Voting Machines Question: the code was on the net anonymously?

I have a visceral reaction to that fact that somehow went over my head.

According to this thread in LBN, the code was posted anonymously.

http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=102&topic_id=35986&mesg_id=35986&page=

Meaning, it isn't from a Diebold site?

Diebold never said it was their software?

Sorry but.........my heart is sinking. Don't you guys think that Diebold is capable of putting some really crappy code on the internet JUST SO people like us will find it, review it, make a BIG DEAL out of crappy it is...... BREAK BIG STORIES.....claim voting fraud?

I have no doubt that voting macines are crooked. And millions have known this before we even had the "evidence." So......Diebold and R. Doug Lewis plan a RAT for us to find, discover, expose and .....just like they are saying now, they could have planned a year ago to do this just so they can GIVE another Code that they will claim IS being usedto, say, John Hopkins to review and clear them.

And that's what Diebold is suggesting. That JH didn't have current code. And Diebold is being awfully reserved about this. Just letting our story take root.

This could turn out to be the biggest smoke screen in history!

Tell me I am just plain wrong......take away my HORROR! (or rather, how do we KNOW that this is the software that was used in Georgia and Florida in 2002, for example?)

It was Diebold code, downloaded from Diebold's own site. It's provable.

And it WAS used in elections.

Means anyone can download it, no login/pword required. When you leave an open directory on your website with no index page, it's the equivalent of showing your bloomers.

I'll take a crack at it.

It wasn't posted anonymously. It was on an anonymous (open) ftp site ... meaning that anyone could access it and download it without a password.

The site was maintained by Diebold and all the files on it were uploaded by them. Interestingly, though, it was a cheapie site that was originally used by Global Election Systems, which was the precursor to Diebold, who bought them out around 2000. Diebold continued to use and maintain the site until Bev started calling them. By that time, however, most of their competitors and a good deal of the hacker community had discovered the site and several (at least) had downloaded the files.

Hope this helps. Tech folk, please pitch in and correct me if I've gotten any of the details wrong here.

In my press release I referred to "anonymous access" which, as you correctly pointed out, refers to an ftp site that does not require a user name or password.

Someone in the press misunderstood -- I saw the article too -- one of the articles said the code was "posted anonymously" instead of saying the code was posted on a Diebold site that allowed anonymous access.

It belonged to Diebold, provably so.
It was used in elections, provably so.
They aren't going to disclaim it, because there is absolutely no way the stuff on that site could be faked. Nor is there any way it could have been a setup. It also had a whole bunch of mundane things on it, like travel expense reports, rental car forms, names of a whole bunch of Diebold employees (all of which check out) and all kinds of other things.

No one who has actually seen the whole file repository questions that it is authentic. I do think, though, that there is a very good chance that the Diebold PR people in Ohio had no idea what was really on the site, and were perhaps lied to by the elections division people, who very likely minimized the problem to cover their asses.

I would not be surprised if the elections division took the site down and the corporate office never did see what was on it. Perhaps they, like so many others, appreciated the link at Scoop. I can imagine they turned green and got diarhhea for a week when (if) they saw what all those files really are.

You truly have not seen the worst of it yet. The Hopkins Heroes only digested part of it.

Bev

We should push for a correction/retraction.

If we're not careful, people could wind up Lexis-Nexis-ing that for the the next 10 years.

To access such an open ftp site one would log in with username "anonymous" and any password that looks like a (any) email address. This is the norm for publicly accessible ftp sites. The WHOIS info of the domain name of the site reveals the owner of the site.

Or it was automated. There was a button in the menu on the web page that looked very inviting and said "ftp" -- you click the button and you are looking at the files. No login whatsoever required of the user.

Bev

I am not being nasty....I so respect all the work you have done with BH on this problem.
I have serious doubts that the "arrogant" folks at Diebold and the previous software people would even bother to go to all this trouble. They are like the * junta.....they do not believe there are any citizens who are watching. They have gotten away with this for several years now, so "what me worry" attitude is likely in place. The power of the internet is just being felt by the powerful and I do not believe they have bothered to "protect" their malodious crimes.
Our defence against these machines is the non-partisan vote fraud issue. Who said only Repugs could or would commit vote fraud. Now that I know how easy it is even for a very unnerdy old lady, I might be tempted to give my polling place a drive-by wi-fi correction.
This is the point we should be hammering home......vote fraud is equal opportunity.

