Posts

Let's Steal The Election Ourselves This Time

2006-10-23 14:55:01

This is promising stuff. Only 37 out of 50 US states rely on electronic voting machines, and 80% of the votes cast in the 2006 elections will be on electronic machines. In fact, we're not the first lunatics to undertake this mission:

Diebold Election Systems Inc. expressed alarm and state election officials contacted the FBI yesterday after a former legislator received an anonymous package containing what appears to be the computer code that ran Maryland's polls in 2004. Cheryl C. Kagan, a longtime critic of Maryland's elections chief, says the fact that the computer disks were sent to her - along with an unsigned note criticizing the management of the state elections board - demonstrates that Maryland's voting system faces grave security threats.

---from this hilarious story. That happened three days ago. Although we admire the class act, we do wish the perpetrator had kept that card up their sleeve and done something...well, more on that later.

Onwards and Upwards

First of all, volunteer to work the polls on election day, it's the simplest way to get close to the machines, and it's a good thing to help out your community. Or something.

Votes are tallied centrally by the Global Election Management System (GEMS), which is, conveniently enough, an extremely comprimised piece of software. Take a look at this page of test notes courtesy of fellow Brainsturbator Jim Marsh. You can also look at the step by step instructions that Bev Harris and Jim gave to Howard Dean. (Sadly, Howard Dean learned this too late to save his campaign.)

For further red meat, we have a copy of the Princeton report:

Security Analysis of the Diebold Voting Machine

Princeton is also kind enough to provide us with a full video on how to install the code: here (scroll down) or here (youtube)

You can also check out a much lower-tech but more meaty how-to video HERE

It's Not Safe Out There

The great thing about the information age is that I can get ahold of nearly anything and everything I would like to find out. Hilariously, government reports about security vulnerabilities are a great resource to learn about security vulnerabilities in your government. For instance, a report to Maryland State Gov provided this tasty morsel:

Cryptography: The AccuVote-TS system continues to employ DES for encrypting ballots on the flash memory PCMCIA cards. The default is to use the known key mentioned in the Hopkins Report. As described above, DIEBOLD has provided functionality to change these keys and this is a strong recommendation. For the encrypted link between a precinct and the local board of election, the system now uses AES, dynamic keys, and a standard SSL connection. Keys and passwords are no longer shared between users and procedures have been put into place to manage them effectively.

And from an equally meaty Federal report:

The hardware consists of a touch-screen voting terminal with two locked bays. One bay houses a roll of paper tape that prints out the initial ("zero count") vote tally and, following the election, the final vote tally. A second bay houses the on/off power switch, two PCMCIA slots (one for the flashdisk card that holds the ballot definition and records the voters cast ballots and one for a modem), and a standard keyboard jack. During an election these bays are locked. Maryland has ordered approximately 16,000 AccuVote-TS terminals each equipped with two locking bays and supplied with two keys accounting for 32,000 locks and keys. Surprisingly, each lock is identical and can be opened by any one of the 32,000 keys. Furthermore, team members were able to have duplicates made at local hardware stores. It is a reasonable scenario to assume that a working key is available to an attacker. To make matters worse, using a commonly available lock pick set, one team member picked the lock in approximately 10 seconds. Individuals with no experience were able to pick the lock in approximately 1 minute. Arguably it would be very noticeable for a novice to pick the lock protecting the PCMCIA cards and keyboard interface during an election. However, someone with slightly more experience could do so from a standing position, or two individuals working together could possibly cause enough of a distraction that the lock could be picked while a judge's back is turned. Access to the PCMCIA bay during an election could render the votes cast there unusable. Since certain precincts are considering loading their terminals the day before the election, one must consider this vulnerability as being accessible prior to the election. Among the attacks discovered and demonstrated were: 1. Attach a keyboard to the terminal and access functionality in the software that allows the attacker to view the entire directory tree on the machine's internal memory and on the PCMCIA card. Three functions are then available to the attacker: "Save As", "Finish Recording", and "Open". These functions are remnants of test code that allowed the developers/testers to record events that simulated voting. The function along with the functions allow an attacker to overwrite files in the internal memory and the PCMCIA card. Using this method an attacker can overwrite both the results file and the audit file on both the internal memory and the PCMCIA card. This would completely overwrite the results for that voting terminal. Moreover, the exploit elevates the attacker to Supervisor status - no smart card required.

The Obvious Question

"But how are we supposed to get organized enough to transmute isloated fraud into a nationwide electronic coup?"

Well, you're staring at the answer right now. Not Brainsturbator -- I'm arrogant, but not psychotic. I'm talking about The Internets. The network already exists. The tools already exist. Let's be serious here: if you wanted to organized a nationwide operation like this you could do it on fuckin' MySpace within a few weeks. I'm not saying something that everyone in power doesn't already know, all too well. This is precisely why conservative and fascist elements in the United States want to restrict and control the flow of information online.

Make them scared. Give them a reason to worry. They've earned it.

The Bigger Picture Here

I'm not proposing that we rig these machines to get in the least offensive candidate. If we're gonna be breaking the law and designing a conspiracy, here, let's go big. Let's start electing people who aren't even f*ing running for office.

This is what we refer to as the First Paradox of Authority:

"The kind of people who you want to be authority figures are the kind of people who do not want authority over others."

This is similar to the problem of Intelligent People Not Having Kids, we can't have people burdened by mere ethics here. The stakes are too high. We need to put someone like Amory Lovins in the White House, someone like Maynard James Keenan, someone like Maya Angelou. (And we need the craziest, best-armed militia in the country to back them up and dismantle existing organized crime syndicates like the DEA, ATF, IRS, CIA, etc, etc, etc.)

Seriously --- if I found out someone used this information to get a Democrat elected, it will be a dagger through my heart. Go big. As Hakim Bey instructed us bad kids: "Crime as art. Art as crime."

Read another?