Home > Wheel of VOTER Challenge II: 2K
Elections-Elected Digital-Technology USA Robin Baneth
NEW $2,000 CHALLENGE
Due to the popularity of last week’s Wheel of VOTER Challenge 2004 — in which it was paper-trail voting emerged to have an unrivaled mandate — we at WVC headquarters now offer the following $2,000 opportunity for an equally tantalizing issue:
We will send a $2,000 cashier’s check to the first election official, politician, statistician, professor, broadcast journalist, blogger, editor, vote machine manufacturer, programmer, Yalees, MITers, anyone who can convince us that hacking a CENTRAL TABULATOR is more difficult than hacking a web site. We call this "swiftboating the tabulator."
To win, merely dispute ANY of the following steps or reasoning that anybody with access to an internet- or modem-connected computer or similar device could perform to change the results of a single computer that aggregates the results from all of the precincts in a given county (central tabulator):
***
BEGIN
THEOREM: Please assume a password breach and only non-paper trail counties are attacked for your analysis. GEMS software.
1) Diebold or state election’s current- or ex-employee notes IP address or phone number of target central tabulator computer. Let’s assume 197.66.66.6 IP (this will not work and is for demo purposes only).
2) From ANY internet-connected computer start DOS window. In Windows XP, START->RUN->"cmd"
3) ftp 197.66.66.6, for example
4) for ID, "guest" for password just hit enter
5) lcd C:\Program Files\GEMS\LocalDB
6) receive "coloradospringscityelection.mdb" without quotes.
7) log out or stay connected
8) hacker edits this file on own computer using Microsoft Access
8a) double-clicks coloradospringscityelection.mdb
8b) clicks on TABLE->SumCandidateCounter
8c) reverses two numbers in TOTAL VOTES column (keep a vote TOTAL counts the same)
8d) saves and exits
9) reconnects using above, then type "send coloradospringscityelection.mdb" EXIT
This method gets most recent database structure (with candidates names and other user customizations). Then hacker just needs to reverse the numbers a column or two. Then hacker copies a new edited file on top of target computer’s file. All this could be done WHILE election official was using. Changes would not be noticed until next time GEMS program was started.
This could be repeated for 10-20 battlegound Florida or Ohio COUNTIES on election evening. Step number one is hardest. However, any Diebold or state elections official technician would have this info if they worked on machine in office. In addition, this method may be the actual method GEMS database is fixed remotely. If ftp is passworded then, just need password. If not using ftp, could use hidden backdoor. Could come in on virus, spyware, manually-opened port.
END
****
Robin Baneth
2004 National Wheel of VOTER Challenge Chair
Raleigh, North Carolina
rbaneth@mindspring.com
To take last week’s challenge:
– http://www.yubanet.com/artman/publish/...
Other Articles by same author:
http://www.yubanet.com/artman/publish/article_15806.shtml
http://bellaciao.org/en/article.php3?id_article=4653
http://www.yubanet.com/artman/publish/article_15689.shtml
http://bellaciao.org/en/article.php3?id_article=4652
http://bellaciao.org/en/article.php3?id_article=4651
One more:
http://www.house.gov/judiciary_democrats/ohblackwellltr12204.pdf
(12/03/2004)
Extra credit: True or false?
Can you google for hacking info or can everyone be trusted?
Still forthcoming article: Why Canadians don’t riot after elections.