Md. computer testers cast a vote: Election boxes easy to mess with

In Annapolis, tales of trickery, vote rigging

By Stephanie Desmon, Baltimore Sun
January 30, 2004

For a week, the computer whizzes laid abuse - both high- and low-tech - on the six new briefcase-sized electronic voting machines sent over by the state.

One guy picked the locks protecting the internal printers and memory cards. Another figured out how to vote more than once - and get away with it. Still another launched a dial-up attack, using his modem to slither through an electronic hole in the State Board of Elections software. Once inside, he could easily change vote totals that come in on Election Day.

"My guess is we've only scratched the surface," said Michael A. Wertheimer, who spent 21 years as a cryptologic mathematician at the National Security Agency.

He is now a director at RABA Technologies in Columbia, the firm that the state hired for about $75,000 to look at Maryland's new touch-screen voting machines scheduled to be unveiled in nearly every precinct in Maryland for the March 2 primary.

The state has no choice but to use its $55 million worth of AccuVote-TS machines made by Diebold Election Systems for the primary. The old optical scanners are gone.

Yesterday, Wertheimer calmly presented his eight-member team's findings to committees in the House and Senate, explaining the weaknesses they discovered and a plan for how to plug many of the cracks, at least in the short run.

Giddy geek speak

Yet on a recent morning at his offices, Wertheimer's computer programmers were practically giddy as they invented new ways to muck up an election. Some were simple - like the lock-picking or just yanking the cords out of a machine's monitor, disabling it for the rest of the day.

Other fiddling inspired round after round of excited geek speak, true gibberish to the untrained ear, to explain a host of attacks that could be launched up close or by modem.

One thing was clear: There are many ways to fool with Diebold's machines, some of which could lead to an Election Day disaster. At the same time, some scenarios were far-fetched and too difficult to pull off undetected, team members acknowledged.

But the fact that they could happen makes it impossible to have full confidence in the system, they said.

In the short term, they said, enough fixes can be done to ensure a secure election in March. But much more will need to be done to see that future elections on the machines can also be relied upon.

Diebold officials say many of the problems that were found have been fixed.

"They threw out theoretical things that could happen," spokesman David Bear said of the testing team. "But the polling places are much different."

The team was asked to answer two major questions, Wertheimer said: Do the machines count votes accurately? And do they need paper receipts?

If left alone, Wertheimer said, the machines will count quite accurately - more so than any past voting method.

But he has made a good living off the fact that there are plenty of people out there looking to wreak havoc when they can.

Web sites abound with all kinds of speculation about how easily the voting machines can be hacked into and outcomes manipulated.

Prominent computer scientists have studied the Diebold code - some of which was found unprotected on the Internet - and found hole after hole in its security.

Theories have run rampant as to how to best clean up what critics call a mess.

Paper receipts

Wertheimer said he thinks there will be a need for some type of paper receipt, what some call a voter-verified paper trail - basically a printout of each vote as it is cast for the voter to check before leaving the polling place. Without a paper ballot, many say, a proper recount is impossible.

Wertheimer said it would take nearly a complete rewrite of the computer code to fix the machines' flaws.

"For a guy who just wants the vote to be accurate, I'd rather dumb down the software and add receipts," he said.

Diebold "basically had no interest in putting actual security in this system," said Paul Franceus, one of the consultants. "It's not like they did it wrong. It's like they didn't bother."

Mark McLarnon had something up his sleeve as he approached one of the voting machines. A close look revealed the cord of a portable keyboard. He had learned that he could quickly pick a lock on the side of the machine, plug in his keyboard and wreak havoc on the results stored inside - all while likely going undetected by poll judges.

Using a low-tech solution, such as tape that reveals tampering, could keep people like McLarnon at bay, at least as a temporary fix, the consultants said.

Low-tech hacking is also a possibility, though.

Someone bent on causing trouble could call a polling place and tell workers that the state's modem is down and results should be called in on a new phone number. Then the troublemaker could simply change the results before sending them onto the state.

While results can now be encrypted - after criticism that they weren't being - something called authentication is missing. Authentication tells the main computer that the person sending in results is the one who is actually permitted to do so.

Sneaking in, via modem

Meanwhile, William A. Arbaugh, an assistant computer science professor at the University of Maryland, College Park and part of the team, easily sneaked his way into the state's computers by way of his modem. Once in, he had access to change votes from actual precincts - because he knew how to exploit holes in the Microsoft software.

Those holes should have been patched through regular updates sent to customers, patches that haven't been installed on the elections equipment since November.

"There's no security that's going to be 100 percent effective. But the level of effort [needed to get into the system] was pretty low," Arbaugh said. "A high school kid could do this. Right now, the bar is maybe 8th grade. You want to raise the bar to a well-funded adversary."

"Every system is vulnerable somehow," said Karl Aro, director of the state's Department of Legislative Services, who commissioned the study for the legislature. "The system's not bad but it needs some work."

No system is completely secure. In fact, the more elections the state holds, the more opportunities there will be for hackers to see how it works and launch new attacks, experts said.

"If you had the time and the money, the sky's the limit on what you could do to make a secure system," McLarnon said.

"You just need to raise the level of effort needed to exploit it so it's not feasible to do," said fellow consultant John Ormonde.

Copyright © 2004, The Baltimore Sun