, a branch of Hassidism, and that it represents a tiny minority of Jews. But YMMV.

          Politico article

          JTA Criticism of the article and fuller explanation of Chabad

      2. Anonymous Coward
        Anonymous Coward

        @Adrian, you claim both sides are the "same." I could not disagree more. The Democrat Party has apparently decided NOTHING will stop them from crushing President Trump, and by extension all who voted for him. Any method, fair or foul, is being employed daily. It's basically war on all things conservative, and you come along to tell me to shut up because both sides are the same. BS.

        The only part of the GOP that's the same as the Democrats are the old-guard RINOS like Senator McCain that long ago made a devil's deal with the left. In short, they trash their own party and the leftist-dominated press goes easy on them. It's been going on for many years. It's why McCain is being treated by the media like a hero now, when back in 2008 he was the devil incarnate. See, he had the GALL to run directly against a leftist, and that just isn't cool.

        The younger Republicans aren't playing along like the RINOS did, and so they become the hated enemy of not only the left, but those old Republicans too. Trump is their standard bearer, and the RINOS must stop him or have their entire careers revealed as a futile betrayal of their party's core principles.

        I want to see someone that resists being sucked into all the corruption that is Washington DC. You apparently think that's already a lost cause. That's your choice and foolish one, because it only helps along the thing you say has already happened.

        Nothing is ever set in stone in politics. Evil CAN be fought and defeated, but not if too many think like you do.

        1. Anonymous Coward
          Anonymous Coward

          @Big John - democrats intent on crushing Trump

          You mean like how republicans decided that blocking everything Obama tries to do with a unified "no" vote was their plan for eight years? Like how they continually made false claims that he was a Muslim, or was not a US citizen and was not a legitimate president?

          The only accomplishments Trump has so far is the repeal of many of Obama's executive orders via executive order, and seating a conservative SC justice to replace the seat republicans held in limbo to prevent Obama appointing someone. I expect it will become the norm for both parties to pull this trick, and not just a year before a president's term expires but anytime they control the senate and there's a president of the opposing party.

          1. Anonymous Coward
            Anonymous Coward

            Re: @DougS - Rewriting history

            > "You mean like how republicans decided that blocking everything Obama tries to do with a unified "no" vote was their plan for eight years?"

            Correction time again, Doug?

            In 2008 Obama won big and so did the Democrats in Congress, seizing control completely. (I know, I know, only Republicans "seize" power, so sue me) Obama's attitude towards the GOP in Congress was a confrontational swagger, and following that cue the Democrats proceeded to completely marginalize Republicans, preferring to "go it alone." They did so, ramming thru Obamacare by a single vice-presidential vote, and not one Republican vote.

            The high handed crud the Democrats were dishing out led directly to a huge defeat in 2010, both in Congress and nationally. THAT was when the GOP finally got a chance to properly oppose the tide of left wing legislation, and they did so. Were they supposed to kiss and make up?

            And you omit all that ugly history so you can claim the Republicans were totally intransigent with no cause or provocation? Sorry Doug, but some of us do have memories you know. ;-/

            1. DryBones

              Re: @DougS - Rewriting history

              The Affordable Care Act's blueprint was Republican. Numerous hearings were held on it, numerous amendments were offered, debated, accepted, and variously horse-traded over. And then the Republicans decided they wouldn't have any of it. And no, I do not have a registered party affiliation, because I believe they're both utter fools in different areas that make me want to assign them portions of the job of governance wherein they haven't got their heads in their bottoms.

              It seems like lately there is a severe lack of willingness to discuss things in a levelheaded fashion. It's all "must have vengeance" and intentionally twisting or ignoring what was said and putting words in others mouths, deflections and every bit of ill-behavior that's possible. Obviously someone will take insult at anything, but it's all very tribal. All the more for the fact that concepts such as dignity and mature behavior seem so easily cast aside in favor of "winning", to the point that those of us watching from a distance have no idea just how any reasonable person could call the things being boasted over "wins".

              It's like being proud of having stolen a roll of quarters when you jumped into raw sewage to escape.

              1. Anonymous Coward
                Anonymous Coward

                Re: @DougS - Rewriting history

                > "The Affordable Care Act's blueprint was Republican."

                Yeah, in one state, the most liberal in the nation, and the Republican in question was Mitt Romney, a liberal to match the state. How was he going to get elected otherwise? And it was the Democrat-controlled state legislature that was entirely responsible for the bill, not Governor Romney. He tried to veto eight major sections of that bill and the Democrats overrode ALL of them.

                So for you to claim it's a "Republican blueprint" is a flat-out untruth.

                And that "horsetrading" you mention was basically the GOP attempting to have a say and being repeatedly slapped down. The only Republicans doing any trading were RINOS like Senator McCain And Senator Graham, who both regularly trade their votes to the Democrats in exchange for good coverage from the Democrat-controlled media (meaning >90% of it).

