Security research vid shows "virus" infecting e-voting machines

Max sez,
The Security Group at the University of California in Santa Barbara has released the video that shows the attacks carried out against the Sequoia voting system. I heard about the video when talking to some members of the group, but it was never made available to the public before. The video was shot as part of the Top-To-Bottom Review organized by the California Secretary of State. Even though the review was carried our in July 2007, the video has been posted only now, more than a year after (why?).

The video shows an attack where a virus-like software spreads across the voting system. The coolest part of the video is the one that shows how the "brainwashed" voting terminals can use different techniques to change the votes even when a paper audit trail is used. Pretty scary stuff. The video is proof that these types of attacks are indeed feasible and not just a conspiracy theory.

Also, the part that shows how the "tamperproof" seals can be completely bypassed is very funny (and disturbing at the same time).

Evaluating the Security of Electronic Voting Systems (Thanks, Max!)



  1. Sounds a bit like what happened in the movie “Man of the Year” where Robin Williams playing as a Jon Stewart like political TV satirist runs for President and wins after a computer bug in the e-voting machines favors him over the other candidates.

  2. Presumably these machines are being used in an attempt to save money (I can’t think of any other reason). However, given the amount of money that’s been spent on certification, re-certification, purchasing (and disposal), is it really worth it?

  3. Can we just go back to hand counting bits of paper? Seriously at least when you use that system you need a proper conspiracy to rig things. Not just a single hacker.

  4. FLUP@6: It is worth it to those who want to control the outcome of an election, and thereby the country.

    BALDHEAD@9: Even when we were counting bits of paper, they managed to steal an election. Remember 2000? What can be done when the Supreme Court stops a recount, which by any measure would have shown Gore as the winner, and not just of the popular vote?

  5. Why didn’t the California Secretary of State read the report after the review and decertify the DRE’s or at the very least, re certify with conditions for use, storage and handling and allow one per voting place to be used for accessibility and paper ballots for those who can hold a pencil?

  6. PHIKUS@11: Yet the use of those physical ballots is what enabled you to make that conclusion.

    Note that what happened in Ohio, 2004 is much less clear because of computerized voting.

    Digital electronic information can’t be verified where anonymous transactions are involved; the goal in designing digital equipment is to create and alter information as effortlessly and cleanly as possible.

    This is accomplished through many layers of abstraction which most people (99.999%) can’t audit (or often even detect). Electronic “ballots” cannot be viewed directly with the human eye (nor otherwise directly sensed) because the bits that show a “vote” on the screen are not the same bits that comprise the record. They are un-auditable.

    Even where digital signatures of poll workers are used, they will only indicate very generally a problem in a batch of votes in a given precinct… the discrepancies cannot be traced to individual ballots to figure out what went wrong.

  7. Much of the trouble in gaining any sort of transparency in the vote process with these machines is probably also why this video was delayed for so long. The companies that build these hold on tightly to every design and code detail as a trade secret.

Comments are closed.