The Vulnerability Assessment Team at Argonne National Laboratory looks at a wide variety of security devices– locks, seals, tags, access control, biometrics, cargo security, nuclear safeguards–to try to find vulnerabilities and locate potential fixes. Unfortunately, there’s not much funding available in this country to study election security. So we did this as a Saturday afternoon type of project. It’s called a man-in-the-middle attack. It’s a classic attack on security devices. You implant a microprocessor or some other electronic device into the voting machine, and that lets you control the voting and turn cheating on and off. We’re basically interfering with transmitting the voter’s intent. We used a logic analyzer. Digital communication is a series of zeros and ones. The voltage goes higher, the voltage goes lower. A logic analyzer collects the oscillating voltages between high and low and then will display for you the digital data in a variety of formats. But there all kinds of way to do it. You can use a logic analyzer, you can use a microprocessor, you can use a computer–basically, anything that lets you see the information that’s being exchanged and then lets you know what to do to mimic the information.Full Article: How I Hacked An Electronic Voting Machine | Popular Science.
For years, researchers have been aware of numerous security flaws in electronic voting machines. They’ve found ways to hack the machines to swap votes between candidates, reject ballots or accept 50,000 votes from a precinct with just 100 voters. Yet on Nov. 6, millions of voters — including many in hotly contested swing states — will cast ballots on e-voting machines that researchers have found are vulnerable to hackers. What is more troubling, say some critics, is that election officials have no way to verify that votes are counted accurately because some states do not use e-voting machines that produce paper ballots.After the “hanging chad” controversy of the 2000 election, Congress passed a federal law that gave states funding to replace their punch card and lever voting systems with electronic voting machines. But computer scientists have repeatedly demonstrated that a variety of electronic voting machines can be hacked — often quite easily. “Every time they are studied, we find further problems,” said J. Alex Halderman, a computer science professor at the University of Michigan who researches voting machine security.Full Article: Electronic Voting Machines Still Widely Used Despite Security Concerns.
The Election Day is fast approaching in every state in the country. Security experts and researchers from Vulnerability Assessment Team or VAT at Argonne National Laboratories made a video that demonstrates a simple and non-cyber man-in-the middle or MITM attacks on the voting machine – the Diebold AccuVote TS Electronic Voting Machine. The researchers Jon Warner and Roger Johnston inserted customized hardware costing only 10 dollars into the Diebold AccuVote TS.
They were able to read the touchscreen vote using it and they were able to alter the information that was stored within. Changing the electronic votes isn’t really new; however, with the addition of a 16 dollars, the team was able to have a remote control that can operate and perform the MITM attacks even if they were miles away from the machine.
It was even stated that the levels of sophistication needed to accomplish the deed was comparably easy; even starters can accomplish it without any hardships. The same multi-disciplinary team of Argonne National Laboratories that is composed of physicists, digital computer forensics experts, computer engineers, white hat hackers, security researchers and also social scientists has demonstrated the same flaws on the machines of Sequoia Voting Solutions.Full Article: The Dangers of Man-in-the-Middle in Voting Machines.
Researchers at the Argonne National Laboratory this week showed how an electronic voting machine model that’s expected to be widely used to tally votes in the US 2012 elections can be easily hacked using inexpensive, widely-available electronic components.
Roger Johnston, head of the Vulnerability Assessment Team at the US Department of Energy’s science and engineering reseaech lab, said the hack, which requires about $25 and very little technical expertise, would let cybercriminals “flip” votes gathered on Diebold Accuvote TS machines and change election results without raising any suspicion.
Johnston and his team have long warned about vulnerabilities in e-voting machines. And two years ago, the team demonstrated how a Sequoia touch screen e-voting machine could be similarly manipulated using cheap components. The latest research was first reported by the Salon news site.Full Article: Researchers 'hack' e-voting system for US presidential elections - Business - Macworld UK.
U.S. government researchers are warning that someone could sneak an inexpensive piece of electronics into e-voting machines like those to be used in the next national election and then remotely change votes after they have been cast.
The Vulnerability Assessment Team at Argonne Laboratory, which is a division of the Department of Energy, discovered this summer that Diebold touch-screen e-voting machines could be hijacked remotely, according to team leader Roger Johnston. Salon reported on it today, noting that as many as a quarter of American voters are expected to be using machines that are vulnerable to such attacks in the 2012 election.
Basically, when a voter pushes a button to record his or her votes electronically, the remote hijacker could use a Radio Frequency remote control to intercept that communication, change the votes, and then submit the fraudulent votes for recording.Full Article: E-voting machines vulnerable to remote vote changing | InSecurity Complex - CNET News.
Researchers at the Argonne National Laboratory this week showed how an electronic voting machine model that’s expected to be widely used to tally votes in the 2012 elections can be easily hacked using inexpensive, widely-available electronic components.
Roger Johnston, head of the Vulnerability Assessment Team at the U.S. Department of Energy’s science and engineering reseaech lab, said the hack, which requires about $25 and very little technical expertise, would let cybercriminals “flip” votes gathered on Diebold Accuvote TS machines and change election results without raising any suspicion.
Johnston and his team have long warned about vulnerabilities in e-voting machines. And two years ago, the team demonstrated how a Sequoia touch screen e-voting machine could be similarly manipulated using cheap components. The latest research was first reported by the Salon news site.Full Article: Argonne researchers 'hack' Diebold e-voting system - Computerworld.
It could be one of the most disturbing e-voting machine hacks to date.
Voting machines used by as many as a quarter of American voters heading to the polls in 2012 can be hacked with just $10.50 in parts and an 8th grade science education, according to computer science and security experts at theVulnerability Assessment Team at Argonne National Laboratory in Illinois. The experts say the newly developed hack could change voting results while leaving absolutely no trace of the manipulation behind.
“We believe these man-in-the-middle attacks are potentially possible on a wide variety of electronic voting machines,” said Roger Johnston, leader of the assessment team “We think we can do similar things on pretty much every electronic voting machine.”Full Article: Diebold voting machines can be hacked by remote control - 2012 Elections - Salon.com.
When things go really, really wrong, Roger Johnston has a really, really good day. After all, he’s usually the man who made them go wrong.
Johnston has a PhD, 10 patents to his name, and what every 10 year old kid would think is a dream job. As chief of the Vulnerability Assessment Team at Argonne National Laboratory outside Chicago, he has made it is his mission to crack into every security system labeled as foolproof by their creators.
“We need to be thinking like the bad guy,” said Johnston. “The unfortunate reality is that the bad guys get to define the problem. The good guys don’t.”