                And about all the political madness, don't blame the Republicans. It's the Dems who have descended to the gutter in their unwillingness to admit defeat. Trump does do that too, sure, but in response, not in attack. And he has to do so. Every Rep before him has paid the price for NOT fighting back against the smears of the Left. That is why all the hatred on the Left has such legs; They can't stand it when their target refuses to roll over and play dead for them. But that ain't happening any more.

                Things have permanently changed in US politics. The leftist media is no longer the boss. About time.

            2. Anonymous Coward
              Anonymous Coward

              Re: @DougS - Rewriting history

              Yes, the democrats had a majority in both houses in 2009-2010, which let them push through legislation without republican votes. They still followed normal procedures for Obamacare, starting it in committee, getting debated on the floor, allowing votes on republican amendments (some of which were accepted) so it wasn't as bad as what we've seen the past month in McConnell's Senate.

              Where things really went off the rails was when republicans used their majority to refuse any Obama appointees to come to a vote, and not recessing congress so there was no possibility of recess appointments. If this was done for controversial appointees and sensitive positions that would be one thing, but they started doing it for everything, even meaningless ambassadorships. The democrats stupidly suspended the rules to push those through with a majority vote, which paved the way for suspension of the rules to push Gorsuch through. Now Trump is pushing McConnell to suspend the rules in all cases, so the Senate is simple majority rule. What I don't understand is why he got on that rant after losing the health care vote in the Senate 51-49. Does he not understand that such a change would not help get health care past the Senate?

              If McConnell is dumb enough to do that, it will come back to bite republicans down the road when the democrats regain a majority in the Senate, which is only a matter of time. Probably not in 2018 since too many seats are up (they have a better chance of taking back the House) but depending on what happens with Trump there could be a D landslide in 2020. Conservatives will rue the day they permanently suspended the rules requiring 60 votes if that happens, as democrats could simply undo whatever republicans accomplish from 2017-2020. And probably will.

              I hope you see how unhealthy it is making politics into some sort of ping pong game where the main goal is to undo the other guys' accomplishments the first chance you get. Regardless of who you want to blame for starting it, or escalating it, it is clear this has become the modus operandi of both parties. In the past the 60 vote majority required for most things in the Senate prevented this, and forced at least minimal bipartisan cooperation. Now cooperation is a dirty word for republican primary voters, and they will remove anyone guilty of working across the aisle, to replace them with a purist who will vote in lockstep for all republican bills and against all democrat bills. The democrats don't appear to have reached that point yet, but the Sanders/Clinton split is the beginning of the same story on their side. If someone with Reagan's record of passing bipartisan legislation was running in a republican congressional primary, he'd out on his ear in favor of someone seen as more "loyal" to conservative principles.

              Personally I think rather than changing the rules in the Senate to require 51 votes instead of 60, we'd be better off changing the rules in both the Senate and the House to require 2/3 majority to pass anything. No party will ever manage such overwhelming majorities, so there would be no possibility of passing republican or democratic "dream" platform ideas, only to see them undone a few years later. What good would it do republicans to pass the massive tax cuts they want to see if democrats can simply undo them a few years later? What good would it do democrats to pass single payer health care if republicans can simply undo it a few years later? Wild swings in something as basic as taxes or health care would be a disaster for the economy.

              Reagan was a darling of conservatives but he worked with the democrats on many issues, including tax reform. Clinton might have fiddled with it around the edges when he had power, but he didn't undo Reagan's tax cuts. Would you like to see the Ryan plan (or whatever tax plan you subscribe to) passed in full to take effect on Jan. 1, 2019, only to see the democrats take power in the 2020 elections and pass a repeal of those changes effective Jan. 1, 2022? Or would you rather have some simplifications and rate cuts / deduction elimination that isn't nearly all you could hope for, but won't be undone the first change democrats get?

      3. tom dial Silver badge

        Politics, at least in the US, nearly always is partisan. There may be claims otherwise, and formally non-partisan elections (as in many places for such things as judicial positions and public boards, e. g., boards of education), but it is a sham wherever it occurs. In the US, everyone at all clued in knows who are the Democrats, who are the Republicans, and who are the "independents." And those who pay close attention also know which direction the "independents" lean.

        Talk about "when politics becomes partisan" is almost all nonsense.

    3. Anonymous Coward
      Anonymous Coward

      "Yah, right."

      I assume the IT angle in that post was the need to use an awful lot of high-conductance tinfoil.

    4. Anonymous Coward
      Big Brother

      'Notice how the author tries hard to make it seem like the Democrats' arse-covering fantasy known as "Russia hacked the election" is now an accepted fact.'

      I did indeed notice and was going to comment until I read your comment. But the "Russia hacked the election" meme isn't coming from the Democrats but from the lunatic right-wing media and the deep state. The ongoing 'Trump is in bed with Putin' scandals being designed to contain his influence and remind him, just like Obama, to get with the program.

      “The President of the Universe holds no real power. His sole purpose is to take attention away from where the power truly exists...”

    5. InNY

      You've got the wrong place

      You need floor 88, floor 401 - third door on the reich, sorry, on the far right!

      Have a great day!

