The media Edison Mitofsky National Election Pool data was manipulated during the election to bring it into conformity with the vote tallies. Efforts may be under way to eliminate or even outlaw the exit poll.
Could one hacker alter an entire election?
Last Revised November 21, 2004
Image (c)2004 Rand Careaga/salamander.eps
The failure of the media to take seriously any potential major and global problem with the 2004 election is due in part to a failure of imagination. Most media people assume that to steal the entire election would require a huge conspiracy involving thousands of people operating in thousands of locations. The problem with a huge conspiracy is that something is going to get royally messed up in the process giving away the game. It’s just too complicated to pull off. Nixon couldn’t pull off a simple break in without getting caught and giving us the nightmare of Watergate.
Thus the media reports the occasional “glitch” as if it were an isolated incident and not a part of a bigger picture. Yet, serious observers are very concerned that just such a theft may have occurred. http://www.ecotalk.org/Recounts.htm
The purpose here is to suggest a simple hypothetical method by which a single person (the agent) acting alone could have stolen the election. We are not arguing that this in fact happened but are merely describing a potential method that could have been used. The first requirement for this single agent hypothesis is the existence of a computer communications network interconnection most if not all of the nation’s machines doing the actual counting. Two companies Diebold and ES&S produce the systems that counted 80% of all votes from both computerized ballot scanners and touchscreen machines. Perhaps a network interconnecting these tally machines would be sufficient to throw an election. http://www.ecotalk.org/UrosevichBrothers.htm There has been conjecture that the National Election Pool (NEP) used to disseminate vote counts to the news media uses just such a network. http://www.ecotalk.org/VNS.htm
A reporter observed an NEP employee attach a laptop computer to the ES&S vote tally machine in Chicago. Don't even try to contemplate the many nefarious things this laptop can do. http://www.ecotalk.org/APvotes.htm
A simple way to dismiss this agent conjecture is for the NEP to explain how they collect the vote counts without using such a network and to prove that such a nationwide network does not exist during voting. We will assume for purposes of this conjecture that the network exists and, for example, is a private IP network (using Internet protocols but not an actual part of the Internet).
The agent needs access to this voting network. Bev Harris on her web site http://www.blackboxvoting.org , in her book Black Box Voting and in her video http://www.votergate.tv/ describes how many tally computers are equipped with modems, and that these modems are often functional during voting, and that modem numbers are sometimes disclosed to outsiders inadvertently. Diebold systems are also deployed with wireless networks, probably Wi-Fi. The agent need only be with a few hundred yards of the Wi-Fi hub to secretly obtain a high bandwidth link to the network. The agent can be in their car outside a voting center with a laptop computer and have free access to the whole network. The Johns Hopkins study (see below) mentions that Diebold's AccuVote-TS DRE can be connected to the Internet (page 12). Please tell us this has never been done!
All our agent needs is access to a single functional modem or Wi-Fi hub during voting to access the entire voting network of vote tally machines. The agent dials into the machine or attaches to the Wi-Fi network or Internet and hacks his way onto the tally machine. The agent finds the networks to which this PC is connected, the network type and the network address. The use can use simple techniques such as ping to quickly uncover the IP address of every tally machine on the network and thus the typology of the network. The agent would hack the password to gain access to each machine. Need help? How about http://www.openwall.com/john/
The agent can then determine the type of software in use and the type of database involved in the voting for each tally machine. The agent would then hack each machine voter database. Bev Harris again describes how easy it has been to hack the passwords from the Diebold voting systems. Software is available to recover passwords from a windows system. We know that Microsoft Access is used by Diebold so the agent might simple buy the program to "recover" the passwords. http://www.openwall.com/passwords/office.shtml
Bev Harris also describes how easy it is to change the election count databases and how the log files can be modified to cover up the changes. In other words it seems plausible to change an election result, at least in the Diebold systems without leaving a trace. The agent now has all the information they need to modify the election results, not on a single tally machine, but on the entire network of tally machines. A detailed demonstration of hacking the tally machine without leaving a trace is now available http://www.chuckherrin.com/hackthevote.htm
You still don't believe the voting system is this vulnerable? Try reading the current definitive Johns Hopkins study of the Diebold system at http://avirubin.com/vote.pdf
