Blackbox voting

Election boxes easy to mess with (sunspot.net - maryland news)

Md. computer testers cast a vote: Election boxes easy to mess with
In Annapolis, tales of trickery, vote rigging
--------------------------------------------------------------------------------
By Stephanie Desmon
Sun Staff
Originally published January 30, 2004

. . .

Diebold "basically had no interest in putting actual security in this system," said Paul Franceus, one of the consultants. "It's not like they did it wrong. It's like they didn't bother."

Mark McLarnon had something up his sleeve as he approached one of the voting machines. A close look revealed the cord of a portable keyboard. He had learned that he could quickly pick a lock on the side of the machine, plug in his keyboard and wreak havoc on the results stored inside - all while likely going undetected by poll judges.

Using a low-tech solution, such as tape that reveals tampering, could keep people like McLarnon at bay, at least as a temporary fix, the consultants said.

. . .

Sneaking in, via modem

Meanwhile, William A. Arbaugh, an assistant computer science professor at the University of Maryland, College Park and part of the team, easily sneaked his way into the state's computers by way of his modem. Once in, he had access to change votes from actual precincts - because he knew how to exploit holes in the Microsoft software.

Those holes should have been patched through regular updates sent to customers, patches that haven't been installed on the elections equipment since November.

"There's no security that's going to be 100 percent effective. But the level of effort [needed to get into the system] was pretty low," Arbaugh said. "A high school kid could do this. Right now, the bar is maybe 8th grade. You want to raise the bar to a well-funded adversary."

"Every system is vulnerable somehow," said Karl Aro, director of the state's Department of Legislative Services, who commissioned the study for the legislature. "The system's not bad but it needs some work."

No system is completely secure. In fact, the more elections the state holds, the more opportunities there will be for hackers to see how it works and launch new attacks, experts said.