I saw that headline and couldn’t help but read the story:
Critics of the Diebold touch-screen voting machines turned their attention Wednesday from the machines themselves to the computers that will tally the final vote, saying the outcome is so easy to manipulate that even a monkey could do it.
Sure anyone can say that, but where’s the proof? Oh, silly me, it’s the next line of the story…
And they showed video of a monkey hacking the system to prove it.
Wow, that can’t be good.
In the minute-long video produced by Black Box Voting, Baxter the chimp is shown deleting the audit log that is supposed to keep track of changes in the Diebold central tabulator, the computer and program that keeps track of county vote totals.
Black Box Voting founder Bev Davis said the demonstration shows that the system — which will be used in more than 30 states, including Maryland — is dangerously inadequate when it comes to stopping election fraud.
But a Diebold spokesman insisted that the system is secure despite “incessant” criticism from organizations such as Black Box Voting.
“The fact of the matter is what you saw was a staged production … analogous to a magic show,” said David Bear, the Diebold spokesman.
Even if the system could be hacked, he said, it could only be done by a person with “unfettered access to the system.” Bear noted that elections are not just the machines, but also the people who work the elections.
Yeah, but what if one of the people who work the elections is Dan Rather?
“Quite honestly it’s somewhat insulting to elections officials and volunteers,” he said to the idea that elections officers would tamper with vote results.
He cited “multiple levels of redundancy” that would ensure that “any deviation would immediately be noticed” and dealt with.
But Black Box Voting on Wednesday demonstrated two quick ways that “an unscrupulous person with no computer skills whatsoever” could sabotage vote totals, according to Associate Director Andy Stephenson.
The entire voting record can be deleted by choosing “reset the election” on a drop-down menu, he said, or a hacker can destroy a tabulator’s ability to recognize ballots by un-selecting three checkboxes on a program control panel.
Once those changes are made, a hacker could cover his tracks by deleting the audit log, as Baxter did.
The Diebold central tabulators use a program called “GEMS” that saves vote totals in Microsoft Access, a Windows-based spreadsheet program.
Access is a database, for those of you keeping score. Excel is a spreadsheet program. And for those of you fellow geeks out there, why the hell are they using Access to store the results? SQL would be a better choice. But then again, Access is MUCH cheaper than SQL, and not nearly as complicated. Microsoft is really proud of SQL, and the license is charged by the number of CPU’s in the machine it’s running on. Um, I’m getting off track here…
GEMS requires users to enter a password to access the vote totals, but Davis showed that the totals can also be opened — and altered — with Access, without ever running GEMS.
Because Access functions are already built in to the Windows operating system, the totals could be altered even if a computer did not have Access installed on it, said Herbert Thompson, a computer security expert who teaches at the Florida Institute of Technology (search). He demonstrated how to change vote totals with a six-line program in Microsoft notepad, “a simple text editor” that comes with all copies of Windows.
True, as long as you have the ODBC driver for Access installed, that’s a cakewalk.
But Maryland election officials agreed with Bear that no hacking can happen unless the hacker is physically at the computer. The central tabulators are safe from any such outside tampering, said Donna Duncan, director for the Maryland State Board of Elections election management division.
Yeah, no chance of any social engineering happening. To me, this is kind of scary. I could “hack“ one of these things, and unlike the chimp, I’d know what I was doing. I see visions of lawsuits and recounts…
Recent Comments