Black Box Voting - Copyright ©2003
Contents
1. else NEWTYPE_ CARD CVoterInfo writeVoterInfo writeVoterInfo m CardType VOTER CARD writeVoteriInfo m Version VCI VERSIONI writeVoterInfo m ElectionKey pVCardInfo gt m_ElectionId writeVoterInfo m VCenter C Center pVCardInfo gt m_VCenterId writeVoteriInfo m DLVersion pVCardInfo gt m_DLVersion writeVoterInfo m Reportunit CDistrict pVCardInfo gt m_PrecinctId writeVoterInfo m Baseunit CBaseunit pVCardInfo gt m_ PortionId writeVoterInfo m CounterGroup CCounterGroup pVCardInfo gt m_GroupId writeVoteriInfo m VGroupl C Group pVCardInfo gt m_VGroup1Id writeVoterInfo m VGroup2 CVGroup pVCardInfo gt m VGroup2 Id strepy writeVoterInfo m PIN 1111 strcpy writeVoterInfo m Description writeVoteriInfo m Flagsl UCHAR pVCardInfo gt m Flags 0x07 writeVoterInfo m Flagsz USHORT pVCardInfo gt m Flags gt gt 4 writeVoterInfo m VoterSN pVCardiInfo gt m_VoterId if m_CardReader Write writeVoterInfo SMC_OK st VC_FAILEDWRITE else st VC_OKAY if m_CardReader IsOpen At the county election supervisor s office the results from all the polling places are tabulated using a program called GEMS and the pass word was in the user manual The election supervisor can change GEMSUSER but later I 11 show you how even a ten year old could change it right back 143 Perhaps we should run some elections A cracker who wants to pre2. secret voting systems created by corporations The Diebold FTP site contained computer files for systems marketed by Diebold Election Systems and before that Global Election Systems These vot ing systems were used in real elections There is no reason to believe that other manufacturers such as ES amp S and Sequoia are any better than Diebold in fact one of the founders of the original ES amp S system Bob Urosevich also oversaw development of the original software now used by Diebold Elec tion Systems Because voting systems except AccuPoll which is open source are kept secret I am focusing on Diebold in the next several chapters only because we can t find out any thing about the other vendors sys tems We do know that according to internal memos from Diebold employ ees ES amp S was said to have a patent lawsuit pending against Diebold predecessor Global Election Systems at one time That is not sur prising because ES amp S founder Bob Urosevich brought technology over to Global Election Systems If a patent lawsuit was filed that would indicate that some part of the system was alleged to be identical Also Chapter 2 shows that Diebold Sequoia and ES amp S have all miscounted elections many times A word about open source Very reputable programs such as the Linux operating system have been developed through open source letting the whole world examine the sys tem and s
3. Did you issue a written report to the Secretary of State indicating that it was not necessary to look at the patch Dr Williams It was informal not a report we were in the heat of trying to get an election off the ground A lot was done by e mails Harris What month did you install that program patch Dr Williams When we took delivery we were seeing that the patch was on there Harris I have a memo from the Secretary of State s office that is dated in August Sept 16 actually and it says that due to a problem with the screens freezing a patch was going to be put on all the machines in Georgia It references a Rebecca Mercuri report Dr Williams discusses Dr Mercuri Harris Apparently someone had already taken delivery on these machines and they had already been shipped out around the state before the patch was applied is that right Dr Williams The patches were done while we were doing acceptance testing One of the things we looked for during acceptance testing was to make sure the patch was put in Harris But as I understand it a team of people went around the state putting these patches on Dr Williams By the time they put the patches in the majority of the machines had been delivered Actually it was going on at the same time When they started putting the patches in around the state we tested the machines where they did that
4. cpp stands for C and these files are source code Source code contains the commands given to the computer that tell it how to execute the program Many people are surprised to learn that source code files consist of English like programming commands that people can read After software engineers write the program in this case in C language it is then com cvs bar piled to make it machine readable C Accuvote The cvs tar file that Diebold left on its E votercard Web site was a source code tree for the program used to cast votes on touch screens The tree contains more than program commands it includes the history of Diebold s software development process going back all the way back to Bob Urosevich s original company I Mark Systems through Global Election Systems and including 2002 programming under Diebold Election Systems i Yotercard cpp 145 1 3 leg Bidded new ceadeer type DIALOG ADR to malate readers on machioes char done have thes like plore a tert ago 3 aj 4 i hata DOO oa yor 05 58 if Shevision 1 2 ff Fhuchor tomy F cisis 1 alis 1 oO J sha KET_ALL_ACCESS Making your own touch screen machine chreghey ERROR_S0OC ES With a credit card and access to the Internet armed with the documents on the Diebold FTP site like the AccuVote TSx Technical Data Package the parts list manufacturing specifications drawings and system configura
5. Maryland and Virginia by Bev Harris Full unabridged interview can be found in the library at www blackboxvoting org 12 The Register February 2003 republished Aug 2 2003 Computer ballot outfit perverts Senate race theorist says by Thomas C Greene http www theregister co uk content 55 29247 html and read also http www theregister co uk content 35 29262 html 13 AccuPoll voting system http www accupoll com Products Top10 index html Non proprietary hardware and open source software significantly reduce both initial acquisition and ongoing maintenance costs 13a Diebold internal Email 4 April 1999 From Ian Piper to Talbot Iredale 14 The Baltimore City Paper 19 February 2003 Ballot Check Computerized Voting Comes Under Fire in Georgia and California by Van Smith and Salon com 20 February 2003 Hacking Democracy http www salon com tech feature 2003 02 20 voting_machines 152 15 The Baltimore Sun 25 July 2003 New Study Says Maryland s Voting Machines Are Vulnerable to Hackers 16 The Guide to Identity Theft Prevention by Johnny May CPP Statistics on identity theft are available from the Federal Trade Commission Identity Theft Data Clearinghouse Figures and Trends on Identity Theft in Texas http www consumer gov idtheft statemap texas pdf 2001 and http www consumer gov sentinel pubs Top 10Fraud_2002 pdf 2002 17 Cleveland Plain Dealer May 200
6. files What follows is the first detailed look ever into a secret voting sys tem ame PAEA KE ETT a 2a 4 Deck Foresd Read Move Samh hasmi Fm po ip GES wii PA a FROADLEUn d insta idessago E woan FR Conia M Current directory is Up co higher level directory ERLEEN nga Tacdeing olay Es Tecominas Elei Puby 122 Noun or verb rob georgia zip What do you do when you find 40 000 secret files on an unprotected file transfer site on the Internet Probably just look and go away But what if you have pledged allegiance to the United States and to the republic for which it stands What if you knew that the devil went down to Georgia on Nov 5 2002 and handed that state an election with six upsets tossing triple amputee war veteran Max Cleland out of the U S senate in favor of a candidate who ran ads calling Cleland unpatriotic Suppose you knew that in Georgia the first Republican governor in 134 years had been elected despite being behind in every poll and that African American candidates fared poorly even in their own districts Knowing this suppose you saw a file called rob georgia looked inside and found instructions to replace the Georgia voting program files with something unknown I don t know about you but I m a 52 year old grandma and I never ex pected to have to make a choice like this I wanted someone else to take care of it We need investigators like Woodward