    6. Hollerithevo

      That's why sanctions have been upped

      Al the USA security services say the Russians were trying to hack the election. (They just say 'tried'). Congress apparently believes them, and have slapped on more sanctions. If Mrs Clinton is the evil-doer here, why aren't they slapping charges of treason on her or someone in her party?

      The election was over six months ago. Trump and the Republicans won. Theya re in charge. Get used to it. Even giving Trump a three mont easing-in period, which the GOP did not need, I'd say everythign from, oh, 31 May, is down to Trumpa nd the Republicans. Your guys are in charge, Big John. What do you fear?

      1. Pompous Git Silver badge

        Re: That's why sanctions have been upped

        "Big John. What do you fear?"

        I'm Afraid Of Americans

    7. Haku

      "but you won't hear about it from articles like this"

      That's because the articles on this site are primarily based on aspects of information technology.

      Have you not learnt this yet?

    8. Anonymous Coward
      Anonymous Coward

      Notice how the author tries hard to make it seem like the Democrats' arse-covering fantasy known as "Russia hacked the election" is now an accepted fact.

      1 - I have read the story twice now, and I failed to spot said allusion. Please quote the relevant paragraph so I can find some way to link your comments to what was actually said. Unless you're a Trump follower, of course, in which case I suspect an unrelated tangent is simply mandatory.

      2 - as far as I know, this is still part of an ongoing investigation. Which part of "ongoing" do you need explained to you?

      3 - are you saying that if there was no evidence of past hacking it would be perfectly fine to leave these systems as shockingly unsecured as they are (which, by the way, is not exactly news - the vulnerability of voting machines has been a long running theme in many investigations over the years, the only change is that the focus is shifting to remote access)?

      4 - can leave out the party political shite, please? If you really need to spout that nonsense, go to Farcebook or Breitbart who will be happy to post your rants amongst other delusions.

      By the way, these people have only looked at the voting machines, the election front end. From what I've picked up over the years, the tally systems (which concentrate and count the votes) may not be terribly wel protected either, and that's a far more interesting resource to tamper with.

      PS: I notice a lower error rate of your keyboard: did you replace it or has the spittle dried up since?

    9. Destroy All Monsters Silver badge
      Holmes

      I don't see why this was downvoted.

      “Elections have always been the concern and constitutional responsibility of state and local officials. But when Russia decided to interlope in 2016, it upped the ante,” said Douglas Lute, former US Ambassador to NATO and now principal at Cambridge Global Advisors.

      It's the permanent "Saddam has WMD / Iran will have The Bomb next week / Ghaddafi is a threat to (whatever) / Assad killed his own people" side-quote mental hammering that we have had to endure for 20+ years. This goes on until SHTF to everyone's contentement and neocons basically get to fap fap live on TV while people are dying. At least the unsufferably over-compensating micro-mussolini McCain is now riding into the sunset, though not before having been anointed American War Jesus For Liberty & Freedom by the usual presstitutes. Sad!

      Well, after the latest House dumbass attack the war with Russia is pretty much official in any case ("Sanctions" you say? Well, you don't that kind of "sanctions" w/o expecting the shooting to start soon somewhere.), Let's have fun, f*ck the EU etc.

      Meanwhile, about the "January 6" smoking mushroom assessment:

      In a memo to President Trump a group of former U.S. intelligence officers, including NSA specialists, cite new forensic studies to challenge the claim of the key Jan. 6 “assessment” that Russia “hacked” Democratic emails last year. .

      And also: NYT Finally Retracts Russia-gate Canard (well, the reinstated it the next day, can't be American Pravda without a bit of chutzpah now, can you?)

    10. martinusher Silver badge

      The original hacks date back 10 years or more

      The original hacks to voting machines occurred with Diebold machines back in the 2004 timeframe. This is nothing to do with the recent Russian whatever-it-is (which (IMHO) is more to do with oligarchy capturing the government than Russia). By adopting such a partisan mindset you play into the hands of people who would like to fiddle our elections. Voter suppression is an established fact while significant levels of illegal voting haven't been detected in any election (....they're quite easy to spot as well).

      BTW -- I'm a part time poll worker. I signed up after the Diebold fiasco because I wanted to keep our elections straight. Trump's announcement about 'millions of illegal votes' is not only blowing smoke but its insulting to the armies of poll workers who do try to keep the elections straight. (...and I look at the entire system, not just a single piece of hardware -- a SYSTEMS perspective)

      1. This post has been deleted by its author

  2. Anonymous Coward
    Anonymous Coward

    And they still want to bring Electronic/Internet Voting to the UK ?

    What could possibly go wrong?

    "Citizen, Your vote will be recorded and held against you, but it will not be counted unless it was cast for us."

    1. Anonymous Coward
      Anonymous Coward

      What could possibly go wrong?

      You get some that makes trump look like a political genius.

      People stop voting cause their vote does not count.

      1. Doctor Syntax Silver badge

        "What could possibly go wrong?

        You get some that makes trump look like a political genius."

        Whoosh

        1. Fred Flintstone Gold badge

          You get some that makes trump look like a political genius.

          With all due respect, I believe that is now beyond the capability of even the best SFX and greenscreen setups in Hollywood.

