Hursti Hack

Hursti Hack

Three voting machines hacking tests have been performed by Finnish Computer expert Harri Hursti for the nonprofit elections watchdog group Black Box Voting [ [http://www.blackboxvoting.org Black Box Voting site] ] and the producers of the HBO documentary Hacking Democracy [ [http://www.hackingdemocracy.com hackingdemocracy.com website] ] who filmed it. The first two Hursti Hacks were set up in Leon County, Florida with the authorization of Supervisor of Elections Ion Sancho and these tests examined a Diebold Election Systems (DES) Accu-Vote OS 1.94w (optical scan) voting machine. The third Hursti test was conducted for Black Box Voting in collaboration with Bruce Funk, then-County Clerk of Emery County, Utah, on a Diebold TSx touch-screen.

Hursti Memory Card Hacks

The tests by Hursti were the third (May 26, 2005) and fourth (Dec. 13, 2005) in a series of five voting machine examinations produced by the Black Box Voting group. The first four tests were authorized by Supervisor of Elections for Leon County, Ion Sancho to ascertain whether votes could be altered on a Diebold voting machine. Tests on Feb. 14, 2005 and May 2, 2005 were conducted on the Diebold GEMS central tabulator by Herbert Hugh Thompson, who proved that results reports could be altered without a password by using a Visual Basic script. The third and fourth tests were memory card tests performed by Hursti. The fifth test took place with both Hursti and Thompson in Emery County Utah.

During Hursti's first memory card hack on May 26, 2005, he altered the program that creates the "poll tapes", or voting machine results reports. However, this hack would be detected if the supervisor of elections compared the poll tape results with the GEMS central tally report. The GEMS tally report can be hacked to match, as demonstrated during two earlier Black Box Voting projects in Leon County with Herbert Thompson. Thompson successfully manipulated the GEMS tally program using a Visual Basic script.

The May 26 version of the Hursti memory card hack would require two steps to succeed without detection in a vigilant election setting: Both the memory card and the GEMS tabulator program would need to have matching hacks. [ [http://www.blackboxvoting.org/BBVreport.pdf Black Box Voting "Hursti I" Report: Critical Security Problem with Diebold Optical Scan] ]

During a videotaped meeting in Cuyahoga County, Ohio, DES Research and Development chief Pat Green stated that checks and balances would detect the tampering and that it would not be possible to alter the votes themselves on the memory card.

However, during the Dec. 13 2005 testing, Hursti successfully altered the votes on the memory card. His memory card manipulations falsified both the voting machine results tapes and the GEMS central tabulator report. Leon County Supervisor of Elections Ion Sancho stated that he would have had no way to detect the tampering and would have certified the election. [ [http://www.hackingdemocracy.com Cuyahoga meeting and Sancho statement shown in film "Hacking Democracy"] ]

The Hursti memory card hack performed in Leon County on Dec. 13, 2005 is a variation on stuffing the ballot box prior to any votes being cast. Hursti had pre-loaded the memory card giving one candidate 5 positive votes and one candidate 5 negative votes to create a "zero report." This keeps the machine accurate in votes cast compared to number of voters.

Actual paper ballots were used pre-printed with the following question: "Can the votes on this Diebold system be hacked using the memory card?"

Participants

The participants were:
*Ion Sancho, Supervisor of Elections, Leon County, Florida.
*Thomas James, Information Systems Officer for Leon County, Florida
*Bev Harris, Black Box Voting founder
*Kathleen Wynne, Black Box Voting Associate Director
*Harri Hursti, computer programmer and security expert
*Hugh Thompson, application security expert and Ph.D. in math
*Susan Bernecker, former Republican candidate for New Orleans city council.
*Susan Pynchon, Director of Florida Fair Elections Coalition

The test election

Since Hursti was the the technical advisor he was asked by Sancho to remain outside of the test area. Selection of the voting machine was done by random draw. Machine #15191 was pulled as the random machine. [Transcribed from "Hacking Democracy" DVD] . Hursti only touched the memory card but did not come in to contact with any machines.

Seven participants made out their ballots using the opti-scan paper sheets (Hursti remaining outside the test area). Sancho then went to Hursti and gave him a ballot which Hursti filled-out. Hursti then gave Sancho the memory card to insert in to the machine. The operation of the machine was explained by Sancho to those in attendance and the card inserted and machine turned on which then produced the "zero total tape." The tape produced zero votes cast. The test ballots were then inserted in to the Diebold machine followed by the "ender card" (same size as ballot) was inserted telling the machine to turn off its counting function and start its reporting function. The machine then produced a paper tape with 7 yes votes and 1 no vote.

Results

This test demonstrated that DES made misrepresentations to Secretaries of State across the nation when DES claimed votes could not be changed on the memory card, the credit card-sized ballot box used by computerized voting machines.