7. put the patches in at the factory Harris When I spoke with Michael Barnes he said that you tested all the machines or a random sampling of the machines after the patch was put on 131 Dr Williams We had five or six teams of people with a test script that they ran on each machine Harris The test script did what Dr Williams The test script was generic It was in two parts One part tested the functionality of the machine It was a hardware diagnostic it primarily tested that the printer worked that the serial port worked that the card reader worked tested the date and time in the machine and to an extent checked calibration of the machine Then if it passed all of those it tested th lection We loaded a small sample election in the same as the one used during certification testing and we ran a pattern of votes on there Harris You mean a Logic and Accuracy test Dr Williams Yes A little miniature election If the machine passed we wrote it up and sent the report back to the office If it failed if it froze up or there were other failures and there were some of those like the card reader was broken or the case was broken then we didn t pass it Harris Can you tell me about the digital signature A digital signature is used to show that no changes in the software were done Dr Williams That s part of the test that involves l
8. the state of Georgia Diebold submit ted the following in its Schedule for Deployment Prior to our GEMS hardware installation at each Georgia county the hardware will be staged in McKinney Texas for software integration and testing 5 Testing when delivered to each of Georgia s 159 counties As part of the installation process Diebold promised that all software and drivers small programs which drive specific pieces of hardware such as printers touch screens modems would be loaded prior to being shipped to Georgia and according to the Georgia Secretary of State Media Backgrounder Before leaving the factory each touch screen terminal receives a diag nostic test If they staged the hardware and did software integration and testing and loaded everything and then tested each voting machine before shipping it to Georgia why did every one of the machines need modifications in order not to crash after they reached Georgia The machines were shipped to Georgia in June 2002 And once they arrived we are told there was more testing Upon arrival at Diebold s central warehouse in Atlanta each unit was put through a diagnostic sequence to test a variety of functions including the card reader serial port printer the internal clock and the calibration of the touch screen itself These tests were audited by experts from Kennesaw State University s Center for Election Systems This s
9. tion right down to every one of the components on the motherboard perhaps you might just want to build your own machine In fact by building a machine from scratch according to the specifica tions submitted to Wyle Labs for the new not yet certified AccuVote TSx system you could study inside attacks on the new voting machines before election officials have even taken delivery on them X CK Ok CK k Te Appendix 4 Bill of Materials pdf Te Appendix B Manufacturing Specifications pdf Te Appendix C Assembly Procedures pdf Te Appendix D Quality Control Manual pdf Te Appendix E Testing Procedures pdf Te Appendix F Surface Specification Standard pdf Motherboard Module Final Assembly Module O 4ppendix H Component Specifications Appendix I Configuration Management ee ede 421 dre 50 Sal ede 421 prt E ede 422prt 52 m Foot_ary pet 53 E exe 424 prt S4 i ede 425 08n 55 S ede 425 drew 56 146 j el body_ary prt oF ef ede S08 pet 75 ef edd S00 prt 76 leaf ede Si0 pet 77 Si ecde Sl d ckew 768 Ei ede SL 1 pet 79 edd 304a5m 6 bal ede S0 2s 0 Sj edle S12 dew a1 The Votercard cpp v file is found in a directory called Votercard in a cvs tar directory called Accu Vote Now if I m a cracker and I get the Votercard cpp v file off the Diebold Web site and I m running a computer that really isn t a voting machine but want to figure out how it works here it is a neat little prog
10. and the County is required to maintain its confidentiality Any copying or disclosing of such information would violate the li cense agreements When I called ES amp S to ask the names of its owners the company simply declined to take my call When former Boca Raton Florida mayor Emil Danciu requested that Dr Rebecca Mercuri perhaps the best known expert on electronic voting in America be allowed to examine the inner workings of Palm Beach County s Sequoia machines the judge denied the request ruling that neither Mercuri nor anyone else would be allowed to see the code to render an opinion When best selling author William Rivers Pitt interviewed Dr David Dill a professor of computer science at Stanford University about his experience with voting machines Pitt got an earful about secrecy Dr Dill says that when he started asking questions he got answers that made no sense It is frustrating because claims are made about these sys tems how they are designed how they work that frankly I don t believe says Dill In some cases I don t believe it because the claims they are mak ing are impossible I am limited in my ability to refute these impossible claims because all the data is hidden behind a veil of secrecy When members of the California Task Force on Electronic Voting tried to find out how the machines were tested Wyle and Ciber the primary Inde pendent Testing Authorities ITAs d
11. code line by line we have a problem wouldn t you agree Dr Williams Yes But wait a minute I feel you are going to write a conspiracy article Harris What I m looking at is the security of the system itself specifically what procedures are in place to make sure an insider cannot insert malicious code into the system 133 Dr Williams There are external procedures involved that prevent that Harris This is exactly what I want to know If you know what procedures would prevent that could you explain them to me Dr Williams We have the source code How can they prevent us from reviewing it I have copies of source code that I ve certified Harris But you said you do not examine the source code Dr Williams Yes but the ITA did it The ITA when they finish certifying the system I get it from the ITA someone would have to tamper with the source code befor it goes to the ITA and the ITA would have to not catch Ies Of course they just told us that the ITA never examined the program modifications made to 22 000 machines in Georgia Let s consider a few points here 1 Tiny programs can be added to any program modification The file Setup exe launches many of these some of which are dll files which stands for dynamic link libary These are small files that hide inside executable programs and can launch various functions whatever t