Weren't these systems certified? Bev Harris received one certification report that is 75% redacted (blacked out) including all references to the version number. She recently received another certification that is not redacted. It reads like pure boilerplate and she has found no one connected with the certification who actually looked at any source code. How do you certify something you haven't studied? Certifications are useless anyway since Diebold simply fixes bugs and patches the software without any regard for version control. California just settled its lawsuit against Diebold Nov 10 for $2.6million. The settlement seals the information gathered for trial and stops further legal research but maybe some experts and lawyers involved can use what they have learned to fight elsewhere. https://verifiedvoting.org/article.php?id=5236
Want more horrors? Try this collection of information for voting officials trying to meet the new HAVA standards. This is a 63 page document. http://www.votersunite.org/takeaction/mythbreakers.pdf
A teenage hacker agent might be tempted to just go wild with this power and put in crazy numbers like negative vote totals (possible) or far more votes than voters. The more cunning agent who wants to throw the election surreptitiously will modify the votes more subtly in order to avoid tipping his game. It is important not to raise undo suspicion and not to trigger a recount. In order not to trigger a recount or attract a challenge, the changed vote totals must result in an overwhelming victory. The agent can not chance a close election. And while the agent is at it, why not go for a big popular vote margin countrywide. This is best done by narrowing the margins in overwhelmingly blue states and increasing the margins in overwhelmingly red states. For example the difference in NY between actual results and exit poll data is close to 600,000 votes. A few modifications like that and you quickly win a big margin of the popular vote as well as secure the Electoral College.
With the sole exception of Nevada, the nation’s e-vote machines have no voter verifiable paper so recounts are thought to be meaningless. If the agent has modified results in the tally database, an e-vote recount may not be meaningless. But the cunning agent can modify votes in tally machines counting optical scan ballots safely so long as a recount is never done. Thus those five counties in Florida where all the registered Democrats like to vote Republican using optical scan ballots needn’t worry about discovery during a recount because there will never be a recount for those counties. The agent would thus map out ahead of time the changes they want to make to the vote counts in each machine.
The window of time to modify votes during the actual count is relatively narrow. The agent would prepare an automated script containing all instructions to log into each system, make the required changes, log out, modify the logs and erase event log to cover all tracks and move on. This script would perform the changes to thousands of machines within the time window required.
Who might such an agent be? Any hacker is a potential candidate but would require a lot of study, care, and diligence. An agent working for a county or state dealing with the tally machines directly is a better candidate since he/she already knows a lot about the systems and has automatic access to the network and some passwords. The best candidate is a technical employee of the vote system manufacturer who has the most information, the best access, knows the most passwords, and is most knowledgeable.
Could our agent steal the election using modified software installed in each tally machine? Yes, but this possibility poses a higher risk of exposure is too complicated for anyone not intimate with the software currently running in each machine. In other words, use of illegal software narrows the field of suspects to those few people familiar enough with all the software to be able to create such illegal modifications. The modified software would have to be very sophisticated to make sure the modified vote counts don’t trigger a recount or otherwise attract undue scrutiny for each individual tally machine. Then the software must not only be distributed; it must be retrieved without discovery. The best candidate software would be a Dynamic Linked Library (DLL) which Diebold personnel insist incorrectly is part of the windows operating system and not a part of the tabulating software. There are no controls whatever on the DLLs running of the tally machines. DLL hell is a notorious Microsoft problem and source of error in windows applications. DLLs should always be hard linked to the application for critical and certified application such as counting the nations votes. The lack of software control in the voting tally machines is notorious but pulling off such a massive fraud without eventually leaving behind illegal software in a machine somewhere would be tough. This is not impossible but tough. Database hacking is simpler and safer for the amateur hacker.
None of the above is to suggest that any of this actually happened or to accuse any organization (NEP, Diebold or ES&S) of any wrongdoing. It is purely an exercise to examine a possibility. Is it possible even feasible that something like this might have happened?
Send your comments to Dennis Hall