Saturday, May 13, 2006

Diebold Designed to be Easily Tampered With...

Summary of latest study revealed this week by Harry Hursti, computer expert on Diebold voting machines:
In a minute or two, new malicious code can be permanently installed. It can defeat any security measures attempted later and hide itself from forensic investigation.
Aviel Rubin, a professor of computer science at Johns Hopkins University, ... said: “I almost had a heart attack. The implications of this are pretty astounding.”
For this and other stories see: http://iowavoters.org/
Obituary for Diebold
May 13th, 2006
This is how techie Stan Klein of Truevotemd.org explains the latest security hole in Diebold “voting” machines that was reported by Harry Hursti this week
I briefly looked at the report (redacted version) yesterday. Even without knowing all the details, on a scale of 1 to 10 this is a 100. I think there needs to be an immediate investigation on how the machines got to be designed this way, . . . and how the machines got through the certification process without fraud or bribery. The violations of the [federal voting system standards] are too extensive to overlook.
Essentially, Hursti found it is easy to install malicious code permanently on the machine at the most fundamental level that can defeat any attempt to secure the machine afterward.
So it is “easy’” and it is “permanent.” That is really all I need to know to jump to this conclusion: These so-called voting machines are not fit for use–even once. Iowa should order them scrapped right now and Diebold should be sued for fraud.
If you want more of Klein’s excellent explanation, keep reading. He breaks the computer’s brain into three sections:
There are three levels of code in any computer:(1) the BIOS (that interfaces the hardware to the software, controls the system at startup, and is the basic level of machine functionality),(2)the operating system (that provides essential services, including security, for the system), and(3)the application (in this case voting functionality).
Then he zeros in on the BIOS, which means “basic input output system”:
The BIOS is what you are working with when a computer starts up and you get the option to press F2 or some other key and set things like the boot sequence, the system clock, the processor speed, and some hardware level functions, including some security functions.
So I learned something right there! I never heard of the BIOS before. Now I know what is happening with my son’s new Dell computer that won’t run Windows at startup. We get that screen that Stan describes. We must be dealing with the BIOS. Something is wrong that we can’t fix. Even the guy in India who answered the tech support call wasted hours of our time trying to figure out what to do.
Hursti showed that it is trivial to alter the Diebold BIOS (the most fundamental level in any computer) and to attack both the operating system and voting application as well. All it takes is to connect the right kind of device, to name the files according to Diebold’s naming scheme, and to get brief physical access (a minute or two) to the machine. The system will automatically install the malicious code, which can be permanent, can contain functionality to enable further attacks (such as vote reallocation), can protect itself from forensic investigation, and can defeat any security measures added at a higher level (such as hash code checking).
Let’s summarize: In a minute or two, new malicious code can be permanently installed. It can defeat any security measures attempted later and hide itself from forensic investigation.
If Stan is correct, conscientious election administrators will bury Diebold Election Systems. RIP.Read it all in the NY Times today. http://www.nytimes.com/2006/05/12/us/12vote.html?_r=1&oref=slogin
Politics Blog Top Sites

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home