12. in lt sarcasm gt the Internet age Any woman who has an abu sive ex boyfriend will tell you that she doesn t want her apartment number published on an open web site Child custody cases can get nasty Thieves who find a database like the one left in the open by Diebold may try to sell the information Rooboy In this file were birthdays First middle and last names Street addresses Apartment numbers School districts Political affiliations Voting habits Yes I assume they will say it was some kind of voter registration file but it doesn t look quite precisely like one Each kind of information name zip code etc is called a field This file had 167 fields which included data from about three dozen elections logged in over a period of several years by many different people Ninety five thousand people from Plano are in this file and a couple hundred thousand more from Richardson McKinney Wylie Dallas and surrounding areas Because of this file I know that Bob Long of Plano is a Republican and likes to do early voting and that he and his wife are the same age But does Bob know that Diebold hung his undies out the window for all to see Yes I know Someone will explain to me that you can buy voter regis tration files for a nominal fee But that doesn t mean you can buy those lists and stick them on the Internet And does Bob Urosevich the President of Diebold Election Systems know that his wife and daug
13. 2 interview with Wally O Dell Sent out as a company press release in Sept 2003 18 Interview with Guy Lancaster 4 Feb 2003 According to Lancaster s web site he was in charge of the site for Global Election Systems Lancaster has a small computer consulting firm and was under contract to Global Election Systems When Diebold bought Global in Jan 2002 they transferred responsibilities for the site to a full time Diebold employee but kept Lancaster on under a new contract 19 Washington Post 28 March 2003 New Voting Systems Assailed Computer Experts Cite Fraud Potential 20 Interview with Joe Richardson Diebold spokesman by Bev Harris Feb 2003 153
14. Chapter 7 Black Box Voting Ballot Tampering in the 21st Century by Bev Harris with David Allen Edited by Lex Alexander Cover Art by Brad Guigar SOME e RESEBEED This work is licensed under a Creative Commons License with the fol lowing additional provisos 1 You must place the text Jf you would like to support the author and publisher of this work please go to www blackboxvoting com support htm on the same page as the download or on the first or last page on which the PNG images appear 2 The notice This book is available for purchase in paperback from Plan Nine Publishing www plan9 org Must appear on the download page or on the first or last page of the PNG images If you have any questions about this license or posting our work to your own web site call Plan Nine Publishing at 336 454 7766 7 The first public look ever into a secret voting system Author and historian Thom Hartmann writes You d think in an open democracy that the government answerable to all its citizens rather than a handful of corpo rate officers and stockholders would program repair and control the voting machines You d think the computers that handle our cherished ballots would be open and their soft ware and programming available for public scrutiny You d be wrong If America still is a democratic republic then We The People still own our government And the way our ownership and management of ou
15. MS 1 11 12 zip 85 GEmS 1 11 13 4 zip 82 GEMS 1 16 1 2 zip 82 GEMS 1 16 1 3 zip 82 GEMS 1 16 1 4 2ip 82 GEMS 1 16 1 5 zip 82 GEMS 1 16 1 6 zip 5 GEMS 1 16 1 zip GEMS 1 16 2 zip GEMS 1 16 3 zip GEMS 1 16 4 zip 85 GEMS 1 14 1 6 2ip 85 GEMS 1 14 1 7 2ip E GEMS 1 14 1 ZIP 82 GEMS 1 14 2 zip E GEMS 1 17 7 2 zip 82 GEMS 1 17 7 3 2ip 82 GEMS 1 17 7 4 2ip 85 GEMS 1 17 7 5 zip E GEMS 1 17 7 6 zip 85 GEMS 1 17 7 zip GEMS 1 17 8 zip GEMS 1 17 9 zip 82 GEMS 1 17 11 zip 144 E Gems 1 15 7 2ip 825 GEMS 1 15 8 zip 85 GEMS 1 15 9 zip 82 GEMS 1 15 10 zip Gems 1 17 PR zip 82 GEMS 1 18 1 Z1P 82 GEms 1 18 2 Z1P E GEMS 1 18 3 Z1P 82 GEMS 1 18 4 Z1P GEMS 1 18 5 ZIP 82 GEMS 1 18 6 Z1P 82 GEMS 1 18 7 ZIP 82 GEMS 1 18 8 ZIP program version 1 19 was put on the FTP site on January 26 2003 just three days before it was taken down ww ow Mw eee v3 10 19 1 5 v3 10 18 1 5 bi 1 3 votercard hack 1 5 0 4 v3 10 17 1 5 v3 10 16 1 5 we INTs 1 G Faking your own touch screen machine Suppose you wanted to simulate an actual touch screen voting machine You need to activate those with a smart card and the average desktop com puter isn t set up for that Put the word votercard into a text search on the Diebold files and this pops up in a file called votercard cpp v Well what the heck is this file What kind of file is a cpp The suffix
16. allying of all the precincts found in the GEMS folders e VCProgrammer exe programs to sign in and validate voter cards Just about every version of the Diebold programs ever certified and hundreds that were never certified were available You d want to know how to use the programs so besides having all the installation and user manuals all the readme files were available too It might be helpful also to know what kind of testing the voting system goes through especially the details on the highly touted Logic and Accu racy testing done right before and after the election After all you d want to make sure that whatever you do doesn t get caught Not only testing proce dures but testing samples and instructions on how to do the testing were also provided on the Diebold FTP site You d want to see some typical ballot configurations or better yet get the data files created for actual elections That way you d know the posi fRlaccuvote Ts Users Guide 4 1 pdf Pl accuvote Tsx 2 02 System Overview pdf Blav tsx Power Supply Printer Plic3_getting_started pdf Pelic3_lanquage_reference pdf ic3_programmers_quide pdf PJic31_release_notes pdf icmoa0 0130 5 pdf TJImgCapRep pdf 2 IndustrialGradeATA_1 0 pdF T L NDiagram pdf TEILQ150 1DG11 pdF Telwireless ethernet PCMCIA Te Touch Screen E77225 000 pdf B YRemoteTables txt Pelaccuvote T5x 2 03 System Functionality Description pdf Pelaccuvot
17. and Bernstein I thought so I called the Washington Post Of course Carl Bernstein isn t there any more but I left a spicy message on Bob Woodward s voicemail Never heard from anyone I learned that Washington Post reporter Dan Keating was doing a story on voting machines so I called him So will you call Diebold and find out what rob georgia is I asked No Why not Because I don t think rob georgia could possibly mean rob Georgia he said 123 I left a somewhat more agitated message on Bob Woodward s voicemail and submitted my experience to a Web site called Media Whores Online These files might contain evidence These files might go away I called people in various places around the world and urged them to go look at rob georgia I thought long and hard And then I downloaded the files all 40 000 of them It took 44 hours nonstop I gave them to someone I trust who put them in a safe deposit box and there they sit to this day Why in the world would an ATM manufacturer like Diebold leave sensi tive files hanging out there on an unprotected Internet site I made a few phone calls which confirmed that Diebold knew the site was unprotected and found out that the site had been there for years See appendix for inter views with Guy Lancaster Josh Gardner and Kerry Martin I kept asking if anyone knew who Rob was Everyone told me there was no employee named Rob in Georgia Perhaps
18. deral labs even when it ran on different versions of the operating system Dr Williams Yes they don t go into the operating system Harris There was an unprotected FTP site which contained software and hardware specifications some source code and lots of files One file on that site was called rob georgia and this file contained files with instructions to replace GEMS files with these and replace Windows files with these and run program Does this concern you Dr Williams I m not familiar with that FTP site Harris Is there a utility which reports the signature Who checks this and how close to Election Day Dr Williams We do that when we do acceptance testing That would be before election testing Harris What way would there be to make sure nothing had changed between the time that you took delivery and the election Dr Williams Well there wouldn t there s no way that you can be absolutely sure that nothing has changed Harris Wouldn t it help to check that digital signature or checksum or whatever right before the election Dr Williams Well that is outside of the scope of what some of the people there can do I can t think of any way anyone could come in and replace those files before th election Harris Since no one at the state level looks at the source code if the federal lab doesn t examine the source