Furthermore, DES wrote a press release referring to the famous vote changing 'Hursti Hack', stating that - "Harri Hursti is shown attacking a DES machine in Florida. But his attack proved later to be a complete sham." [ [http://www.hackingdemocracy.com/ Diebold Attacks "Hacking Democracy"] ] In response to the test election, California's Secretary of State commissioned a special report by scientists at UC Berkeley to investigate the Hursti Hack. Page 2 of their report states - "Harri Hursti's attack does work: Mr. Hursti's attack on the AV-OS is definitely real. He was indeed able to change the election results by doing nothing more than modifying the contents of a memory card. He needed no passwords, no cryptographic keys, and no access to any other part of the voting system, including the GEMS election management server." [ [http://www.hackingdemocracy.com/ Diebold Attacks "Hacking Democracy"] ] [ [http://www6.diebold.com/dieboldes/pdf/hbo_letter.pdf Letter From Diebold] ]

A spokesman for DES said it was similar to "leaving your car unlocked, with the windows down and keys left in the ignition and then acting surprised when your car is stolen." [ [http://www.washingtonpost.com/wp-dyn/content/article/2006/03/25/AR2006032500805_pf.html Washington Post, March 25, 2006] ]

The test election was filmed and shown in the conclusion of the 2006 HBO Emmy award nominated documentary, "Hacking Democracy", which premiered November 2, 2006." [ [http://www.hbo.com/docs/programs/hackingdemocracy/synopsis.html "Hacking Democracy," HBO documentary. Retrieved October 16, 2006] ] [ [http://www.hbo.com/docs/programs/hackingdemocracy/index.html HBO Documentary Films. retrieved Nov. 6, 2006] ]

Examination of the DES TSx touch-screens in Utah

In 2006, Black Box Voting was invited by Emery County Utah County Clerk Bruce Funk to examine the DES TSx touch-screen. Black Box Voting arranged for the services of Hursti and Black Box board member Jim March, who traveled to Utah March 1 and 2, 2006. Hursti discovered numerous security flaws, the most egregious being the ability to reload the entire operating system and the ability to replace the boot loader simply by inserting a member card with a specific program name. [ [http://www.blackboxvoting.org/BBVreportIIunredacted.pdf Unredacted Black Box Voting Hursti report on TSx] ] Hursti discovered that the system would accept macros in a manner that posed a risk to election security. Jim March opened the case of the TSx and photographed its interior, discovering a hidden SD wireless slot and piggyback connectors under the standard modem, both enabling the machine to be equipped for wireless communications without the knowledge of election directors. [ [http://www.blackboxvoting.org/BBVreportII-supplement-unredacted.pdf Unredacted supplement to Black Box Voting TSx report] ]

After seeing how serious the problems were, Black Box Voting engaged the services of Herbert Thompson, then head of the security company Security Innovations, to provide an independent opinion. Both Hursti and Thompson conducted a second series of tests on March 16 and 17, 2006 to confirm findings, which prompted emergency warnings and last minute corrective actions in Pennsylvania, California, and other states. [Technology Daily: States Still Concerned About New Voting Equipment; May 30, 2006 ]

References


Wikimedia Foundation. 2010.

Игры ⚽ Нужно решить контрольную?

Look at other dictionaries:

  • Harri Hursti — is a computer programmer and former CEO of F Secure PLC, a software company based in Helsinki, Finland. [ [http://www.brennancenter.org/dynamic/subpages/download file 39281.pdf Brennan Center on Harri Hursti] ] He was also Chairman of the Board… …   Wikipedia

  • Hacking Democracy — Infobox Film name = Hacking Democracy caption = The controversial electronic voting documentary director = Simon Ardizzone Russell Michaels producer = Simon Ardizzone Russell Michaels Robert Carrillo Cohen starring = Bev Harris, Kathleen Wynne,… …   Wikipedia

  • Herbert Hugh Thompson — Dr. Herbert Hugh Thompson is an application security consultant. Thompson received his Ph.D. in Applied Mathematics from Florida Institute of Technology. [ [http://www.nnjtg.org/Thompson bio.html Northern New Jersey Telecom] ] and holds a CISSP… …   Wikipedia

  • Optical scan voting system — Election technology Certification of voting machines Independent Testing Authority (ITA) NVLAP VVSG End to end auditable voting systems Help America Vote Act Independent verific …   Wikipedia

  • Volusia error — The Volusia error is an example of the problems with electronic voting from the 2000 US Presidential election. Late in the night on November 7, 2000 the US election had come down to a tight race over Florida and its 25 electoral votes. Both Al… …   Wikipedia

  • Susan Bernecker — was a Republican candidate for Jefferson Parish, New Orleans City Council in 1995. She was defeated 33% to 58% by Nick Giambelluca, nephew of the Jefferson Parish election supervisor, Tony Giambelluca.After her loss and under the protection of… …   Wikipedia

  • Tallahassee in popular culture — Tallahassee has been represented well in popular culture through the years, moreover, Tallahassee has had more than its share of exposure and references in television programs, popular music, film, and the news for a city of its population. From… …   Wikipedia

  • Hacking Democracy — Filmdaten Deutscher Titel Hacking Democracy Produktionsland Vereinigte Staaten …   Deutsch Wikipedia

  • Bev Harris — Bev Merton Harris is an American writer, activist, and founder of Black Box Voting Inc., a national nonpartisan, nonprofit elections watchdog group. She helped popularize the term Black Box Voting, while authoring a book of that title.She first… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”