Samizdat
Friday, September 23, 2005
  Diebold: When Charm and Wit Aren't Enough



The United States Computer Emergency Readiness Team or US-CERT is a partnership between the Department of Homeland Security and the public and private sectors. The agency was established in 2003 with the avowed mission of protecting the nation's Internet infrastructure.

Additionally, US-CERT supposedly coordinates defense against and responses to cyber attacks across the nation.
US-CERT is responsible for analyzing and reducing cyber threats and vulnerabilities, disseminating cyber threat warning information, and coordinating incident response activities.

US-CERT interacts with federal agencies, industry, the research community, state and local governments, and others to disseminate reasoned and actionable cyber security information to the public.

In early September of 2004 (two months before the November elections) they posted Cyber Security Bulletin SB04-252 entitled Summary of Security Items from September 1 through September 7, 2004. It can be accessed at:

http://www.us-cert.gov/cas/bulletins/SB04-252.html#diebold

The alert concerns the GEMS Central Tabulator, the machine that actually counts and tabulates the votes that are cast on electronic voting machines made by Diebold - the company who's chairman and chief executive officer, Walden W. O'Dell, personally guaranteed to deliver Ohio's electorial votes to Bush. O'Dell made that promise in an August 14, 2004 letter to Ohio GOP leaders inviting them to a $1000 a plate fund raising dinner at his mansion.

The alert says "A vulnerability [in the GEMS Central Tabulator] exists due to an undocumented backdoor account, which could allow local or remote authenticated malicious user to modify votes."

It ranks the problem as "Medium" risk. Medium risk to US-CERT means "one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file."

Despite that this was a known problem and that the companies political leanings were well documented, the state of Ohio guided by Secretary of State Blackwell (who just happened to also be the head of the committee to reelect George Bush,) Diebold was awarded a contract for voting and tabulation machines in Ohio. A search of US-CERT's database shows that a workaround or a patch was never made available.

What does all this mean? A "backdoor" simply means the programers either deliberately or inadvertantly left a way to go around any security in place to guard the system. Or, as an anonymous source at Diebold said, "This backdoor means that one malicious person can change the outcome of any Diebold election," The source went on to say, "Diebold's election system is one of the greatest threats our democracy has ever known."
 
Comments:
Blimey.
 
Post a Comment

<< Home
Samizdat: an underground system for the circulation of forbidden works of literature and political criticism in the Soviet era of Russia.

Name:
Location: Arkansas, United States

Angry, angry, angry ... but still, any day above ground is a good day.