GoFuckYourself.com - Adult Webmaster Forum - View Single Post

marzzo · 11-03-2004, 02:48 AM

http://www.blackboxvoting.org/#breaking

We now have evidence that certainly looks like altering a computerized voting system during a real election, and it happened just six weeks ago.

MONDAY Nov 1 2004: New information indicates that hackers may be targeting the central computers counting our votes tomorrow. All county elections officials who use modems to transfer votes from polling places to the central vote-counting server should disconnect the modems now.

There is no down side to removing the modems. Simply drive the vote cartridges from each polling place in to the central vote-counting location by car, instead of transmitting by modem. ?Turning off? the modems may not be sufficient. Disconnect the central vote counting server from all modems, INCLUDING PHONE LINES, not just Internet.

In a very large county, this will add at most one hour to the vote-counting time, while offering significant protection from outside intrusion.

It appears that such an attack may already have taken place, in a primary election 6 weeks ago in King County, Washington -- a large jurisdiction with over one million registered voters. Documents, including internal audit logs for the central vote-counting computer, along with modem ?trouble slips? consistent with hacker activity, show that the system may have been hacked on Sept. 14, 2004. Three hours is now missing from the vote-counting computer's "audit log," an automatically generated record, similar to the black box in an airplane, which registers certain kinds of events.

COMPUTER FOLKS:

Here are the details about remote access vulnerability through the modem connecting polling place voting machines with the central vote-counting server in each county elections office. This applies specifically to all Diebold systems (1,000 counties and townships), and may also apply to other vendors. The prudent course of action is to disconnect all modems, since the downside is small and the danger is significant.

The central servers are installed on unpatched, open Windows computers and use RAS (Remote Access Server) to connect to the voting machines through telephone lines. Since RAS is not adequately protected, anyone in the world, even terrorists, who can figure out the server's phone number can change vote totals without being detected by observers.

The passwords in many locations are easily guessed, and the access phone numbers can be learned through social engineering or war dialing.

ELECTION OFFICIALS: The only way to protect tomorrow's election from this type of attack is to disconnect the servers from the modems now. Under some configurations, attacks by remote access are possible even if the modem appears to be turned off. The modem lines should be physically disconnected.

We obtained these documents through a public records request. The video was taken at a press conference held by the King County elections chief Friday Oct 29.

The audit log is a computer-generated automatic record similar to the "black box" in an airplane, that automatically records access to the Diebold GEMS central tabulator (unless, of course, you go into it in the clandestine way we demonstrated on September 22 in Washington DC at the National Press club.)

The central tabulator audit log is an FEC-required security feature. The kinds of things it detects are the kinds of things you might see if someone was tampering with the votes: Opening the vote file, previewing and/or printing interim results, altering candidate definitions (a method that can be used to flip votes).

Three hours is missing altogether from the Sept. 14 Washington State primary held six weeks ago.

11-03-2004, 02:48 AM
marzzo Confirmed User Industry Role: Join Date: May 2002 Posts: 2,134	http://www.blackboxvoting.org/#breaking We now have evidence that certainly looks like altering a computerized voting system during a real election, and it happened just six weeks ago. MONDAY Nov 1 2004: New information indicates that hackers may be targeting the central computers counting our votes tomorrow. All county elections officials who use modems to transfer votes from polling places to the central vote-counting server should disconnect the modems now. There is no down side to removing the modems. Simply drive the vote cartridges from each polling place in to the central vote-counting location by car, instead of transmitting by modem. ?Turning off? the modems may not be sufficient. Disconnect the central vote counting server from all modems, INCLUDING PHONE LINES, not just Internet. In a very large county, this will add at most one hour to the vote-counting time, while offering significant protection from outside intrusion. It appears that such an attack may already have taken place, in a primary election 6 weeks ago in King County, Washington -- a large jurisdiction with over one million registered voters. Documents, including internal audit logs for the central vote-counting computer, along with modem ?trouble slips? consistent with hacker activity, show that the system may have been hacked on Sept. 14, 2004. Three hours is now missing from the vote-counting computer's "audit log," an automatically generated record, similar to the black box in an airplane, which registers certain kinds of events. COMPUTER FOLKS: Here are the details about remote access vulnerability through the modem connecting polling place voting machines with the central vote-counting server in each county elections office. This applies specifically to all Diebold systems (1,000 counties and townships), and may also apply to other vendors. The prudent course of action is to disconnect all modems, since the downside is small and the danger is significant. The central servers are installed on unpatched, open Windows computers and use RAS (Remote Access Server) to connect to the voting machines through telephone lines. Since RAS is not adequately protected, anyone in the world, even terrorists, who can figure out the server's phone number can change vote totals without being detected by observers. The passwords in many locations are easily guessed, and the access phone numbers can be learned through social engineering or war dialing. ELECTION OFFICIALS: The only way to protect tomorrow's election from this type of attack is to disconnect the servers from the modems now. Under some configurations, attacks by remote access are possible even if the modem appears to be turned off. The modem lines should be physically disconnected. We obtained these documents through a public records request. The video was taken at a press conference held by the King County elections chief Friday Oct 29. The audit log is a computer-generated automatic record similar to the "black box" in an airplane, that automatically records access to the Diebold GEMS central tabulator (unless, of course, you go into it in the clandestine way we demonstrated on September 22 in Washington DC at the National Press club.) The central tabulator audit log is an FEC-required security feature. The kinds of things it detects are the kinds of things you might see if someone was tampering with the votes: Opening the vote file, previewing and/or printing interim results, altering candidate definitions (a method that can be used to flip votes). Three hours is missing altogether from the Sept. 14 Washington State primary held six weeks ago.