19. dered for acquisition in Georgia states the Media Backgrounder put out by the Georgia Secretary of State Press Office soft ware is examined for reliability and hardware is subjected to a variety of torture tests The state testing examines both hardware and software for accuracy and reliability and mock elections are conducted on the equipment witnessed by county election officials The document names Wyle Laborato ries and Ciber Inc citing their extensive experience in NASA related test ing So how did these NASA testing labs miss something so obvious that all 22 000 voting machines had to have a program modification to keep them from crashing It is Diebold Election Systems Inc policy that the only acceptable level of conformance is Zero Defects Diebold wrote to certifier Wyle Laborato ries in its latest touch screen certification documents Okay we all know that zero defects is one of those terms that sounds good and doesn t happen But we ought to at least hold Diebold to this The manufacturing test location 125 test date and inspector initials will be recorded on a label on every vot 1 Hardware testing Wyle Labs ing machine 2 Software testing Ciber Inc Whose initials from the factory 3 Every machine tested at are on the Georgia machines Diebold factories Anyone s oe 4 Rigorous testing on arrival at In its RFP soliciting purchase by the Georgia warehouse
20. ding Agency Alameda County Registrar of Voters filed Aug 8 2003 http www equalccw com alamedafollowup pdf 4 The Palm Beach Post 17 Sept 2002 Reno consults electronic voting foe 5 Unpublished interview of three experts on electronic voting by William Rivers Pitt author of The Greatest Sedition is Silence Excerpted on Democratic Underground Aug 1 2003 Pitt also wrote War in Iraq and Our Flag Too The Paradox of Patriotism 6 The Risks Digest Vol 22 Issue 25 Monday 23 September 2002 Memo from Chris Riggal press secretary for Cathy Cox Georgia Secretary of State 7 Georgia Secretary of State Press Office Media Backgrounder Multilevel Equipment Testing Program Designed to Assure Accuracy amp Reliability of Touch Screen Voting System 8 Diebold AccuTouch Technical Data Package TSx final certification Appendix D Quality Control Manual and Appendix E Testing Procedures submitted to Wyle Laboratories for certification in Jan 2003 9 RFP Sec 3 28 Schedule for Deployment submitted by Diebold Election Systems to the state of Georgia in March 2002 10 Feb 11 2002 Interview of Michael Barnes Assistant Director of Elections for the state of Georgia by Bev Harris Full unabridged interview can be found in the library at www blackboxvoting org 11 Feb 12 2002 Interview of Dr Britain Williams NASED certfication board official voting machine certifier for the states of Georgia
21. e T5x 2 04 System Hardware Specifications pdf PelaAccuvote T5x 2 05 Software Design and Specification pdf Peaccuvote T5x 2 06 System Security Specifications pdf PeAccuvote T5x 2 07 System Test and Verification Specificati Peaccuvote T5x 2 08 System Operations Procedures pdf PeJaccuvote T5x 2 09 System Maintenance Procedures pdf Peaccuvote T5x 2 10 Personnel Deployment and Training Rec Peaccuvote T5x 2 11 Configuration Management Plan pdf Paccuvote T5x 2 12 Quality Assurance Program pdf Pelaccuvote TSx 2 13 System Change Notes pdf Pe accuvote T5x Hardware Guide Rev 1 0 pdf 140 You cannot build an idiot proof voting system because idiots are so ingenious ctdonath2 tioning of the candidates on the ballot and you could even get the candidate I D number used by the computers to assign votes You could do test runs using real election files On the FTP site were files designated for counties in California Maryland Arizona Kentucky Colorado Texas Georgia North Carolina Kansas and Virginia Some files like one for San Luis Obispo County California were date stamped on an election day curiously five hours before the polls closed The Diebold easy password method Guessing passwords is easy Many files are named for Diebold employees and many passwords are just employee names The supervisor password for voting machines at the polling place was 1111 When I saw this in the manual it rem
22. eclined to answer We wanted to know what these ITAs do said Dill So we invited them to speak to us They refused to come visit us They were also too busy 120 m to join us in a phone conference Finally If Jou go to their Web out of frustration I wrote up ten or fifteen pages it says If you d like questions and sent it to them via the Sec to know something about us retary of State s office They didn t feel please go to hell in the nic like answering those questions either est possible way Dr David Dill If the ITAs won t answer questions Stanford Univ what about the manufacturers What test ing do the manufacturers do asks Dill If you go to their web pages it says If you d like to know something about us please go to hell in the nicest possible way ok CK CK CK x You can t examine a machine or even look at a manual David Allen one of the many computer techs who helped coach me through the writ ing of this book also happens to be my publisher These things are so secret we re supposed to just guess whether we can trust them he said We ve got to get our hands on a technical manual somehow I promised him somewhat doubtfully that I d try calling some pro grammers to see if I could find one to cooperate I was most interested in ES amp S at that time I hadn t done much work at all on Diebold Election Systems I entered essvo
23. ecurity Wait don t program modifications need to be recertified How many people had to get access to these machines to do this Was this legal And what exactly was in rob georgia zip With so many unanswered questions we decided to ask the public offi cials responsible for voting systems in the state of Georgia about these program modifications Feb 11 2003 Interview with Michael Barnes Assistant Director of Elections for the state of Georgia 127 Harris I want to ask you about the program update that was done on all the machines shortly before th lection Barnes All right Harris Was that patch certified Barnes Yes Harris By whom Barnes Before we put anything on our equipment we run through state certification labs and then in addition to that we forwarded the patch to Wyle labs in Huntsville Wyle said it did not affect the certification elements So it did not need to be certified Harris Where s the written report from Wyle on that Can I have a copy Barnes I d have to look for it I don t know if there was ever a written report by Wyle It might have been by phone Also in Georgia we test independently at Kennesaw University a state university Harris Can I see that report Barnes You d have to talk to Dr Williams and he s out of town He s in Lincoln Dr Williams is on the National Association of State Electio