          1. Anonymous Coward
            Anonymous Coward

            3 years ago did you think Trump would be possible ? While it might beyond Hollywood's imagination it's possible.

    2. Suburban Inmate
      Black Helicopters

      Go wrong?

      I thought traceless fiddle-ability was the whole point of electronic voting?

    3. Infernoz Bronze badge
      Holmes

      No to UK e-voting, for many of the same reasons why we must retain physical cash, including anonymity of use.

      e-voting is much easier for state or other agents to tamper with; other parties could be framed on discovery, and/or voters are tracked for later coercion/retaliation.

      I also think that UK and US political systems no longer really represent the voters and that representation is far too granular/dated, and should be upgraded to a more decentralised model like Swiss model, something which the tyrant Abraham Lincoln moved the US away from by effective USA federal annexation of the US states via the US civil war for anti-slavery lies.

      1. Steve Evans

        If e-voting is ever going to come to the UK, maybe we should start getting some practice in on the US systems...

        Then when it happens, we can "vote" in a party with a clue.

        Oh... Hang on... I see a problem.

        D'oh!

  3. John Smith 19 Gold badge
    FAIL

    Now watch the companies chaff clouds

    "We take the security of the democratic process very seriously"

    "Your vote is important to us"

    "These were old machines which were retired because there were insecure"

    Yadda, yadda.

    "Voting machine" is the very definition of single purpose, embedded, niche system. It's got one key task to carry out. It's OS should be pretty stripped down to begin with and how big should the application it runs need to be FFS?

    This is a story that deserves to be more widely reported.

    1. Steve Graham

      Re: Now watch the companies chaff clouds

      I was putting petrol in my car the other day, and the petrol pump crashed and stopped pumping. "Error 0", it said.

      As I drove to the next town and next petrol station, I couldn't help wondering exactly how much computing power you really need in a petrol pump.

      1. Nolveys
        Headmaster

        Re: Now watch the companies chaff clouds

        I was putting petrol in my car the other day, and the petrol pump crashed and stopped pumping. "Error 0", it said.

        According to MSDN[1] Error 0 is:

        ERROR_SUCCESS

        ⠀⠀⠀⠀0 (0x0)

        ⠀⠀⠀⠀The operation completed successfully.

        So clearly everything went great and there's no problem at all.

        As for voting machines, they can be secured using the following multi-part process. First take a sheet of corrugated cardboard and fold it into a box and cut a slot-shaped hole in the top. Then place the potentially vulnerable electronic voting machine in a big, black plastic bag and drop it from a height of at least 10 meters onto a garbage barge.

        [1] Stands for "Microsoft Doesn't kNow".

      2. Captain Badmouth

        Re: Now watch the companies chaff clouds

        "I couldn't help wondering exactly how much computing power you really need in a petrol pump."

        I recall way back then, when motorolla introduced the 68000 series, hearing of a company using the 6809 as a "display processor".

        1. Anonymous Coward
          Anonymous Coward

          Re: Now watch the companies chaff clouds

          Amazingly, the Motorolla 68000 is the first Google hit for searching that number... either it's more famous than I realised, or Google is personalising every one of my searches to give micro controllers as the first result. :D

        2. Anonymous Coward
          Thumb Up

          Re: Now watch the companies chaff clouds

          Last time I looked, both it and the Hitachi versions are still used for embedded work. Really nice instruction set. I did learn one thing new. There's a soft-processor, 6809 implemented on an FPGA, version of it freely available. Clocks above 40 MHz where the first run version out of the foundry at Motorola usually clocked under 1 MHz. Definitely going to look at that. I've always had a soft spot for Moto chips, especially the 680x0 line which were in both my Amiga 1000 (68000 then 68010) and Amiga 2000 (68000 then 68030+68882).

          1. Vic

            Re: Now watch the companies chaff clouds

            Really nice instruction set.

            It has a BRN - "BRanch Never" instruction. And I've used it...

            Vic.

          2. John Smith 19 Gold badge
            Go

            I've always had a soft spot for Moto chips,

            Yes, had a very clean architecture, and AFAIK the only 8 bitter to have its own MMU (although IIRCHitachi released a Z80 instruction set compatible device with on chip MMU) giving a 2MB address space.

            I could never figure out why it's clock speed did not rise in the same way as thigns like the Z80. I did not know (thank you Wikipedia) that it was built round a large PLA, rather than microcode. The microcode allowed non memory access instructions to run faster.

            I think a 6809 was an option on the "Tube" interface of the BBC Microcomputer, which taught the Acorn team a lot about the trade offs of different mfg processors. Valuable lessons when it came to designing the ARM.

        3. Alan Brown Silver badge

          Re: Now watch the companies chaff clouds

          > I recall way back then, when motorolla introduced the 68000 series, hearing of a company using the 6809 as a "display processor".

          Z80s live on as the core logic of many keyboards (Which led to some fun'n'games fitting rechargeable battery packs to Atari ST keyboards to keep the daytime clock running when the computer was switched off (yes, the CMOS clock lived in the keyboard))

          6809s were/are popular because they were more-or-less a system on a chip and didn't need much external glue logic.

