Hacking the Vote

It seems that most people, even Karen Hughes , were surprised by Bush's eleventh hour win, and electronic voting has had its critics for several years. I've tried to keep an open mind and draw a line between what I believe in my gut vs. what I know, intellectually.

But the more I read, the more I'm beginning to question the results of this election.

Now, along comes a White Hat Hacker (Republican, even), Chuck Herrin, CISSP, CISA, MCSE, CEH who lays it all out in terms (and with screenshots) that even I can understand. He has dedicated a section of his personal/business website to demonstrating how easily it can be done - even did a "speed hacking" demo in which he changed over 1.5 million votes in six minutes without leaving an audit trail.

But... but... he's a Republican!

His response :

I get asked this a lot, and it really shows how focused our country is on partisan politics. I am a voter, first and foremost. That being said, yes, I am a Republican and have been since being sent to Republican Indoctrination Camp at age 2. That's where we are taught supply-side economics and the values of mutually assured destruction. :-)

I got involved with this because I have been against the adoption of these voting systems for years. It's a dumb-ass idea to implement them this way - our votes are too important. I wouldn't trust my Bank with computer systems this insecure; Hell, I wouldn't keep recipes on a system this insecure. When I saw all of the documentation regarding Diebold and their heavy partisan leanings, and then when the results came flooding in with a clear Bush victory when I seriously expected Kerry to win, I put two and two together. I am, by trade, a professional White-Hat Hacker, so I know how easily "secure" systems can be breached, especially by insiders. Roughly 80% of all computer crimes are perpetrated by insiders, so that's always the best place to look first. When the insiders also write the code and roll the machines out, there is no question that they have too much power and can not be trusted, whether they support my party or not. It's called "Segregation of Duties" in the professional world, and it is vital for system integrity.

But that was all theory and conceptual before I tried it myself. I knew that the descriptions and ideas were bad, but I hadn't actually seen a copy of the software. So I went to BlackBoxVoting.org following a link off of some website, I don't remember which, and saw Bev's plea - "Computer Guys - Test it yourself!". I thought, all right, I will. After all, this IS what I do for a living. It's like asking an accountant to balance debits and credits - nothing special, and besides, I was curious. Surely if our states are rolling this out to Hundreds of Millions of voters, somebody checked it. It can't be as bad as these liberal whiners are making it out to be - they're just pissed off that our folks turned out in mass.

What I found truly shocked me, and made me physically ill. That's what is documented on the other page. It IS that bad. I personally don't have conclusive evidence that voter fraud was perpetrated, but I can tell you as an Information Security professional that it would have been very, very easy to do. If I had to choose between someone conspiring with exit poll workers nationwide or someone changing values in an Access Database as the cause of the difference between the poll numbers and the "actual" results, I'll go with the easier, more effective option every time. Why choose the hard way when it's more trouble and you're less likely to succeed? Again, I'm staying clear of making specific allegations - I'll leave that to the activists who are gathering data - but I would be much more surprised if the election weren't hacked than to find out that it was.

It was too easy, the companies were too partisan and unethical, and there was too much at stake for them NOT to hack it. It looked like Bush was going to lose, and they had this tool available to pull out a victory.

Why do I call Diebold partisan and unethical, you ask? How's this:

"I am committed to helping Ohio deliver its electoral votes to the president." - Walden O'Dell, Diebold's CEO in a fundraising letter to Republicans, Fall 2003. O'Dell and other Diebold Senior Executives are Republican "Pioneers", which is the designation you get when you raise over $100,000. His brother is President of ES&S, the #2 vote machine maker, and is also a "Pioneer". Is that partisan enough for you? Well, what about calling them unethical?

Check this out - No less than 5 of Diebold's developers are convicted felons, including Senior Vice President Jeff Dean, and topping the list are his twenty-three counts of felony Theft in the First Degree. According to the findings of fact in case no. 89-1-04034-1:

“Defendant’s thefts occurred over a 2 1/2 year period of time, there were multiple incidents, more than the standard range can account for, the actual monetary loss was substantially greater than typical for the offense, the crimes and their cover-up involved a high degree of sophistication and planning in the use and alteration of records in the computerized accounting system that defendant maintained for the victim, and the defendant used his position of trust and fiduciary responsibility as a computer systems and accounting consultant for the victim to facilitate the commission of the offenses."

To sum up, he was convicted of 23 felony counts of theft from by - get this - planting back doors in his software and using a "high degree of sophistication" to evade detection. Do you trust computer systems designed by this man? Is trust important in electronic voting systems?

So here we are - Means, Motive, Opportunity - the whole package. And since the systems are so poorly designed, no audit trail to show any wrongdoing. Add some cries of "conspiracy theories" and "sore losers", and you've got yourself a mandate. Four more years, indeed. Surprise, surprise.

BUT - what happens in 2006 or 2008, now that tens of thousands of activists know about the holes and how easy it is to steal votes? Well, it'll be interesting, that's for sure. These systems appear to be DESIGNED to be easy to Hack, so one can only imagine what will happen. But I for one will embrace President Homer Simpson and will fully support his new 2008 doughnut agenda as a welcome change. I hope that we can all stand together and welcome him as we Republicans continue to bring "dignity back to the White House."

Look - believe it, don't believe it, call it tinfoil, whatever. Just read what this guy has to say. And if you're as surprised as I was that a lifelong Republican would be willing to do this, well, we've both become way too cynical. Maybe integrity and pragmatism do still occasionally trump ideology and partisanship.

You owe it to yourself to check his site out. I mean, really check it out.