24. ed we look at the machines and see that they comply And in the process of doing that representatives of Kennesaw University did this we found about 4 5 percent of the machines were rejected not all because of screen freezes but that was one of the problems Harris It was the screen freezes that caused them to issue a program patch Dr Williams Yes The vendor Diebold created a patch addressing the screen freezing It made it better but didn t completely alleviate the problem Harris Did you do a line by line examination of the original source code Dr Williams For the original no We don t look at the source code anyway that s something done by the federal ITAs Harris Did you do a line by line examination of the patch Dr Williams The patch was to the operating system not to the program per se 130 Harris It only changed Windows files Do you know that it didn t change anything in the other program Did you examine that Dr Williams We were assured by the vendor that the patch did not impact any of the things that we had previously tested on the machine Harris Did anyone look at what was contained in the replacement files Dr Williams We don t look at source code on the operating system anyway On our level we don t look at the source code that s the federal certification labs that do that Harris
25. he programmer tells them to do They can be set up to delay their launch until a triggering event occurs There is nothing wrong with dll files but there is something very wrong with putting new dll files into a voting machine if no one has examined them Hey What s this EJ ClockFix zip NK bin BIN File 7 16 2002 8 48 PM ClockFix zip 134 Other files such as nk bin also contain executables that can literally re write the way the system works The nk bin file is sort of like a mini Win dows operating system If a programmer from Diebold modifies the nk bin file and these modified files are put on the voting machine without being examined the truth is we have no idea what that machine is doing Also any time you do a program modification you can introduce a small trojan horse or virus that can corrupt the election 2 The rob georgia zip folder includes a file called setup exe that was never examined by certifiers It contains many dll files The clockfix zip file is an nk bin file Someone should have looked at these 3 Windows operating system In order to use COTS software Commercial Off The Shelf without having certifiers examine it the commercial soft ware must be used as is with no modifications If the patches that Barnes and Williams referred to were Windows patches the moment Diebold modi fied them they became subject to certification They did not come from Microsoft T
26. hey came directly from Diebold Therefore they were not as is off the shelf Someone should have looked at these too 4 The rob georgia zip file contains two folders full of files that are not for Windows GEMS is not part of the Windows operating system You don t need to be a computer scientist to see this Just look at the file names which instruct the user to alter the GEMS program Someone should have looked at these F semedsoQecurerte echon zip lA counties GAT DB sredalij iimarydatabase 5p ES dsszon city election zao i Baida ga actin LOZ ap i Dorchester Englichi2 zip E allegare Engksh 2 2n 12 Dorchester Screen Shots ao Ei Allegany Screen Shots 2ip Deocheate Audigy zp EE Agarri Pidorchesterfived dp l ccbb corte DOO LOS backap ap fs ebeso on Bi cobbCountygenera zp epi i5 D mentgomery_65_Styles zip Mfinabaeganyt 10 02primarya i hanger z HE Montgomery Udo tp final slegeny 9 10 02 primary 8 13 02 ver Lip ES norfolk election zig trina slogeny 9 10 02 primaryzip Bj ostend0s 30 02 210 Diiin mertgomery 2 10 02 primary amp 14 02 Verl ip i offida elpeso op foida ballot station 4 3 certification general 2ip Teg ane akapa marylared databases A PS rorsvthConC3 2 2ip Bipinaupgrade sip 1S PorsythCpNe_ lt sthi cip Th Re ee Re Le F 135 I m glad we got a look inside but what we found was shocking What you are about to read should divest you once and for all of the idea that we can trust
27. hter had their private information on that web site too And what do Diebold and the other guardians of our vote have to say about this 149 We protect the Bill of Rights the Constitution and the Declaration of Independence We protect the Hope Diamond Now we protect the most sacred treasure we have our secret ballot 2 Diebold CEO Wally O Dell For 144 years Diebold has been synonymous with security and we take security very seriously in all of our products and services Diebold web site Sometimes our customers use the FTP site to transfer their own files It has been up quite some years People go there from counties cities sometimes there is stuff there for state certification boards federal certification a lot of test material gets passed around Guy Lancaster Diebold contractor 2 03 the current group of computer wizards who are so shrilly attacking are no longer behaving like constructive critics but rather as irresponsible alarmists and it s getting a little old Dan Burk Registrar of Voters Washoe County NV from Diebold web site They re talking about what they could do if they had access to the computer program code But they re not going to get ac cess to that code Even if they did we d detect it 1 Dr Britain Williams Our ongoing investigation has found no merit to the insinuations of security breaches in our elec
28. inded me of buying a new briefcase It comes with a default combination but of course you change the combination as soon as you start using the briefcase For some reason Diebold s voting 4 Insert the Manager card into the card reader a 2 Enter the password 1 1 1 1 and touch OK 3 Remove card when instructed 4 When the screen below appears press the End Election button machines were less secure than your I Abesic 18 16 12 Di abasic 1 16 6 208 a ANTS 3 13 54 00 Wa ayt 3 13 7 2 20 a patotStationhiT 4 1 2401 20 E Abasie 1 16 8 708 E abasic 1 1 9 210 Ej abasic 1 16 17 cin Sl avos ec Fc pdx ap ES avos Pc Fc tee pred zip J aur se2 212 zip B ayrs 3 12 1 3 2i6 j ayrs 3 12 1 2ip E ayT5 2 12 2 2p E ayTs 2 12 4 20p a avT5 3 13 4 2 00 a avT5 3 13 8 0p av75 13 2 00 Dassia Sayrsre 3 124 in Bats Py avrsrs 3 12 5 zip Py avr srs 3 12 4 zip E aytsrs 3 13 1 2 2p E ay sts 3 13 1 a 2 141 5 55_ce 4 1 0 2 1 a5_cE 4 1 4 0 2F ps_ce 1 40 21F es _ cet 1 60 20 as_ce 4 1 7 0 7 jes cet 1 20 20 es _ce4 1 0 20 Pes _ce4 1 10 0 20F Pes _ce4 1 11 0 2i6 Mas _cf4 1 12 0 2i6 29 x110700 pimageneral zip password pima norfolk election zip password norfolk E docs zip password voter E ChrisBellis zip password bellisc E wyle zip password wyle99 E JuanR zip password juan briefcase That s because programmers hard wired the password into the sou
29. ll see our certification won t compensate for insecure or system is fundamentally broken The flawed computer programs system is secret relies on a few cronies and is accountable to no one Worse the certifiers have clearly given a passing grade to software so flawed that it miscounts loses votes and invites people to come in the back door to make illicit changes to anything they want But even this inadequate certification system would be better than what we discovered is really happening Trust us There s so many checks and balances in this process Linda H Lamone Diebold has been using software directly Are you serious off its FTP site without submitting it for Please tell me you re certification at all not serious here DEMActivist What a cracker could do with the files on the FTP site If you want to tamper with an election through electronic voting machines you want to play with 138 Ballot configuration Switch the position of candidates A vote for one candidate goes to the other This would be useful in precincts that favor one party or candidate over another Vote recording Record votes electronically for the wrong candidate or stuff the electronic ballot box Vote tallying Incorrectly add up the votes or substitute a bogus vote tally for the real one or change the vote tally while it is being counted You d want to find out as much as you could about procedure
