Diebold Voting Maachine source Code Allowin g Open Access???

Posted on 2004-11-15
Last Modified: 2010-04-11
Can someone tell me their programming perspective on this article:

Dr. Avi Rubin is currently Professor of Computer Science at John Hopkins University. He "accidently"got his hands on a copy of the Diebold software program--Diebold's source code--which runs their e-voting machines.
  Dr. Rubin's students pored over 48,609 lines of code that make up this software. One line in partictular stood out over all the rest:

     All commercial programs have provisions to be encrypted so as to protect them from having their contents read or changed by anyone not having the key..The line that staggered the Hopkin's team was that the method used to encrypt the Diebold machines was a method called Digital Encryption Standard (DES), a code that was broken in 1997 and is NO LONGER USED by anyone to secure prograns.F2654hd4 was the key to the encryption. Moreover, because the KEY was IN the source code, all Diebold machines would respond to the same key. Unlock one, you have then ALL unlocked.
Question by:Nomad2012
    LVL 7

    Accepted Solution

    To make it simple...

    Dr Rubin and students found that the encryption algorithm used to secure the source code is no longer secure.
    Therefore the piece of software is crackable. And once cracked, all the Diebold machines can be re-programmed and under the control of the cracker/hacker.

    In this case, the votes can be manipulated/tampered.
    LVL 8

    Assisted Solution

    This software is wide open, it does not need to be cracked in order for the vote tallies to be accessed or manipulated. The private key is defined clearly, and anyone with access to the storage device that holds the vote tally could access it, read it, and modify it.

    Further more, since DES is used, it shows massive incompetence on the part of the Diebold corperation for two reasons: First, allowing their source code to be leaked to the public,

    And second, to use this type of algarithim to encrypt data.

    Shahrial is absoultly correct in saying the votes could be manipulated. If you could, please post the link to this article, I would like to read it in full. I'm not too happy right now.......

    LVL 14

    Expert Comment

    The massive incompetence is not in using DES, but in using a fixed key to encrypt all communications rather than using, say, public-key crypto to give each machine its own unique key only known to that machine.
    LVL 8

    Expert Comment

    I can't disagree with that....

    Author Comment

    I perosnally don't thiunk they made that by accident.
    LVL 51

    Expert Comment

    if not by accident, then 'cause someone decided to do it! which then forces the next question: why?
    history still answred that too
    LVL 8

    Expert Comment

    I bet halliburton had something to do with this.... I bet dick cheney wrote that code himself....


    Hey, seriously, I'm sure it was a mistake, I saw diebolds' ceo on tv last week and he looked completely incompetent. After seeing that man and from what I've read about these diebold voting machines, I doubt his employees are any brighter...... Hopefully, there will be some sort of paper trail incorperated into these machines. From what you have written, it's apparent that you do not trust these e-voting machines, and I must agree, I don't trust them eighter. I personally like the system we use in my precent, we use paper ballots in conjunction with the 'scan tron' machines (optical paper readers). I figure you probably used scan tron forms in school, as I did. I think this is the best way of voting.... It's easy(just bubble in a circle), no hanging chads, no way of hacking it, and there is a paper trail to allow for recounts......
    LVL 51

    Expert Comment

    how should someone look when delivering such machines with hellbutton, and having its own pockets full with $$$$
    sounds like someone did not understand how "demo[nc]racy" works ;-)

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now