Princeton researchers show how to steal an election with Diebold machines

Princeton security researchers Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten have taken apart one of Diebold's notorious voting machines and done a thorough security analysis of its workings. They showed that they could easily install software on the machine that would allow an attacker to steal votes from one candidate and give them to another -- they showed that this would be undetectable, and easily done. They've published a paper and an amazing, disturbing video showing how this could be done.

This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities--a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine's hardware and software and the adoption of more rigorous election procedures.

Diebold insists that their machines are secure, and that they don't need voter-verified paper audit-tapes that keep a real-time log of the votes cast -- but this latest attack, which requires only a few minutes to execute, shows that America's votes should not be run on Diebold hardware.

EFF has done amazing work in fighting Diebold at standards bodies, in courts, and in the press, working to ensure that American elections aren't overturned by bad code and greed.

Link, Link to EFF's Online Policy Group v. Diebold, Inc. case notes

(Thanks, Chris!)

Start the discussion at bbs.boingboing.net