RAW STORY’s coverage of the news, and the release of the video demonstration of how to hack a Sequoia AVC Advantage electronic voting machine, began this way last week:
“We wanted to find if a real criminal could do this, starting from scratch, with no access to source code or other closely guarded technical information,” the announcer begins. “We faced several challenges: getting a voting machine, figuring out how it works, discovering a weakness, overcoming the machine’s security features and constructing attack software.”
“In the end we found that it is possible to undetectably change votes and that such an attack takes a lot less time and money than one might expect,” the announcer said.
A Princeton professor was able to acquire five voting machines for just $82 that had been resold on a government surplus website. The acquired machines were originally sold by Sequoia Voting Systems.
Hacks of our electronic voting systems used to be big news. Now though, it’s been done so many times, and is apparently so simple to do, that the news hardly registers in the corporate mainstream media (if it ever did in the first place). Yet, almost nothing has been done about virtually any of it to date.
We reported on the Princeton professor, Andrew Appel, acquiring the five Sequoia AVC machines two and a half years ago, that he was able to pick the lock “in seven seconds”, and change the chips inside to do anything he might want the machine to do, including change votes after the close of polls on Election Day. The five machines that Appel purchased for $82 on the Internet were purchased by New Jersey just a few years earlier for $10,000 a piece. The state still uses the same hackable, 100% unverifiable voting machines, despite numerous failures during actual elections.
At the time of Appel’s purchase, Sequoia Voting System had been touting their “tamperproof products, including … the AVC Advantage,” which, they said, “are sought after from coast to coast for their accuracy and reliability.”…
The video tape demonstration of the new hack (posted below), avers that the chip swap used in the hack can be done while the voting machine is left unattended, which is, as the video notes, a “common practice in many polling places.” It certainly is. (See Sequoia voting machines left unattended in two different Riverside County polling locations in 2006, at right.)
While the hack could be accomplished, as suggested by the scientists, by an outsider, an insider, such as an election official, voting machine company employee, or a poll worker who takes the voting machine home in the days prior to the election (a common practice, which has come to be known as a voting machine “sleepover”) proves the greatest threat to such systems. As acknowledged by virtually all computer scientists and security experts, and even confirmed by the highly compromised, GOP-operative-created Baker/Carter National Election Reform Commission years ago, the greatest threat to such systems comes from insiders. As even the phony Baker/Carter commission noted: “There is no reason to trust insiders in the election industry any more than in other industries.” Thus, there is almost nothing that can be done to protect against such exploits.
But whoever accomplishes this particular hack, the UC San Diego scientists note, the exploit leaves no trace behind and is therefore unlikely to ever be discovered.
In the UC San Diego video demonstration, 3 votes are seen being cast for George Washington during a mock election. But, “after the polls closed, the attacker’s invisible software shifts votes.” Instead of Washington, the electronic Sequoia voting machine prints out the winner as Benedict Arnold by a 2 to 1 vote margin.
No known electronic voting system, the scientists now argue, is safe. “We demonstrated practical attacks against a specific computer voting machine, the AVC Advantage, but the implications are broader,” they note in the video. “Computer security features may not stand the test of time. Providing a lasting safeguard requires a system that voters can verify, such as paper ballots.”
They are correct, of course, and no “Luddites” either, as computer scientists and security experts. Though, it should be noted, that while paper ballots — by definition, “verified” by the voter when they actually fill them in by hand — are needed, unless they are counted publicly, those too can be easily exploited without detection. [Ed Note: I’ll have more on that point shortly, in an article and op/ed I recently wrote for the Commonweal Institute, where I am a Fellow. – BF]
Congressman Rush Holt (D-NJ)’s “Voter Confidence and Increased Accessibility Act” (H.R. 2894) legislation, which we’ve analyzed in detail, is now working its way through the U.S. House as the leading piece of voting system reform in either chamber. While eventually banning the type of electronic voting systems used in the UC San Diego team’s experiment, it would allow them for continued use in the next two federal election cycles, including the 2012 Presidential race. It would then allow for the tabulation of paper ballots by similarly hackable optical-scan systems forever.
Sequoia Voting Systems hackable voting machines are used in fifteen states, including New Jersey (Rush Holt’s home state), Missouri, Virginia and the entire state of Nevada, as well as the District of Columbia.
The team that documented this latest hack includes several members of the Princeton team who hacked Diebold’s AccuVote touch-screen system in 2006 after we supplied them with the voting machine, as given to us by a Diebold insider. Though it made big quite a splash at the time — even live on Fox “News” — when, as with the latest hack, Benedict Arnold was able to defeat George Washington after eye-witnesses watched all the votes being cast in favor of Washington, the same, ironically named Diebold AccuVotes are still in use today. Just like the Sequoia systems.
Professor Ed Felten, one of the members of the original Princeton team, who also worked on the San Diego study, was threatened with a lawsuit, along with Appel, by Sequoia Voting Systems last year. They would be sued, Sequoia informed them, if they carried out an independent inspection of the AVC Advantage, after election officials in NJ asked them to do so following the revelation that the machines had reported incorrect vote totals during the Super Tuesday primary in 2008. (The same machines also failed to boot up at all in several locations on the morning of the primary, causing NJ Gov. John Corzine — and an untold number of other voters — to be delayed for at least 45 minutes while officials tried to get the systems to boot in Hoboken.)
