The Vulnerability Assessment Team at Argonne National Laboratory looks at a wide variety of security devices– locks, seals, tags, access control, biometrics, cargo security, nuclear safeguards–to try to find vulnerabilities and locate potential fixes. Unfortunately, there’s not much funding available in this country to study election security. So we did this as a Saturday afternoon type of project. It’s called a man-in-the-middle attack. It’s a classic attack on security devices. You implant a microprocessor or some other electronic device into the voting machine, and that lets you control the voting and turn cheating on and off. We’re basically interfering with transmitting the voter’s intent. We used a logic analyzer. Digital communication is a series of zeros and ones. The voltage goes higher, the voltage goes lower. A logic analyzer collects the oscillating voltages between high and low and then will display for you the digital data in a variety of formats. But there all kinds of way to do it. You can use a logic analyzer, you can use a microprocessor, you can use a computer–basically, anything that lets you see the information that’s being exchanged and then lets you know what to do to mimic the information.
For years, researchers have been aware of numerous security flaws in electronic voting machines. They’ve found ways to hack the machines to swap votes between candidates, reject ballots or accept 50,000 votes from a precinct with just 100 voters. Yet on Nov. 6, millions of voters — including many in hotly contested swing states — will cast ballots on e-voting machines that researchers have found are vulnerable to hackers. What is more troubling, say some critics, is that election officials have no way to verify that votes are counted accurately because some states do not use e-voting machines that produce paper ballots.After the “hanging chad” controversy of the 2000 election, Congress passed a federal law that gave states funding to replace their punch card and lever voting systems with electronic voting machines. But computer scientists have repeatedly demonstrated that a variety of electronic voting machines can be hacked — often quite easily. “Every time they are studied, we find further problems,” said J. Alex Halderman, a computer science professor at the University of Michigan who researches voting machine security.
As the 2012 presidential campaign swings into full gear, there are concerns that hackers may target voting systems and Websites as a form of political protest. An apparent threat to hack into voting systems and disrupt the vote has the Iowa Republican Party on edge, according to the Associated Press.
The state’s Republican Party is boosting the security of the computer systems it will be using Jan. 3 for the first caucus in the 2012 presidential campaign, AP reported Dec. 19. Party officials were acting in response to a video posted on YouTube calling on Anonymous supporters to “peacefully shut down the first-in-the-nation Iowa caucuses” to protest the corrupt political system that favors corporations.
Investigators don’t know yet whether the threat is authentic and have not yet confirmed whether the Anonymous hacktivist collective is really planning any protests to prevent the vote. As a loose collective of like-minded hackers, Anonymous doesn’t have an official hierarchy or structure, making it very easy for a single person, or a select few, to claim an attack without most of the group’s participation or knowledge.
Secretary of State Scott Gessler wants to make it easier for counties to comply with rules for electronic voting machines, but watchdogs say the changes increase the risk of hackers stealing an election. Gessler will hold a meeting today to discuss the changes, but plaintiffs in a 2006 lawsuit that led to the decertification of several voting machines did not wait to let loose with criticism.
Jeff Sherman, an Iraq veteran who worked on democracy-building in that country, said he is dismayed U.S. elections are vulnerable to fraud through voting machines. “We have a system that is a light to the world. I think it does all of us a disservice when there are questions about elections,” Sherman said.
Colorado has not had any known instance of election-hacking, but Sherman’s lawyer, Paul Hultin, cited an exercise by Argonne National Laboratory in which scientists hacked into a voting machine from half a mile away using cheap, off-the-shelf equipment.
Argonne Labs’s demonstration attack on a Diebold voting machine is getting a lot of press. The article above has the details, but briefly, what the Argonne team did was to insert some malicious “alien” electronics between the CPU and the touch screen. Unsurprisingly, that device can modify input from the touch screen and/or output to the touch screen, allowing the attacker to tamper with the election. To read the press coverage and the quotes given by the authors, you might get the impression that this was something new. For instance:
“This is a fundamentally very powerful attack and we believe that voting officials should become aware of this and stop focusing strictly on cyber [attacks],” says Vulnerability Assessment Team member John Warner. “There’s a very large physical protection component of the voting machine that needs to be addressed.”
These comments aside, there’s not really any new information here; rather, it was completely obvious that this sort of thing was possible to anyone who knew how the devices were constructed. It’s well-known that the only defenses against this were physical security of the machines itself (tamper seals, locks, custody, etc.) and that they were extremely weak. Indeed, Alex Halderman and his team demonstrated some not-dissimilar attacks a while back on the Indian Electronic Voting Machines. The EVEREST report described a man-in-the-middle attack on the iVotronic interface to the VVPAT vote printer. Indeed, the same team from Argonne demonstrated a similar attack on a Sequoia system im 2009.
There are a number of reasons why voting researchers have historically focused on informational attacks (as I’ve saidbefore, “cyber” isn’t the word that computer scientists would typically use). First, they’re easier to do wholesale. While it’s moderately expensive—though not that expensive—to reverse engineer the software and develop an exploit and/or replacement software, once you’ve done that you can make as many copies as you want. Moreover, if you have a good exploit (like many of the ones described in the TTBR), you may be able to easily install it with very brief physical access, without opening the case, and perhaps without even violating any security seals. For obvious reasons, attacks which can be mounted by voters seem a lot more interesting than attacks which involve semi long-term access to the machine. It’s not exactly likely that your average voter is going to be allowed to open the machine in the middle of the election.
Moreover, in some cases, informational attacks (i.e., viruses) have been demonstrated that only require contact with a small number of voting machines. The idea here is that you have temporary access to a given machine, infect it with the virus, and then this somehow spreads to every machine in the county. By contrast, a physical attack like this requires tampering with every voting machine.
Researchers at the Argonne National Laboratory this week showed how an electronic voting machine model that’s expected to be widely used to tally votes in the US 2012 elections can be easily hacked using inexpensive, widely-available electronic components.
Roger Johnston, head of the Vulnerability Assessment Team at the US Department of Energy’s science and engineering reseaech lab, said the hack, which requires about $25 and very little technical expertise, would let cybercriminals “flip” votes gathered on Diebold Accuvote TS machines and change election results without raising any suspicion.
Johnston and his team have long warned about vulnerabilities in e-voting machines. And two years ago, the team demonstrated how a Sequoia touch screen e-voting machine could be similarly manipulated using cheap components. The latest research was first reported by the Salon news site.