Is Electronic Voting a Safe Bet?

Electronic Voting - Risky Business?Obviously, when the power grid can be shutdown by a remote exploiter who leverages TCP/IP connectivity of SCADA integrated systems, one can assume flipping bits on a voting system should be even a much easier task. Election fraud has been discovered since the beginning of recorded history. Archaeologists digging in a well discovered a dumped stash of 190 broken pottery shards that appear to have been used by ancient Athenians for a vote in 471 B.C. There’s no need today to dig holes to hide the data. Who is to say their vote was recast when there is no evidence of tampering and the software remains ‘proprietary’? Over 45 million Americans will vote and while paper is still the preferred means of voting at least 10 million of these votes will be cast electronically, according to Verified Voting.

Computerized election management systems assign a number to each candidate. By editing the file to flip the candidate number, Bev Harris has demonstrated that the Diebold GEMS central tabulator can swap votes between candidates. Harris has also demonstrated this manipulation targeting only the absentee votes.

Central tabulators that use Microsoft-based programs can usually be hacked using a trojan horse-like script. This is simply a set of text commands typed into “notepad” or other devices; at the right time, the program can alter the votes undetectably. This was demonstrated using a real voting system in Leon County, Florida by Black Box Voting with Dr. Herbert Thompson.

The electronic ballot boxes, now stored on removable credit-card-sized disks called memory cards, can be stuffed and hacked as well. This was demonstrated in another Black Box Voting project, by computer expert Harri Hursti — again using real voting systems in Leon County Florida.
On the Diebold TSx touch-screens, the whole kit and kaboodle can be replaced with malicious substitute software. This was discovered in an autopsy of the system conducted in Emery County, Utah.

In a Black Box Voting project, researcher Harri Hursti and an expert from another company, Security Innovation, learned that simply by knowing the name of the file, a programmer can replace the file using any of a variety of mechanisms — memory cards, wrieless devices, or a cable attached to the motherboard.

In addition, various voting machines contain wireless capabilities, potentially enabling remote access. The Diebold TSx machine has a slot to fit an SD wireless card on the motherboard.

Clearly while we all wish to see our vote count, they may count for a candidate we did not choose. Like all computer technology, hackers and those who hire them will ‘own’ the vote and the system because there is nothing stronger than pen, paper and a signature. The direction of voting is all electronic in our near future and that leaves much to be desired.

(Sources: CDM and

November 27, 2012

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 are now Open! Finalists Notified Before BlackHat USA 2024...