  4. Winkypop Silver badge

    Say what you want about the Russians

    At least they have a wicked sense of humour.

    Just look at the nut-job they installed for POTUS!

  5. Anonymous Coward
    Anonymous Coward

    This is a concern, what if John Jackson got in instead of Jack Johnson?

    I'm struggling to think of anything our elected representatives/politicians did for the people that voted for them rather than the wealthy or the corporations so I'm not sure we actually have a democracy anymore which is probably why they didn't bother with security.

    1. Anonymous Coward
      Anonymous Coward

      "so I'm not sure we actually have a democracy anymore which is probably why they didn't bother with security"

      They didn't bother because profit!

    2. Warm Braw

      I'm not sure we actually have a democracy anymore

      It's touching you believe you ever did.

      1. Anonymous Coward
        Anonymous Coward

        It's touching...

        That you think there is a marked difference between political societies options. There is, but the total and also end games are the same.

  6. Anonymous Coward
    Anonymous Coward

    As If

    As If these systems are produced by multinational corporations, the biggest crooks on the planet, did not already have built in backdoors for them to insure their preferred election outcomes.

  7. Rol

    Argos. Shop and vote with ease.

    "Hello sir. How may I help you today?"

    "Ah, yes. I'm here to vote and the..."

    "Certainly sir. We have 24 terminals around the store, and you can use any one of them to vote or make a purchase from our extensive range of high quality goods"

    "Yes I know. I've just tried to vote and it tells me:- That item is current;y out of stock"

    "And what was it you were trying to purchase?"

    "I wasn't trying to purchase anything. I just want to vote"

    "Sorry about that sir. Would you mind pressing your first finger against this terminal and I'll investigate further.....Thank you"

    clickety click click

    "I'm sorry sir but that item is out of stock"

    "What item is out of stock!!!"

    "Your vote. It seems you have already voted"

    "Well I assure you I haven't"

    "I will raise a query and the Election team will contact you shortly"

    "And that's it?"

    "Well I'm afraid so sir"

    ......................

    The following morning the country awoke to the news Breville Sandwich Toaster had won the election and voters could collect their purchase in-store.

    1. Anonymous Coward
      Anonymous Coward

      Re: Argos. Shop and vote with ease.

      "The following morning the country awoke to the news Breville Sandwich Toaster had won the election and voters could collect their purchase in-store."

      And still an improvement over Bloody Stupid Johnson.

    2. John Smith 19 Gold badge

      Re: Argos. Shop and vote with ease.

      There is only one true answer here

  8. Kev99 Silver badge

    Much simpler solution. Don't use the internet for confidential, proprietary or financial data. The US survived using non-internet voting for over two hundred years. There are three reasons why the internet is used now - stupidity, laziness, and the news media.

    1. Mike 16

      Timeline

      ---

      The US survived using non-internet voting for over two hundred years.

      ---

      Not sure where you are counting from. The literal "Voting Machines" (mechanical devices with levers) were quite famous in the day for their behavior on behalf of the figurative "Voting Machines" that controlled several major cities. This was early 20th century IIRC, so a good bit less than 200 years of successful non-internet voting.

      Meanwhile, hacking a voting machine (or a whole county's worth) only gets you so far. The real action is in hacking the central tabulating systems, as allegedly happened in Diebold's home state of Ohio a few elections back. It's another form of leverage :-)

      And we have a lot less than three years. Gerrymandering is (typically) under the control of state legislatures, so those boring state elections make a big difference.

  9. EnviableOne

    They would have used up to date machines, but the manufacturers were too scared ro let them. So DEFCON had to make do with eBay finds

    1. John Smith 19 Gold badge
      Unhappy

      "would have used up to date machines, but the manufacturers were too scared ro let them"

      I don't know if this is true.

      But if so it doesn't say anything good about any mfg.

  10. Anonymous Coward
    Facepalm

    The security of voting machines

    Apart from the security vulnerabilities in the voting machine, a more serious issue is that they don't provide a paper record. Just how difficult can it be to have them print out a digitially signed ticket. Generate a hash from the ticket details + random number, print ticket details + hash as a bar code. The various state lotteries manage to do this twice weekly.

    1. Anonymous Coward
      Anonymous Coward

      Re: The security of voting machines

      But more money to be made in the lotteries.

      1. Ole Juul

        Re: The security of voting machines

        The money is in the contract, not the software.

    2. tom dial Silver badge

      Re: The security of voting machines

      Many, perhaps most, voting machines do produce a paper record that can, at need, be used for a recount.

      Two observations may be pertinent, however. First, it is not obvious that the code could not be altered so that the information recorded in the internal memory device used for counting differed from what was presented on screen and on the printed tape. It would have to be done pretty far upstream and would have to be done carefully, and probably would be possible to discover by doing a hand recount of the paper tape from corrupted machines. (Absent the paper tape, of course, all bets are off, and those who sold, and bought, such machines should be ashamed if they are capable of feeling shame). Second, hand marked paper ballots as used for a couple of centuries, more or less, also do not provide a receipt. Trust is reinforced by evident physical controls like tamper-evident seals and padlocks, as well as oversight by election officials generally required to represent at least two political parties.