30. memory cards They take the PCMCIA card install it and in the booting up process the upgrade is installed Harris Where did the actual cards come from Barnes Diebold gave a physical card one card that activates each machine There were about 20 teams of technicians They line the machines up install the card turn on boot up take that card out move on then test the machine Harris Were people driving around the state putting the patches on the machines Barnes Yes Harris What comment do you have on the unprotected FTP site Barnes That FTP site did not affect us in any way shape or form because we did not do any file transferring from it None of the servers ever connected so no one could have transferred files from it No files were transferred relating to state elections Harris How do you know that no one pulled files from the FTP site Barnes One voting machine calls the servers and uploads the info We don t allow the counties to hook up their servers to a network line Harris I notice that one of the things the network builder put on the county machines was a modem Barnes The only time you use the modem is on election night That is the only time the unit was used was election night when they plug it into the phone details on preparation of vote databases Harris Having the screens freeze up is a pre
31. n Directors NASED certification and I think he s also at Kennesaw University He does the certification for the State of Georgia Harris Was this new patch tested with a Logic and Accuracy test or was it tested by looking at the code line by line Barnes Logic and Accuracy and also they verify that our version is identical and also any software is tested through Ciber and Wyle Harris But Wyle decided not to test the patch you say Was this patch put on all the machines or just some of the machines Barnes All the machines Harris So every machine in Georgia got this program update Barnes Yes every one of the machines used on election day in November If it had been sent out to counties prior already Diebold and their technicians went out and manually touched every machine Some of the machines were still at the manufacturer they did the patches on those Harris How long did it take to do patches on what was it around 22 000 machines 128 Barnes It took about a month to go back out and touch the systems Harris Can you tell me about the procedure used to install the patches Barnes The actual installation was a matter of putting ina new memory card memory card like a floppy disk but shaped like a credit card Sometimes called PCMCIA card It took about one and a half minutes to boot up discussion of slots and
32. nce or allowed to examine anything I m glad the files became available but putting that kind of material on an unprotected Web site was a major security stuff up by anyone s reckoning That s how Thomas C Greene of The Register describes what Diebold did and he s right Diebold s en tire secret election system was available to any hacker with a laptop Diebold s big secret The source code for their voting machines is based on Kazaa htuttl ai Did leaving these files on an unprotected Web site jeopardize elections 137 Yes If your elections officials tell you they still trust the system give them a copy of this book They were never made aware of the risks Your congressperson may be equally unaware In fact well meaning election su pervisors and congressmen generally know diddly about C programming Microsoft Windows code or remote access security Even if they looked at the source code which they are prohibited from doing they don t have the ex pertise to evaluate it They trust the system because they think that someone else is mind ing the store secretaries of state for example or state election directors But none of that makes any difference Maryland State if the innards of your voting system Elections Boards including the passwords IP informa tion and modem configurations have been available to crackers for six years The facts Poll worker training AS you
33. ooking at the software putting the patch on wouldn t change the digital signature Harris But if you put in a program patch wouldn t that show that a change has been made Dr Williams No because the patch was only in the Windows portion there was no digital signature check on the operating system discussion of how a digital signature works Dr Williams They write the source code and the source code is submitted to the federal lab When it passes the lab they freeze the source code at that point it s archived Any change after that is subject to retesting Harris What was the security around the creation of the cards used to implement the patch Dr Williams That s a real good question Like I say we were in the heat of the election Some of the things we did we probably compromised security a little bit Let me emphasize we ve gone back since the election and done extensive testing on all this 132 Harris Based on your knowledge of what that patch did would it have been needed for all the machines of same make model and program Including machines sold to Maryland and Kansas that were built and shipped around the same time Dr Williams Yeah but now the key phrase is with the same system Maryland ran a similar version with a different version of Windows and did not have this problem Harris So the program was certified by the fe
34. r common government and its assets is asserted is through the vote Many citizens believe however that turning the programming and maintenance of voting over to private for profit corpo rations answerable only to their owners officers and stock holders puts democracy itself at peril KKK KK Historians will remind us of a concept called the public commons Public ownership and public funding of things that are essential to everyone means we get public scrutiny and a say in how things are run When you privatize a thing like the vote strange things happen For example you can t ask any questions Jim March a California Republican filed a public records request in Alameda County California to ask about the voting machines they had en trusted with his vote The county s reply 119 Please be advised that the county will not provide the informa tion you requested The County will not allow access or dis close any information regarding the Diebold election system as any information relating to that system is exempted from the PRA Public Records Act The system provided by Diebold Election Systems Inc DESI is a proprietary system that is recognized as such in the contract between the County and DESI The County contends that the official information privilege in section 1040 of the Evidence Code is applicable because the in formation requested was acquired by the County in confidence
35. ram that can cancel out the card reader entirely Diebold handed me the road map and helped me find it by naming it votercard hack Any moderately skilled pro grammer will know how to paste it into the latest touch screen source code recompile install and start playing around Votercard hack takes you straight to the source code commands you need Leaving other people s pants unzipped It s bad enough when you leave your own sensitive stuff on the Web But Diebold exposed other people s confidential information also Diebold left 15 900 of Microsoft s proprietary Windows CE source code files on its public web site ready to assemble like a set of legos The Microsoft Windows CE Platform Builder is a set of development tools for building a Windows CE operating system into customized gadgets You are supposed to have a license to use it and according to Bill Cullinan of Venturcom Inc a Waltham Massachussetts based Windows CE distribu tor and developer the kit is certainly not free The Platform Builder development kit for the new Windows CE net runs about 995 he told me Earlier the cost was up over 2 000 jz appendix f acceptance test specifications doc ccTest exe gz appendix e tp4 supervisor test procedure htm Appendix E Testing Procedures 2 appendix b5 sample test plan doc E ForsythTEST zip m2 appendix b4 sample test procedure doc E Ciber BRC Results Import zip m2 appendi
