Tuesday, January 08, 2008

The Cat That Controls New Hampshire Voting Machine Programming

Reprinted by permission.

***

Please distribute widely, Digg, Blog, reprints, get this to the media, etc.

A YouTube video from Black Box Voting that you won't soon forget:
http://www.youtube.com/watch?v=PiiaBqwqkXs

THE CAT THAT CONTROLS NEW HAMPSHIRE ELECTION PROGRAMMING

John Silvestro and his small private business, LHS Associates, has exclusive programming contracts for ALL New Hampshire voting machines, which combined will count about 81 percent of the vote in the primary. And as to Super Tuesday and beyond: Silvestro also has the programming contracts for the states of Connecticut, Massachusetts, and Vermont.

Silvestro IS the New Hampshire chain of custody in New England -- Or at least, a very large component in it.

Last fall, with the help of citizens like you, Black Box Voting began working on "Chain of Custody" projects, in which we identified some of the areas of concern that might affect many jurisdictions at once. First on the list for the Northeast U.S. is LHS Associates, a vendor with inside access to every memory card, as well as to the chips containing the "brain" of the Diebold optical scan machines.

RARE VIDEO FOOTAGE

In an unusual confluence of available video, we obtained footage of Silvestro grappling with Harri Hursti, the master hacker who had his way with the Diebold optical scans in Leon County, Florida in the famous exploit that was showcased in the film Hacking Democracy.

The exact same make, model and version hacked in the Black Box Voting project in Leon County is used throughout New Hampshire, where about 45 percent of elections administrators hand count paper ballots at the polling place, with the remaining locations all using the Diebold version 1.94w optical scan machine. Because the voting machine locations tend to be urban, this represents about 81 percent of the New Hampshire voters.

The video shows Harri Hursti testifying on Sept. 19 before the New Hampshire legislature, attempting to explain significant vulnerabilities requiring urgent mitigations; throughout his testimony, Silvestro inserted his own comments, opinions, misstatements and speculations.

VOTING MACHINE CHECKUP

One area of disagreement between Hursti and Silvestro was the amount of expertise needed to exploit the Diebold 1.94w optical scan system. Silvestro claimed (in a strange contortion of reasoning) that he doesn't hire very skilled programmers, implying that this makes New Hampshire elections more secure.

Hursti pointed out that hiring programmers with a lack of knowledge is generally not considered a security feature, and also that an average high schooler can learn to exploit the system in two days to two weeks.

WE THINK IT DOESN'T TAKE THAT LONG

Black Box Voting purchased a Diebold optical scan with 1.94w firmware, and chose a computer repair shop out of the phone book, took it in, grabbed the first available technician. It took him less than 10 minutes to zero in on the memory card as a point of critical vulnerability -- and oh my, did he point out some other intersting things!

NEW HAMPSHIRE HASN'T UPGRADED SYSTEM SECURITY

Silvestro tries to claim that the security problems have been fixed in newer editions. Whether or not they have been, it's a moot point in New Hampshire where the upgrade is not made unless the Ballot Law Commission meets, and they have not met for ages.

Silvestro then points to extraordinary measures taken by other states to enact special procedural safeguards, but of course none of those were implemented in New Hampshire either, because the Ballot Law Commission has not bothered to meet since March 2006.

IN FACT, NEW HAMPSHIRE HAS NOT IMPLEMENTED MITIGATIONS FOR KNOWN RISKS

Not only that, they have turned all the programming over to a sole source private company, taking vote counting for 81 percent of New Hampshire citizens out of the public domain.

LHS is not subject to public records requirements, as the government is, at least, not in New Hampshire. The control over memory card contents is absolute; when cards malfunction or get lost, LHS brings the replacements.

CONTROL OVER THE "BRAINS" OF THE MACHINE: ACCESS TO THE CHIP

Since LHS maintains the machines, repairs the machines, and replaces the machines -- often on Election Day -- when they malfunction, they have intimate access to the chips, sockets, ports, communications devices and other electronic components.

Silvestro stated that the chip has "read only memory" and cannot be reprogrammed without frying it under ultraviolet light overnight.

Hursti never had a chance to examine the hardware, nor have most of the recent university studies had access. But our friendly neighborhood computer repair guy differed with Silvestro on the point of plug & play reprogramming of the guts of the machine.

After I push the button to send this message out to the media and the citizenry, I'll work on getting a short YouTube video of the Accuvote checkup by our local computer repairman. And before you say, "But wait! He's not a world class expert!" -- That's just the point.

Our local computer repairman may hit or miss on some of his analyses. You'll all be able to try your hand at second guessing him as soon as the next video is up. But if he hits even one of his ideas for how to exploit the machine to steal votes, that's all it takes. From someone who is not, certainly, a world class hacker or even a hacker at all.

I'll post the link to that in a follow up here: http://www.bbvforums.org/forums/messages/1954/71200.html?1199744175 , and invite you techs to weigh in.

Please feel free to distribute, reprint or excerpt, with link to Black Box Voting and the video link above.

Bev Harris
Black Box Voting
bev@blackboxvoting.org


* * * * *

This is the year to support Election protection actions: http://www.blackboxvoting.org/donate.html
or mail to:
Black Box Voting
330 SW 43rd St Suite K
PMB 547
Renton WA 98057

Donations over $45 receive the "Hacking Democracy" DVD as a gift.

Monday, January 07, 2008