      1. Sir Runcible Spoon

        Re: The security of voting machines

        Iirc, the main reason to bring in electronic machines was to reduce the number of votes discounted due to 'hanging chads' or whatever.

        The answer then, is simple. Press the screen for the candidate of your choice, machine prints out ticket with your vote on it - you then put it in a box so that it can then be counted later on.

        Some things just shouldn't be too modernised. See Stainless Steel Rat for multiple reasons why.

        1. J. Cook Silver badge
          Joke

          Re: The security of voting machines

          I'm still looking for that ancient tome by Mac O'Velly... :)

  11. Not also known as SC

    Why Electronic Voting?

    I think it was a Tree House of Horror where Homer Simpson tries to vote for one candidate but ends up with multiple votes for the other? Because voting is carried out on a state by state basis why don't they just have paper votes and count them manually? With any black box system there is going to be suspicion that things aren't honest - isn't that why lottery machines are transparent?

    1. Charles 9

      Re: Why Electronic Voting?

      Because then you have to trust the counters, meaning (corruptible, even in opposition--as a cartel) people.

    2. Brangdon

      Re: Why Electronic Voting?

      They don't use paper votes because they vote on many different things at once. Their voting forms are pages long. It's much more complex than it is in the UK.

  12. Anonymous Coward
    Anonymous Coward

    There's a fix for this

    1. Require all electronic voting machines to produce a paper trail that the voter can see to verify the vote was properly recorded.

    2. Require that every state do a full recount of a few percent of randomly chosen precincts

    3. If error is found over an acceptable margin (I'll leave it to the statisticians to determine the proper criteria for how many precincts to randomly recount and what the acceptable margin is) require a full statewide recount of all precincts

    If you do this, hacking into the voting machines doesn't let you change votes, which mostly eliminates the incentive for anyone to try. Hackers could still DoS the machines, but that's not something that can happen under the radar like changing electronic vote totals, so it couldn't silently swing the election.

    I think the place to be worried about hackers isn't hacking the individual machines one at a time since doing enough of them to matter would require a massive coordinated effort which would be impossible to keep secret. Where you need to worry about it is hacking at the voting machine's vendor (if you don't do the paper trail and random recounts above) or even worse, hacking whatever system they are using to receive, tabulate and report the totals from the precincts.

    1. ITS Retired

      Re: There's a fix for this

      The problem with electronic voting machines is that the "paper trail" doesn't have to agree with the real vote either. They are computers, after all. We need to go back to hand counted, pencil and paper ballots.

      Who care if we don't know the winner until the next day? Other counties can do this for millions of votes, why can't we?

      1. Anonymous Coward
        Anonymous Coward

        Re: There's a fix for this

        "The problem with electronic voting machines is that the "paper trail" doesn't have to agree with the real vote either. "

        Back in the distant past we had tape punches and tape verifiers. The puncher punched; the verifier entered what (almost always she) read as the same data and if there was a mismatch it was flagged up.

        It is 1950s technology to be able to run the paper trail through a tape reader and verify that the result is exactly the same as the machine vote record. For proper security, the generator and reader of the tape should come from different vendors using different programs on different hardware but it is not hard. I vaguely recall having to produce pseudocode for just such a program many years ago.

        1. Charles 9

          Re: There's a fix for this

          Two words: hanging chads. Punch cards and punch tapes are similar technologies.

          1. Alan Brown Silver badge

            Re: There's a fix for this

            "Two words: hanging chads."

            1: The USA is one of the few countries worldwide where voters punched a tabulating card.

            2: That wouldn't have been an issue if the bloody things were maintained.

    2. tom dial Silver badge

      Re: There's a fix for this

      1. Is not an effective fix against those who can corrupt the code far enough upstream.

      2. Hand recount of a selected small sample is not immune to manipulation by suitably placed election officials who may know which machines were tweaked.

      The realistic solution is hand marked paper ballots. There is no need for, and at best marginal benefit from use of machines, although there may be some cost saving. The primary beneficiaries are the newsreaders of the nighttime news shows, and the election night shows that can "call" the elections before most of the people have gone to bed. There really is no good reason, though, that we all cannot wait until sometime the following day, especially as the official results normally are not posted for a week or ten days (or sometimes more) anyhow, to accommodate such things as legally required recounts, other recounts, and absentee ballots received after election day.

    3. bombastic bob Silver badge
      Meh

      Re: There's a fix for this

      "Require all electronic voting machines to produce a paper trail that the voter can see to verify the vote was properly recorded."

      paper trail for auditing purposes, period. it would be needed for doing a recount. I think the machines already have that capability but it might not be mandatory. Collecting the printouts once per hour might help, like they way old-style ballot boxes are typically collected [multiple times throughout the day].

      Seriously, though I think the electronic voting thingies are just "new, shiny". Old school paper ballots, with optical counting machines, work really well. My ballot had circles on it that you darkened with a blank felt pen. It's obviously read/counted by computer, and the overall design is hard to screw up.