:shrug:

The way the LBN thread was worded ("the code was posted anonymously") caused my heart to jump out of my chest! Not sure if that's the CNN quote or the poster......but I now understand that the source of the code WAS Diebold/GES.

Thanks god!

:-)

(yes, equal opportunity fraud potential -- totally non-partisan. Heck, just the appearance of insecurity is grounds for ditching the system).

as per my above post.

Gotta love the media. So many reporters just don't give a shit, they get a sound-bite and run with it.

I was witness to a fire in which there was a fatality, a child died. He had run back in the house to save his puppy. The fire disintergrated the mobile home in less than five minutes, down to the ground, and even burned up the refridgerator, which was the only recognizable thing left.

The local paper told it that he realized he was not supposed to be running around outside without his jacket (which was crap because the mother was a cocaine addict and neglected her kids completely, I'd ofter come outside and find them standing in my yard in their diapers, at age 1 and 2). So, according to the paper the child ran back into the trailer to get his coat, and did not come out, and in the bedroom,AFTER THE FIRE, stood a (WOODEN) dresser, with one drawer open. (!!!!!!!!!!!!!!!!!!) It is just bullshit, sometimes what they write. I hate to use such a sad example, but I just could not figure out why they MADE UP such a ridiculous, not to mention scientifically impossible, story.

Anyway, sorry for the rant, but I hope other reporters will take more care with stuff, buried back-page retractions are too little, too late.

of what distinguishes a private from an anonymous/public ftp. The first link described below takes you to an anonymous or public ftp server. The ftp link on Diebolds site was posted in this fashion. We shall use a link to Adobe's anonymous ftp server for this example though: ADOBE FTP. As you can see anyone can access this server and maintain their anonymity.

The above "named" link hides what is taking place underneath which looks like this:

ftp://anonymous:anonymous@ftp.adobe.com:21 click this link and it will take you to the same place as the one above...the contents will appear a little differently however. The reason it appears differently exceeds our scope at the moment, so I won't go into the whys and wherefores. Suffice it to say that it relates to the board software and the way in which I hid the address of the link behind the words ADOBE FTP.

(ftp://) describes the type of server, in this case a File Transfer Protocol server. (anonymous) describes the username. The second (anonymous) describes the password. (ftp.adobe.com) describes the url of the server and (21) the port through which you access it. Most all anonymous ftp's use port 21. You may right click and save to disk files on an anonymous FTP, for which the system administrator has set anonymous download permission. This is how Bev and her group snagged the Diebold code!!! Not rocket science...any one of us could have done it!!! In fact, I did myself. That is about as far as I got though...I'm not a coder. Sure am gald some of us are, though...thanks Bev!

A private FTP forces the user to enter a specific user name and a respective password as well as a port to gain access and see or download (depending on the permission set by the adminstrator) the files contained there on. This helps maintain security and allows a system admin to limit your access to certain files on that ftp. This is what a link looks like for a private FTP. It won't work however as the password and username are incorrect...hehehehe.

ftp://GOP:Lover@ftp.democraticunderground.com:21 go ahead and click it and see what happens.

The thing which should first give us pause about Diebold, is that their system administrator was stupid enough to give FTP access to the public, especially when the FTP contained their super secret proprietary code. It does not speak very highly of their security en total, much less the integrity of the code itself.

Hope my little tutorial helped!

RC

puts out two press releases Friday. They are failing badly at damage control, and it will also be interesting to watch their stock price in the next week.
------------------------------------------------------------------

Technical Response To The Johns Hopkins Study On Voting Systems

Diebold is in the process of performing a complete review of the lengthy research article about one of Diebold’s election products, dated Wednesday, July 23.

A prior version of Diebold’s touch screen software was analyzed while it was running on a device on which it was never intended to run, on an operating system for which it was not designed, and with minimal knowledge of the overall structures and processes in which the terminal software is embedded. In addition, many of the weaknesses attributed to the operating system on which the software was tested are inapplicable to the embedded operating system actually used by Diebold. As a result, many of the conclusions drawn by the researchers are inaccurate or incomplete with respect to the security of this particular element of Diebold’s voting system.

