2. Attack Scenario 2 In this scenario, a malicious poll worker finds an opportunity after the close of polls to alter the contents of the MBB using his personal laptop. The attacker identifies ballots containing votes for a candidate he doesn't want to win the election and overwrites those ballots with records containing votes for a candidate he does want to be successful. After tampering with the MBB, the attacker replaces it in the expected chain of custody. The technological safeguards for detecting this tampering are insufficient and can, by default, go unobserved. This results in altered vote totals that can only be detected in the event of a manual recount of eSlate VVPAT records.
3. Attack Scenario 3 In this scenario, a malicious observer uses a remote device to capture the audio narration – including the narration associated with a voter's actual voted ballot – from an eSlate with audio capabilities. She is able to observe voters walking up to the eSlate and match them to the audio narration she is capturing, allowing her to violate a voter's right to privacy by linking voters to their vote selections.
...
p. 16
VI. Conclusions Although the Red Team did not have time to finish exploits for all of the vulnerabilities we discovered, nor to provide a complete evaluation of the Hart voting system (System 6.2.1), we were able to discover attacks for the Hart system that could compromise the accuracy, secrecy, and availability of the voting systems and their auditing mechanisms. That is, the Red Team has developed exploits that – absent procedural mitigation strategies – can alter vote totals, violate the privacy of individual voters, make systems unavailable, and delete audit trails.
Great write up, Dave ~ I''m glad I don't have to read those technical reports (unless I upate the annotated bibliography I posted last January.If so, I’ll also be sure to add California’s Red Team reports and FloridaStateUniversity’s just-released report on the failure of optiscans.)
Software Driven Devices (SDDs) have no place in our elections. It's long past time citizens seize the polls and do what is right for democracy - hand count paper ballots at the precinct on election night, before all who wish to observe.
by
Rady Ananda (109 articles, 262 quicklinks, 28 diaries, 875 comments)
on Wednesday, August 1, 2007 at 8:48:53 PM
1 comments
How would you rate this?
You must be logged in (if signed up) to do ratings.
It's free to signup! And easy. And takes just a minute or two....
Must Read (
Well Said (
News (
Touching (
Funny (
Supported (
Interesting (
Inspiring (
Valuable (