36. rce code That way no one could change the password and anyone inside the polling place the janitor a crooked politician could pretend to be a supervisor by entering 1111 In case you need a fancy password the files called passwd might come in handy I don t know if anyone found a use for the Diebold programmer passwords but these were sitting there E passwd ken Cx4drK404uebk E passwd guy APHmbSVeB5WQ6 ken Cx4JrK4Q4uebk tri GubsaUFr5T1090 tri UEGNh UaiLROk whitman KnSet wE DYt uM dmitry dyNCBK1IMDVDU nel 187 xesCnmxBuU whitman g8PfNAegd94o6 mike X5o0EayCPicxN kponti b t1lxLFSaVUVE tomg hSskrGZaF iuqg denisel b t1lxLFSaVUVE bill 6bFseyII9RxV ataaib t1lxLFSaVUVE guest cZm8UdIv9sgzyc josh ZHwPOhdaSis3JE Enter your ssa bagon name and passani jc GEMSUSER Ai hes pini Windows wall siari The password for the Setting System Date and Timer GEMS program is GEMSUSER Afar Winrar darts af Ibe bottom Hoh comer of fie sorpen is tho arsam 142 Supervisor access at the polling place is granted CAFX_DATA_INIT CSmartCardEmuD1g by the password 1111 m_ByAccLevel 0 m_ID _T 01234567890 Instead of allowing m_Levell 1 supervisors to control m_Level2 1 the password it is m_Level3 lt 1 m_Party lt 1 written into the source m PIN _T 1111 code and printed in the m_Type VOTER CARD manuals ADMIN CARD AFX_DATA_INIT st VC_NOACCESS
37. rob was a verb rob georgia is a zip file with whole bunch more files inside it It seems to be some sort of a program modification which is a great way to slip any damn thing you want into a voting machine without anybody noticing Here s what I saw when I clicked it Ea rob georgia zip Place the contents in the Gems Folder Replace what is in the Gems Folder with these Run this program Install To C Winnt System32 B Instructions bt 124 Why did they replace voting machine stuff Did they replace voting ma chine files Googling around with various Georgia voting machine Diebold search words here s what popped out 16 Sep 2002 Memo from Chris Riggall press secretary for Georgia Secretary of State Cathy Cox Diebold programmers developed a patch which was applied to the units deployed in Hall and Marion counties and we were pleased that not one freeze was reported among the tens of thousands of votes cast there Unfortunately we simply did not have the time to apply the patch to the demo units but that is now occurring to all units in all counties and the last increment of shipments from Diebold had this fix loaded before leaving the factory A program modification was needed because the touch screens were freez ing up crashing the machines Makes sense The problem must be a big one to justify modifying the progam on all 22 000 voting machines in Georgia But wait a minute Before being consi
38. s No problem the Web site contained the Ballot Station user manual the Poll Worker Training Guide and at least two versions of the GEMS User Manual along with the Voter Card Programming manual and hardware configuration manuals for the AccuVote touch screen system The Technical Data Package for the new AccuVote TSx system con tains details on procedures and security measures take with a grain of salt X OK CK CK k It would be helpful to play with elections in the comfort of your own home Not a problem full installation versions of almost all of the Diebold voting programs were on the Web site BallotStation 4 33une 1 pdf intel 28F128 Strata Flash J3 pdf putraning pdF lintel J3 Strataflash Memory Specification Chang TE GEMS Users Guide 1 17 15 pdf E LANDiagram paf gemsmanual82002 pdf ProdSpec doc You Found it doc GemsProtocol pdf fH Using CProgrammer doc Bl rel_AccuTouch txt i BallotImageDataStructure xls 7 DLLMAN pdf 2 BALLOTS LOG P 5ocket Communications Ethernet PCMCIA E secure Tech Smart Card Reader ST 201F pdf cEOperating System Features htm Placcuvote Version1 94HardwareGuideRevision1 2 PeJusr_AccuTouch pdf Accu ote TS Users Guide 4 1 pdF WildcatSoftwareConfigurationGuide doc Modem_settings_for_GEMS doc WinsockStates txt ProdSpec doc DriverDesignGuide pdf 139 e BallotStation exe vote recording and precinct tallying found in the BS folders e GEMS exe county level t
39. tatement on Georgia Secre tary of State letterhead remains posted on the state s Web site as of the writ ing of this book 126 After shipment to each of Georgia s 159 counties county acceptance testing which consists of the same types of diagnostic procedures was per formed by KSU staff on each voting terminal Was this testing rigorous Yes rigorous they promised According to the Media Backgrounder Georgia s multi tiered election equipment testing program among the most rigorous in the nation Could someone take a moment to do the math with me If this testing is rigorous might we expect them to invest say 10 minutes per machine The testing described by Diebold and Secretary of State documents adds up to every touch screen unit being tested three times before it gets to the renowned logic and accuracy test 22 000 machines x 10 minutes 220 000 minutes 220 000 minutes x 3 times 660 000 minutes Divide by 60 minutes 11 000 hours Divide by 40 hour work week 275 work weeks or 68 months 68 months divided by 12 5 7 years Amount of time available for acceptance testing 4 months NOW ADD PEOPLE 68 months divided by 4 17 people working 40 hours per week for 4 months doing nothing but rigorous testing Do you believe they did all the testing they claim to have done Call me a Skeptic I want to see the payroll records on that What does all that modifying at the last minute do to s
40. te com into the Google search engine look ing for e mails which might give me names I could contact and found a few dozen employees who work for ES amp S I felt cowardly about calling them What would I say Hey let me see a manual So I stalled by convincing myself that I should find as many names as possible I got some from Sequoia Then I entered Glo bal Election Systems and found some old documents with e mails end ing in gesn com On page 15 of Google looking for anything with gesn in it I found Web page You can still find this page at www archive org for GESN com The FTP link still appears 121 GOD Al GEOBAL ELEC TION SYSTEMS W elcome to the Global Election System Network GESN Home af the highly acclaimed Accuyote Optical Scan Voting System and AccuVote TS The TouchScreen System Global Election Systems is dedicated to providing convienent voting methods for the voting public and increasing voter turnout by introducing advanced technology to the election process I clicked press releases to see what kind of claims this company was making Then I clicked all the links I clicked the link called FTP and it took me to a page full of files I called my publisher David Allen What am I looking at He took one look at the page and snorted incredu lously Incredible stupid ity Click Pub he sug gested We did and began wandering through the