      1. Rattus Rattus

        Re: There's a fix for this

        No need for optical counting machines anyway. No need for machines at all. Vote the way we still do it here in Australia: Use a pencil to mark the box next to your candidate on a paper ballot and count them by hand, supervised by officials and representatives of all major parties.

        1. Pompous Git Silver badge

          Re: There's a fix for this

          "supervised by officials and representatives of all major parties"
          Smaller booths might not have scrutineers from every party. In any event, there's much haggling over questionable votes: "I'll let you count that ballot if you allow this one..." And with preferential voting it's a matter of assessing probable preferential flow whether the trade is "fair". Hare-Clark is even harder to assess the value in a trade. Glad I don't do that shit no more :-)

          1. Charles 9

            Re: There's a fix for this

            Plus there's the matter of doing it in a country of 350-million-plus people, not to mention their impatience regarding results, meaning it's not politically favorable to take your time.

            1. Anonymous Coward
              Anonymous Coward

              Re: There's a fix for this

              That's why you rely on machine counts for the unofficial results, and sanity check them to see if you need to do a full recount. Even if you choose to do a full manual "count" (it would really be a recount if you publish the machine count as unofficial) it wouldn't matter if it took a few days to complete it for the official results.

              The only chance the result would be changed is if a state had very close results or there was hacking of the machines to try to change the results. There's no point to hacking if you know there's a paper trail that will definitely be used, so it really only matters in the case of a close election. The US survived not knowing who was going to be president for over a month in 2000, so waiting a few days in suspense once every century or so when the whole election hangs on a single close state isn't much to ask. Most of the time it doesn't matter, unless you care whether your guy won by 60 electoral votes or 40 electoral votes...

              1. Charles 9

                Re: There's a fix for this

                "The US survived not knowing who was going to be president for over a month in 2000, so waiting a few days in suspense once every century or so when the whole election hangs on a single close state isn't much to ask."

                That very incident PROMPTED the push for electronic voting. And yes, people ARE that impatient, to the point Election Day is no longer a federally-mandated holiday anymore (mandated holidays are discouraged by things like the hospitality industry that DEPEND on holidays).

      2. Anonymous Coward
        Anonymous Coward

        @bombastic bob - paper trail for auditing

        Obviously I meant that the paper trail would be used for auditing (that's the only proper way to conduct a recount that takes hackers out of the picture) but it is important that it is something the voter can see to verify his vote was recorded properly on the paper. Otherwise hackers program the machine to indicate a vote for Bob on the screen, but print Doug on paper a few percent of the time and a close election is swung my way that survives a recount.

        I agree with you about paper ballots. I think the hanging chad thing and issues with overly complicated 'butterfly ballots' made people think "oh hey computers are great, let's have them solve all our problems" and went to the most advanced tech. It really isn't any more difficult to hand recount the 'filled circle' ACT/SAT test style ballots. That's what a computer would have to output to make it human readable, if it printed text and used OCR that's needlessly complicated, if it printed bar codes a person couldn't verify that the vote they cast for Bob wasn't changed to Doug on paper.

        So why not skip a step and just give people the paper ballots? Where I live we've been using these every election I've ever voted in, so the technology is proven. Having a touch screen computer at every station instead of a #2 pencil just wastes money to acquire/secure them that could be used to pay the election workers to come back on Wednesday for the random recounts (or hell, mandatory full recounts since we probably saved enough money we could afford to do that)

  13. Anonymous Coward
    Anonymous Coward

    "Intrusion will be logged"

    That's ok, I always delete any logs at inter-nic.

    1. Quinch

      Re: "Intrusion will be logged"

      Hehe, now I want to replay Uplink.

  14. Bruce Ordway

    Which models?

    >>Diebolds to Sequoia and Winvote equipment

    >> were bought on eBay or from government auctions

    I wonder how old these voting machines were, when/where they were in service?

    I do remember Diebolds as being notoriously insecure... a long time ago.

    I wouldn't know about today... would not be surprised if they've been improved, are still junk or both.

    1. Bruce Ordway

      Re: Which models?

      >> When/where used

      Per http://www.politico.com/story/2017/07/30/hackers-voting-machines-las-vegas-241130

      - used until just two years ago.

      - a model still used in parts of seven states, as well as all of the state of Nevada.

      And this was nice too....

      >> Though the device was supposedly wiped before it was sold by the government at auction

      >>the hackers were able to uncover the results the machine tallied in 2002.

  15. willi0000000

    the electronics are lovely but useless when casting your vote.

    probably the safest method is manually marking a paper ballot . . . if a human can mark it a human can read and count it.

    when it comes time to tally the vote a machine does it faster, and probably more accurately, than a human.

    recounts can also be done by using other machines to get a first look and comparing it to the count by a human panel . . . if there is a discrepancy, the source should be relatively easy to find.

