[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Diebold Voting Maachine source Code Allowin g Open Access???

Posted on 2004-11-15
10
Medium Priority
?
348 Views
Last Modified: 2010-04-11
Can someone tell me their programming perspective on this article:

Dr. Avi Rubin is currently Professor of Computer Science at John Hopkins University. He "accidently"got his hands on a copy of the Diebold software program--Diebold's source code--which runs their e-voting machines.
  Dr. Rubin's students pored over 48,609 lines of code that make up this software. One line in partictular stood out over all the rest:
                         #defineDESKEY((des_KEY8F2654hd4"

     All commercial programs have provisions to be encrypted so as to protect them from having their contents read or changed by anyone not having the key..The line that staggered the Hopkin's team was that the method used to encrypt the Diebold machines was a method called Digital Encryption Standard (DES), a code that was broken in 1997 and is NO LONGER USED by anyone to secure prograns.F2654hd4 was the key to the encryption. Moreover, because the KEY was IN the source code, all Diebold machines would respond to the same key. Unlock one, you have then ALL unlocked.
0
Comment
Question by:Nomad2012
8 Comments
 
LVL 7

Accepted Solution

by:
shahrial earned 1000 total points
ID: 12591110
To make it simple...

Dr Rubin and students found that the encryption algorithm used to secure the source code is no longer secure.
Therefore the piece of software is crackable. And once cracked, all the Diebold machines can be re-programmed and under the control of the cracker/hacker.

In this case, the votes can be manipulated/tampered.
0
 
LVL 8

Assisted Solution

by:mugman21
mugman21 earned 1000 total points
ID: 12592672
This software is wide open, it does not need to be cracked in order for the vote tallies to be accessed or manipulated. The private key is defined clearly, and anyone with access to the storage device that holds the vote tally could access it, read it, and modify it.

Further more, since DES is used, it shows massive incompetence on the part of the Diebold corperation for two reasons: First, allowing their source code to be leaked to the public,

And second, to use this type of algarithim to encrypt data.

Shahrial is absoultly correct in saying the votes could be manipulated. If you could, please post the link to this article, I would like to read it in full. I'm not too happy right now.......

Mugman
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 12594137
The massive incompetence is not in using DES, but in using a fixed key to encrypt all communications rather than using, say, public-key crypto to give each machine its own unique key only known to that machine.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 8

Expert Comment

by:mugman21
ID: 12594463
I can't disagree with that....
0
 

Author Comment

by:Nomad2012
ID: 12596023
I perosnally don't thiunk they made that by accident.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12597755
if not by accident, then 'cause someone decided to do it! which then forces the next question: why?
history still answred that too
LOL
0
 
LVL 8

Expert Comment

by:mugman21
ID: 12602911
I bet halliburton had something to do with this.... I bet dick cheney wrote that code himself....

:-)

Hey, seriously, I'm sure it was a mistake, I saw diebolds' ceo on tv last week and he looked completely incompetent. After seeing that man and from what I've read about these diebold voting machines, I doubt his employees are any brighter...... Hopefully, there will be some sort of paper trail incorperated into these machines. From what you have written, it's apparent that you do not trust these e-voting machines, and I must agree, I don't trust them eighter. I personally like the system we use in my precent, we use paper ballots in conjunction with the 'scan tron' machines (optical paper readers). I figure you probably used scan tron forms in school, as I did. I think this is the best way of voting.... It's easy(just bubble in a circle), no hanging chads, no way of hacking it, and there is a paper trail to allow for recounts......
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12605018
how should someone look when delivering such machines with hellbutton, and having its own pockets full with $$$$
sounds like someone did not understand how "demo[nc]racy" works ;-)
SCNR
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question