41. tend he is the county elections supervisor might start by installing one of the GEMS vote tallying programs on his home computer GEMS is on the central computer at the county elections office This is the software that creates the ballots before the election and it also tabulates the incoming votes from the polling place when the polls close The same GEMS program handles both touch screens and optical scan machines If you were to select any of the many vote databases tagged to cities or counties you could practice tampering with elections using real software and real vote databases Any computer that has Windows seems to work but meticulous people would follow the instructions left on the FTP site and put the GEMS program on a Dell PC with Windows NT 2k installed So many versions of the GEMS program so little time A good version to start with would be GEMS 1 17 17 according to NASED documents posted on the Internet by The Election Center that was the officially certified version of GEMS during the general election in November 2002 A folder called Pima Upgrade might be a good choice for a hacker living in Tucson and the new 1 18 series was also available An even newer GEMS 1 15 4 2 2ip 82 GEMS 1 15 5 zip 82 GEMS 1 15 6 zip 82 GEMS 1 14 1 3 zip 85 GEMS 1 14 1 4 2ip 85 GEMS 1 14 1 5 zip 82 GEMS 1 11 8 zip GEMS 1 11 9 zip 82 GEMS 1 11 10 zip 82 GEMS 1 11 11 zip 82 GEMS 1 11 12 2 zip GE
42. tion solutions Joe Richardson Diebold spoeksman Feb 2003 Harris So if there were 20 000 files including hardware software specs testing protocols source code you do not feel that is a security breach Richardson shuffling papers Our ongoing investigation has found no merit to the insinuations of security breaches in our election solutions The scientists are undermining people s confidence in democracy Townsend said None of the critics is giving any credence to the extensive system of checks and balances that we employ internally Mischelle Townsend Registrar of Voters Riverside County CA AP Wire 8 17 03 It is all fine and well to upload results over the internet but we don t exactly have a lot of experience in internet security in this company and government computers are crackers favorite targets Barry Herron Diebold Regional Manager Diebold internal E mail 2 3 99 151 Chapter 8 footnotes 1 If You Want To Win An Election Just Control The Voting Machines by Thom Hartmann http www commondreams org views03 0131 01 htm Thom Hartmann is the author of Unequal Protection The Rise of Corporate Dominance and the Theft of Human Rights www unequalprotection com 2 PUBLIC RECORD ACT REQUEST Responding Agency Alameda County Registrar of Voters filed by Jim March on July 29 2003 http www equalccw com voteprar htm 3 PUBLIC RECORD ACT REPLY Respon
43. tty sever rror how did 5 of the machines get out of the factory with that How did they get through Wyle testing labs Barnes All I know is that the machines were repaired 129 Harris How do you know that the software in the machines is what was certified at the labs Barnes There is a build date and a version number that you can verify Kennesaw University did an extensive audit of the signature feature Dr Williams and his team went out and tested every machine afterwards to make sure nothing was installed on them that shouldn t have been Harris They tested every one of 22 000 machines Barnes They did a random sampling Feb 12 2003 Interview with Dr Britain Williams Kennesaw Election Cen ter an organization funded by the Georgia Secretary of State Harris I have questions regarding your certification of the machines used in Georgia during the last election Dr Williams For the state of Georgia I don t do certification The law gives the Secretary of State the authority to say what systems are certified and what are not What I do is an evaluation of the system details on certification Harris What was your involvement in certifying the program patch that was put on Did you actually certify the patch or did you determine that it was not necessary Dr Williams Part of our testing program is when these machines are deliver
44. uggest improvements Some advocates confuse what happened 136 with Diebold s unprotected FTP site with open source What Diebold did though rob georgia zip is quite different Anonymous FTP access LOL unbelievable This is beyond ridiculous these people couldn t be trusted to secure your grannies system quimby If you never obtain public feedback to improve your software what you have is horrific security not an open source system Hundreds of people have by now examined the Diebold files but it s still not open source because no one has the slightest idea what Diebold has done to correct the flaws if anything If the Diebold system had allowed everyone with expertise in secu rity encryption hacking and database design to critique the software during development and then showed how it corrected the flaws that would be open source Such a procedure would no doubt arrive at a very simple and secure program with a voter verified paper ballot to back it up Australia has developed an open source voting program and so has AccuPoll Instead Diebold allowed only a small handful of programmers to look at its software Then they put all the software along with passwords and encryption keys on an open Web site and left it there for several years where crackers could download it and people interested in elec tions could find out about it but respectable experts and citizens groups were not told of its existe
45. world and armed with your social security number and a few other details can quite literally ruin your life And all they need is your name address and birthday to get your Social Security number E prmeeGecr get mal op j porce Gaorganfised np 3 rat georgia sip ES alone AM ic Mwani eG in TS tasapicenersitcr Lana ip 1D Ser Luts Sheep zip I ertan TP TS eroe IF ES efhroMabslip oc TD eian sip TE effersoristy repaired ap 1D Jefinho Tiki khhrsonisathHrs ip Bea 40 Rate ip ASA STATE AUDIO ropta raa Eca STATE AJDO atsbeaie r srar rip Micara sip trad co an O a irsico zip E Jeff Helin database ap E Hooniyamenai zip aa a E 1 arrresotsct ap Tairartawnery Erase ain Monhgamery and Dorcherter ap Ea mpna zp i Morbyoreny primary 21002 03 01 02 2 aabt Ei Montgomery MA Prr 2002 gF kij Fina locked sheqere general 10 302 gb kij lina kehad corchestter garara 10 300 get 148 lt sarcasm gt I think you re The files on the FTP site were a hodge absolutely right No fraud podge During the writing of this chapter I yet No evidence whatsoever tried to take a more complete inventory of fraud It s good Tucked into one folder buried about news good news Leaving three deep in the directories was a file that an FTP directory open is an Contained personal information for 310 000 understandable security Texans flaw Very understandable People have a right to privacy even
46. x b3 test incident report doc E Penn certification docs zip m2 appendix b2 test log doc secretary of state testing final zip m2 appendix b1 test standards doc E wyle zip 2 PixEZ testwork zip testb frm teste Frm 147 Any cracker in the world could access the pricey Microsoft developer s platforms through the Diebold FTP site Despite a notice that says You may not copy the Hewlett Packard Software onto any public network copies of the Hewlett Packard software were on the public FTP site hosted by Diebold Stupid or evil Though many companies maintain FTP sites not many I am aware of store source code and customer files in plain sight Atraides Adocument marked Intel Confidential per taining to microprocessor development for personal PCs was on the FTP site along with the Merlin PPC Sourcekit for personal PCs and the Intel Cotulla development kit and board support packages for Microsoft Windows CE NET and PocketPC 2002 So Diebold expects us to trust them with our vote yet they are quite cavalier with other people s intellectual property and as we will see in the next section with people s personal information Parked on the Diebold FTP site Private info on 310 000 Texans Johnny May perhaps the nation s leading expert on identity theft has sobering infor mation for you about the Internet and your security Identity thieves can work anonymously from anywhere in the
Download Pdf Manuals
Related Search