    [ when all is said and done, i worry more about masses of people (olds, non-whites, poors) being disenfranchised by the various cures for non-existent voter fraud ]

    1. tom dial Silver badge

      It is "known" that vote fraud is (nearly) nonexistent primarily because there seems not to have been a diligent search for it. Suggested use cases include college students registering and voting where they attend school and also where they live when not attending school; and those who recently moved from one state to another, who might remain eligible in both states for several election cycles due to widespread sloppiness in registration list maintenance, combined with extreme resistance to efforts to compare registration lists between states. I thought about doing this the first time when I attended graduate school in Michigan while my legal residence remained in Ohio, and again when I moved from Ohio to Utah a few years ago.

      Hand marked paper ballots, whether counted by hand or machine, are obviously superior to any voting machine.

      1. Charles 9

        Paper ballots can be stuffed and swapped by a sufficiently-resourced organization, like a political party or two.

        1. Sir Runcible Spoon

          "

          Paper ballots can be stuffed and swapped by a sufficiently-resourced organization, like a political party or two."

          True, but it's a lot more detectable than 100% computerized voting system.

          1. Charles 9

            "True, but it's a lot more detectable than 100% computerized voting system."

            I don't think so, not against a sufficiently-corrupted political machine. Think Venezuela levels...

      2. Alan Brown Silver badge

        > It is "known" that vote fraud is (nearly) nonexistent primarily because there seems not to have been a diligent search for it.

        Actual _voter_ is nearly nonexistent because it's unlikely to make a difference except in the most marginal seats - which get a lot of recounts and where any suspicion of multiple voting will get investigated. Personation (casting a vote using someone else's identity) is a bit harder to detect if they haven't voted, but otherwise is readily detected.

        On the other hand _vote_ (counting) fraud is both hard to audit and difficult to detect. There's a saying attributed to Stalin along the lines that you don't need to control your voters, merely the people counting the votes.

        This is why stealing ballot boxes and box stuffing are both actions that happen regularly in parts of the world and is _why_ every ballot has a serial number. If there's a box-stuffing incident you can check the serial numbers issued against the serial numbers in the box.

        The best defence against electoral fraud is a vigilant public. Anyone can attend the counts and witness them.

        1. Charles 9

          But at that point, how can they be sure it's really their votes that were counted? It's not like a really good adversary would have two of everything, including voter rolls. Plus, there is an intractable voter problem: the conflict between two equal yet opposite needs, a free vote and a true vote. A free vote is required to be able to truly vote one's conscience, yet it prevents really being able to detect a covert swap outside of a "small enough that everyone intimately knows everyone else" village scenario. That can be prevented with a true vote, but that always raises the specter of voter pressure, preventing it being truly free.

  16. Tom Paine

    Meanwhile, back at the story --

    "Commonwealth of Virginia, Official Ballot

    County of Fairfax

    Special Election

    Tuesday August 19th 2014"

    Nice, not only did they not DBAN them, they didn't even nuke the software's most recent config . Anyone imaged one of these and pulled it into EnCase or suchlike disk forensics tools? Sounds likely there'd be considerable lulz to be had...

  17. martinusher Silver badge

    No danger in our county

    Well, if I came up to a terminal that announced itself as "WinVote" I'd avoid it like the plague. Its going to be hackable.

    The machinery we use is a lot older and its not networked so its really difficult to hack. Most voters vote using optically read cards. The reader not only tabulates the votes but stores the cards so that we've got a check on the actual numbers if we need it. We do have electronic terminals, they're quaint and appear to be based on an ancient laptop running vxWorks. They not only tabulate the votes but keep a printed record of each vote. I could detail how everything is sewn up so that actually tampering with the results would be difficult, if not impossible, but its a bit long winded. Suffice to say that the memory packs in the optical readers are about the size of a pack of playing cards with a decidedly non-standard interface. The touch terminals are a bit more modern, they've got a PCMCIA memory card. I might have some junk somewhere that could read it but the chances are that the card's not formatted in any way that's recognizable to standard equipment. (But then......I can't get the pack out without breaking seals, I can't take it off to a corner and work on it because there's always more than one poll worker with the equipment and votes at all times.....and so on.......)

    (Statistics and exit counts are the easy way to check up on voter fraud. Its just a bit sophisticated for the rubes that get their daily does from Fox and the like.)

  18. Captain Badmouth

    Kenyan news

    Not related to the above (or is it?) but the guy responsible for the Kenyan voting system has been found dead, decapitated, today. Just this minute on BBC world news @ 21.52 BST.

  19. Anonymous Coward
    Anonymous Coward

    same voting machines elected the last President too

    but now, not then but only just in November, did they get pwned by communists...err...Russians sneaking behind every tree and out of every alley.

    If a system is truly compromised, it doesn't maintain legitimacy at ANY time during its use. Just being aware of it now doesn't change that.

  20. zzx375

    Connectin a voting machine to the internet merits termination of one's employeement

    Seriously. I don't care how little time it takes to break into a voting system at a hacking conference. This a time to take a step back and use the voting machine that takes a scanned paper ballot (doesn't matter front or back). The machine gives a tally tape and the paper ballots are audit-able proof if a hand count should be required. The state election board secretary, governor, whomever implemented the internet connected systems in the states using them should hand in their resignations if still in office.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon