 |
Add to My Group
Overview of Major Expert Studies on Voting Systems
By Rady Ananda (about the author) Page 6 of 7 page(s)
The GEMS server lacks several critical security updates from Microsoft. The team was able to remotely upload, download and execute files with full system administrator privileges.
The server enables the "autorun" feature. Given physical access to the server, one can insert a CD that will automatically upload malicious software, modify or delete elections, or reorder ballot definitions.
The back panel of the GEMS server is not protected. Given physical access to a running device it is possible to insert a USB flash drive and upload malicious software onto the server.
The database files that contain the election definition (and results) are neither encrypted nor authentication protected. By removing the front panel of the server (this is held in place by a small keyed lock), one can insert a CD, power up the server, and have it boot its operating system off the CD. A sophisticated user can automate this procedure requiring only a few minutes access to the server.
Because both the database password and audit logs are stored within the database itself, it is possible to modify the contents without detection. Furthermore, system auditing is not configured to detect access to the database. Given either physical or remote access it is possible to modify the GEMS database.
The procedure by which precincts upload votes to their LBE is vulnerable to a "man-in-the-middle" attack.
The team identified fifteen additional Microsoft patches that have not been installed on the servers. In addition, the servers lack additional measures (all considered best practice) for defense such as the use of firewall antivirus programs as well as the application of least privilege, i.e. turning off the services that are unused or not needed. Each of these represents a potential attack vector for the determined adversary.
*******************
AVIEL RUBIN, National Science Foundation Director of ACCURATE Center, one of the authors with: Tadayoshi Kohno, Adam Stubblefield, and Dan S. Wallach. Analysis of an electronic voting system. In IEEE Symposium on Security and Privacy, May 2004.
Also see www.avirubin.com and "On My Mind: Pull The Plug," Forbes Magazine, 8/2006 http://www.forbes.com/forbes/2006/0904/040.html?partner=alerts&_requestid=2972
Why am I advocating the use of 17th-century technology for voting in the 21st century?
The boot loader controls which operating system, so it is the most security-critical piece of the machine. To (install overwriting software), a night janitor at the polling place would need only a few seconds' worth of access to the computer's memory card slot.
If the defense against the attack is not built into the voting system, the attack will work, and there are virtually limitless ways to attack a(n electronic) system.
*******************
U.S. COMMISSION ON FEDERAL ELECTION REFORM, 2006. See Wall Street Journal article, "Reversing Course on Electronic Voting: Some Former Backers of Technology Seek Return to Paper Ballots, Citing Glitches, Fraud Fears," Wall Street Journal, May 12, 2006.
click here
In 2004, Rady Ananda joined the growing community of (more...)
The views expressed in this article are the sole responsibility of the author
and do not necessarily reflect those of this website or its editors.
 Contact Author |
Contact Editor |
 View Authors' Articles |
by Abbe Waldman DeLozier
$15.00
Lowest New Price $1.75
Number of pages: 248
Publisher: Truth Enterprises Publishing
by Bob Fitrakis
$17.95
Lowest New Price $3.75
Number of pages: 352
Publisher: New Press
by Joel Berg
$9.95
Number of pages: 3
Publisher: Thomson Gale
by Bob Fitrakis
$15.00
Number of pages: 233
Publisher: CICJ Books
| 4 comments |
|
Excellent coverage, Rady
This is an exceedingly useful resource. I hope that you will be able to update it soon with the latest NIST Draft, and then its bastard brother, the amended follow up report. And other reports as they come in. by Nancy Tobi (84 articles, 4 quicklinks, 0 diaries, 70 comments [6 recommended, 0 rejected]) on Wednesday, Jan 3, 2007 at 3:24:50 PM  (0+)
|
|
Nice Rady - Here's Another Shorter Summary Too
Good one. Here's a one-page two-sider that folks can hand out: http://utahcountvotes.org/docs/WhatdotheExpertsSay.pdf by Kathy Dopp (33 articles, 0 quicklinks, 0 diaries, 49 comments) on Monday, Jan 8, 2007 at 2:12:34 AM (0+)
|
|
2-Sided, single page annotation
A colorful, 2-sided flyer summarizing the above points can be found at http://tinyurl.com/kwycu. On Jan. 17, I posted an expanded Annotated Bibliography (of 15 instead of 12 expert reports) to OpEdNews. Thanks Kathy & Nancy ~ your comments (and your work) are appreciated. by Rady Ananda (182 articles, 374 quicklinks, 49 diaries, 1718 comments [201 recommended, 2 rejected]) on Wednesday, Jan 17, 2007 at 1:32:07 PM (0+)
|
|
Reply: Link to Annotated Bib of 15 Expert Reports
by Rady Ananda (182 articles, 374 quicklinks, 49 diaries, 1718 comments [201 recommended, 2 rejected]) on Tuesday, Jan 23, 2007 at 5:12:11 PM (0+)
|
Want to post your own comment on this Article? 
|
||||
|
||||||||||||||
Must Read (0) 
Well Said (0) 
News (0) 
Touching (0) 
Funny (0) 
Supported (0) 
Interesting (0) 
Inspiring (0) 
Valuable (0) Tell a Friend:
|
Copyright © 2002-2009, OpEdNews |
