As we have long tried to get across to anyone who would listen, the greatest threat to “secure” computerized systems — such as the electronic voting systems, incredibly, still in use in all 50 states for this year’s crucial election cycle — comes from insiders.
Late last week, another report, this one via ComputerWorld, underscored the point yet again:
IDG News Service – A Bank of America computer specialist is set to plead guilty to charges that he hacked the bank’s automated tellers to dispense cash without recording the activity.
Rodney Reed Caverly, of Charlotte, North Carolina, is scheduled to plead guilty to a computer fraud charge next Tuesday in federal court in Charlotte, according to his lawyer Christopher Fialko, who declined to comment further on the case.
Caverly was charged last week with one count of computer fraud for allegedly writing a malicious program that ran on Bank of America’s computers and ATMs, according to court filings.
…
He faces a maximum sentence of five years in prison.
Caverly had worked in Bank of America’s IT department where he designed and maintained computer systems, including those used by the ATMs. The alleged scam ran between March 2009 and October 2009.
The gullible are welcome to buy into the Rightwing propaganda that ACORN is somehow stealing elections, despite the complete dearth of any actual evidence that any vote has ever been illegally cast in any election vis a vis an improper registration by an ACORN worker.
But the facts, demonstrated yet again by the BofA story, are much as non-ideological computer scientists and security experts have been trying to warn for years in regard to electronic voting systems: the greatest threat to such systems comes from insiders, such as election officials who can manipulate results simply and directly and in such a way that they are unlikely to ever get caught doing it.
Even the sham 2005 Rightwing-created Baker/Carter National Election Reform Commission — created almost entirely to put an “official”-appearing imprimatur on the call for disenfranchising Photo ID restrictions at polling places — was forced to admit as much in their final report…
“There is no reason to trust insiders in the election industry any more than in other industries,” they correctly noted in their findings. Yet we “trust” such insiders in virtually every election run in America — run largely by private, unaccountable corporations, rather than us, we the people.
For the record, while the IDG News Service article doesn’t specify which company’s machines were hacked by the Bank of America insider, they use among their ATM suppliers some company known as Diebold — the same irresponsible company whose fully-hackable, oft-failed e-voting systems are still used for some 40% of U.S. elections.
If the hacked BofA systems were made by Diebold it would not be the first hack of either its ATMs nor its voting machines (which have now been hacked many times over). Last year, Diebold was forced to notify customers that malware had been discovered on its ATM systems in Russia. The malware, as reported at the time, exploited “undocumented features to create a virtual ‘skimmer’ which is capable of recording card details and personal identification numbers without the user’s knowledge.” It was speculated that the malware code was likely “pre-installed by an insider at the factory.”
In response, the company wrote to customers at the time, presumably with a straight face [emphasis added]:
As long time readers of The BRAD BLOG know, security has never been a priority for Diebold — at least not in its voting machine division, as scores of previous articles here have demonstrated time and again over the years.
As early as 2005, when most in the corporate media regarded such concerns as “conspiracy theories,” we quoted a years-long Diebold insider who told us repeatedly and in no uncertain terms that the company was simply “not concerned about security.”
“They don’t have security solutions. They don’t want them,” the insider told us at the time. “They don’t really care.”
Most of the security flaws the source told us about, exclusively, back in September of 2005, many of which were later confirmed over and again by various independent academic studies and hacking tests, remain in the hardware and software still in use across the nation even today.
Here are just a few, but by no means all, of the articles from among our library of noteworthy Diebold e-voting system security failures throughout the years…
- Diebold Admits Audit Logs in ALL Versions of Their Software Fail to Record Ballot Deletions
- E-VOTE BOMBSHELL: Diebold Tabulator Drops Votes, Allows Undetectable Audit Log Deletion
- DIEBOLD VOTING MACHINE KEY COPIED FROM PHOTO AT COMPANY’S OWN ONLINE STORE!
- HACKED: VIRUS IMPLANTED, SPREAD ON DIEBOLD TOUCH-SCREEN VOTING MACHINE!
Other than that, watch out for that dastardly (if mythical) ACORN “voter fraud” and remember: “Security is one of Diebold’s absolute priorities.” Also, Diebold has a swell bridge in Brooklyn that they can sell you for an unbeatable price!
[Hat-tip to BRAD BLOG reader “CJ”.]
Diebold and B of A, a match made in Hell. And creating Hell on Earth in the process.
I’m just surprised that this kind of news didn’t emerge sooner.
I used to work for a bank and several of the employees in the ATM group changed the programming so that their accounts would never be charged the fees at other bank’s ATM machines. They were finally caught and fired. The threat of tampering is definitely from the inside.
Hey, Brad – I think I mighta’ been stung by this…just received a new ATM card in the mail with a note from BoA that starts:
Okay. But how is that a ‘measure of added security’? What exactly have you added besides another hackable debit card? If the first one wasn’t secure, how much more secure can this one be? OH, I guess they must be working up to the part where they talk about upgrades in their internal security systems and what measures they are taking to make sure future employees can’t hack into my account again…
Okay. Why not immediately? Why wait five days? I guess my account / pin # is suddenly, magically secure now even though you’ve given me no real assurances that it is. And what if I use my card in the next five days – how do I know that you know it’s me? Oh, wait – I’m sure you’ll be covering that in your next smart bullet point. Forgive me for I do anticipate you…
I am bathed in relief.
I don’t know that, but thanks for politely asking me to in spite of any evidence presented here. Think I’ll walk down to my BoA branch tomorrow and ask if I can ‘please’ close my account with you.
(Oh, and letters of apology for weak security that allows insider embezzling from my bank account should ideally be written in long-hand.)
Rodney Reed Caverly? Wow. That name’s just front-loaded with prison meat potential. It’s almost like his parents somehow knew…
I one time had a Diebold B of A machine eat a whole wad of cash and then jam. It told me to enter the amount of cash which I quesstimated at $400 but it couldn’t have been as I had put in some ones. B of A never changed my estimate and credited my checking $400. It could have been less could have been more but it certainly struck me as a shoddy way to bank. I have a client who is a B of A executive as a client and he told me that there is no way for them to determine how much money is put in during a jam as there are no longer deposit slips on the “modern” diebold atm.
Very interesting article. I read CNN most days and did not even hear of this story.