The researchers installed and analyzed a prior version of the AccuVote-TS software on a typical personal computer, on which a generally available Microsoft® operating system was installed. This personal computer on which the software was analyzed also had an internet or continuous modem connection, a keyboard, and disk drives. The exploitation of many weaknesses attributed to Diebold’s software resulted from this configuration, which does not exist when the software is used in a Diebold voting terminal.

A continuous or unmonitored internet or modem connection would be necessary in order for last minute or stealth changes to be downloaded to a voting terminal. As installed by Diebold, this voting terminal contains neither. Diebold does not connect its voting terminals to the internet. All downloads to the terminals for purposes of programming take place over a secure connection to an isolated server, to which the voting terminal is generally only briefly connected. Once the changes have been made, the terminal is disconnected, the software tested, the terminal is locked and a tamper-indicating device affixed.

more...

http://www.diebold.com/technical.htm spin, spin, spin...

on edit: spellun'

"A continuous or unmonitored internet or modem connection would be necessary in order for last minute or stealth changes to be downloaded to a voting terminal. As installed by Diebold, this voting terminal contains neither. Diebold does not connect its voting terminals to the internet. All downloads to the terminals for purposes of programming take place over a secure connection to an isolated server, to which the voting terminal is generally only briefly connected. Once the changes have been made, the terminal is disconnected, the software tested, the terminal is locked and a tamper-indicating device affixed."

There has to be one fact in here even if just by accident, but I can't find one. Anyone else want to try?

Looking diligently in there...where's Waldo truth?

Good heavens. Do you get the feeling these guys haven't done crisis PR before?

Bev

... then why does their software have a mouse/keyboard interface?

why do they have programs written specifically for the KEYBOARD PORT????

Hey Diebold!

That press release is so very bad it's funny -- it's like catching your sweaty teenaged son standing in front of the open refrigerator drinking straight from the milk carton and he tells you it's no big deal because he always washes his lips first...

Hi. DU is so useful. This release is now also -->HERE<--.

http://www.scoop.co.nz/mason/stories/WO0307/S00330.htm

This is a better link for people to post as it has a link to the proper context.

http://scoop.co.nz/mason/features/?s=usacoup

Also... you will see my link is now No.2 on Google "Diebold + Voting". Can I encourage people to send links to any media releases - reports they see on this to editor@scoop.co.nz. I can post in our World News wire and Google will pick them up immediately. And it seems give them a good run :)

in a 24 page analysis. :wtf: Is this a canned response for anticipated charges?

A continuous or unmonitored internet or modem connection would be necessary in order for last minute or stealth changes to be downloaded to a voting terminal. As installed by Diebold, this voting terminal contains neither. Diebold does not connect its voting terminals to the internet. All downloads to the terminals for purposes of programming take place over a secure connection to an isolated server, to which the voting terminal is generally only briefly connected. Once the changes have been made, the terminal is disconnected, the software tested, the terminal is locked and a tamper-indicating device affixed.

Translation:
We created several layers of pseudo-security that give the impression that last minute software changes are impossible and that the voting software is meticulously certified. In actual practice, last minute changes are routinely installed and the certification process is a joke.

is ephemeral oranges to hard code apples. On their website this is pathetic though they promise a more thorough "rebuttal". Mainly they try to marginalize and contain the damage by belittling the subject matter. But they can't resist bragging about everything outside the box which the professors are not experts about. The veneer of security reminds me of the breakdown of 9/11 and the huffing and puffing covering insufficiencies in security today.

Their stockholders, their trained election officials, their GOP sponsors and board members are going for the tried and true method. Ignore the facts. Wear them down. The ham-handed shell game. And above all, condescend beside the point.

Electoral Skynet countdown to Judgment Day continues.

Headline: NEWS: Diebold denies voting machine tampering flaws -- but rebuttals don't stand up

I've no doubt Alastair will share the link with you when it's up. Diebold press office will be busy boys tomorrow, we gave the press lots of questions to demand answers for.

Bev

...Blackbox.org, too, please Bev?



Kick!:-) :-) :-)