Though Sequoia never sued the Princeton scientists, as they’d threatened, an investigative report by The BRAD BLOG would document, ironically enough, that Sequoia doesn’t even own the intellectual property rights to the voting machines bearing their name. Rather, the IP rights are owned by once (and still?) parent company Smartmatic, a Venezuelan firm tied to Hugo Chavez, which Sequoia claimed to have divested from once federal officials from the Committee on Foreign Investment in the United States (CFIUS) began questioning the propriety of foreign ownership in a company which supplies, services and programs electronic voting systems in the U.S.. They have been lying to public officials about that point for years.
Despite our report documenting the continuing direct ties between Sequoia and Smartmatic — even after the company had falsely claimed to have severed their relationship entirely — neither the corporate media, nor the U.S. government has re-opened their investigation into the matter to our knowledge. And Sequoia voting machines continue to be used across the country, in election after election, despite failure after failure, and hack after hack.
Several of the previous known exploits of electronic voting systems in the U.S., by independent scientists and academics include:
- Diebold optical-scan system, 2005, hacked by Harri Hursti in Leon County, FL (video)
- Diebold touch-screen system, 2006, hacked by Harri Hursti in Emery County, UT
- Sequoia tabulator, accidentally hacked by Michael Shamos in PA (while trying to demonstrate that the system was not hackable)
- Diebold touch-screen system, 2006, hacked by computer scientists at Princeton
- Sequoia Edge DRE, 2007, hacked by computer scientists at U.C. Santa Barbara (video release in 2008)
- Independent tests commissioned by the states of CA, OH and CO all found they were able to hack every system tested. In seconds.
The video of the latest hack of the Sequoia AVC Advantage voting system, by scientists working out of the University of California, San Diego, follows below…
I know I’m shutting the fuck up and cracking open the Bacardi. ;o)
This is my kind of news.
Enjoy!
No media coverage, is this the daily proof the media isn’t “liberal”?
No. It’s the daily proof the media aren’t responsible, aren’t serving the citizenry, aren’t meeting their Constitutional responsibility as the only industry given special dispensation in that document.
Thank you so much for running this most valuable and precious information required for the fair administration of U.S. elections (which no one in the media seem interested by).
This is quite interesting to me, an ex-programmer/documentation manager/training manager, who has been publicizing this since the voting machines were outed as not only not untrustworthy, but especially easy to hack.
I don’t understand (or maybe I do) why this information is not run every night on every station by some public-spirited spokesperson (except for Faux Snooze, of course, who undoubtedly are overjoyed at this SOP that benefits rightwingnuts).
We reported on the Princeton professor, Andrew Appel, acquiring the five Sequoia AVC machines two and a half years ago, that he was able to pick the lock “in seven seconds”, and change the chips inside to do anything he might want the machine to do, including change votes after the close of polls on Election Day.
As acknowledged by virtually all computer scientists and security experts, and even confirmed by the highly compromised, GOP-operative-created Baker/Carter National Election Reform Commission years ago, the greatest threat to such systems comes from insiders. As even the phony Baker/Carter commission noted: “There is no reason to trust insiders in the election industry any more than in other industries.” Thus, there is almost nothing that can be done to protect against such exploits.
Despite our report documenting the continuing direct ties between Sequoia and Smartmatic — even after the company had falsely claimed to have severed their relationship entirely — neither the corporate media, nor the U.S. government has re-opened their investigation into the matter to our knowledge.
so that’s what a “political hack” is
Why not have these guys who hack the machines just go out and hack them at every election in which they are used, so that Ralph Nader wins rather than the favoured corporatist. In no time at all, you’d be back to hand-counted paper ballots.
DJ, great idea. But don’t forget people like Jim Hightower, Dennis Kucinich, Cindy Sheehan, Cynthia McKinney and so many others on the local and regional levels! The Corporatocracy would ditch these shell-game machines even faster.
…but not after running scams and money-laundering schemes like this $10K/machine deal. This is financial crime here.
Thanks for writing about this Brad.
Here’s another hack I’d like computer scientists to weigh in on:
“Voter Machine Van Eck Radiation Intercept Demonstrated” check it out LOL here
Brad — Thanks for calling it like it is with this supposed “recent hack.” Readers who are wondering why this revisiting of prior research is getting news attention at all need only look at the sponsor of the EVT/WOTE conference where the material was published. This is an ACCURATE event. The NSF-funded ACCURATE Center has a long track record of recycling material (sometimes without attribution or remuneration to the original creators, although not necessarily in this case), especially in their self-promotion efforts. Rebecca M.
This may not be getting much mainstream media coverage but there currently 42 articles in google news under the banner article “E-voting takes another hit.” These hacks / tests / and studies are important and the more of them that can be done under controlled / academic settings the better.