DAVID JEFFERSON: ...you can affect multiple machines from a single attack.

There was discussion recently about whether Hursti's Diebold findings included the ability to hack just one machine and then have that hack affect multiple machines. I never saw anyone come forth with the source of that statement (if someone did then I missed it, sorry).

This seems to be the source:



The details of how you accomplish this multiple machine effect aren't provided, but the guy saying it is "a computer scientist who works at Lawrence Livermore National Laboratory", for what it's worth.

...some damned computer expert looks at these machines, the story gets worse. What's up with that? Can't they find anything good?

-------------------

It is obvious that the masterminds that created these machines would also do what they could to keep the evidence of their actions from being easily exposed. Therefore, one can surmise that the evidence of theft would be designed to keep even top-notch statisticians from easily finding the evidence?

While I'm inclined to think they have indeed used the machines for fraud, a good number of the security vulnerabilities that are being discovered are accidental on their part.

It's what happens when a company fuull of cronies makes a product that they don't actually care about.

So there's the backdoors they use, and also the ones they don't know about either, and never really bothered to test for, and probably don't have the expertise to test for for that matter.

Expecting it to get better is like expecting the prognosis for global warming to improve -- the more we know, the more brick walls we will require to bang our heads against.

This is Diebold, right? The company that makes ATM machines that people would steal money from if given half a chance?

That blows about half your ideas right out of the water, eh?

They could easily have kept the machines as tight as ATMs. They chose not to. Diebold has the expertise, they chose to ignore that in-house expertise. Why? Why did they make such sub-standard machines?

(again I reiterate that I think Diebold does do some stuff on purpose and is willfully culpable, not just incompetent. All I'm saying is that they are also incompetent on top of being corrupt.)

The only reason their ATM machines are secure is because their customers demand it -- with a capital D.

With voting machines, they were faced with a bunch of half-asses and political hacks as customers. This is the way our psychotic corporations work: when that happens, they think "cash cow" and produce not the product desired, but a cheap facsimile thereof. Just enough to fool those government officials into signing the checks, because, as we all know, the government just stole that tax money from us in the first place (this is really how these parasites think.)

Moreover, as our psychotic corporations are want, it's even money the people that work on the voting machines at Diebold have probably never even met anyone in the ATM department. Large corporations are schizophrenic, and if you follow IT it would be no surprise at all that one department in Company X produces a good product and another department working three doors down in Company X produces a steaming pile of cockroach droppings. It happens all the time.

And let's not give their ATM machines too much credit either. They could just still be riding the laurels of a good product designed by an older company that they bought (I don't know the history there.)

It's actually kind of funny, in a morbose sort of way, that there are ways to hack Deibold machines that Deibold didn't anticipate. They seem to be counting on general laziness and stupidity to give them exclusive access to their election fraud machine -- entirely in line with the corporate psychotic "personality" profile, BTW, which gets a thrill off risky social manipulation.

I hold that the design is engineered to make the machines quite easily hackable. And the rewards for such a design are far more than just money, it gives power to their friends. They knew it wouldn't last - this way of grabbing power - but they figure once they get it, as they have, there will be no releasing that ultimate power.

They are crooks to the highest degree, and not by accident.

Just that there are holes in them in addition to what was put there on purpose.

I thought I was pretty clear on that.

After one of my recent OpEd pieces in a Eureka daily newspaper, an elderly woman who has worked the polls forever looked me up in the phone book and called to say I had it all wrong. Obviously just because she was experienced at working the polls didn't mean she had read the Berkeley VSTAAB report, or anything done by Hursti, etc. She was skeptical of the information I was telling her because she said she didn't think we could trust just any old news article. I then perplexed her by asking how she knows we should trust the results of an election reported by newspapers that have done nothing to verify the information fed to them by the government (elections department). She became more open. I told her I wanted to give her a printout of the Berkeley report (since she's not online) and she agreed. I wound up putting together a series of documents showing McPherson's criteria for certification, dialog with Diebold, and more. The one thing I didn't include but wanted to was the reference to the quote in the OP. So thanks for posting it.

That implies the problem can be fixed. That tells me that due diligence was not performed before the election. How much would the Repubs be screaming if it was their ox being gored?

outcome of an election? I guess this is the "how to"

While not specifically one machine affecting others, this thread suggests hypothetically how a single person can affect multiple races in multiple locations.

http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=203x438450

HG;)

See Landshark #11 downthread for a link to the WaPo article. And then see my #13 for links to the task force study that the WaPo article was talking about. The task force made a very comprehensive study of ways you could hack various voting or vote counting machines. Some of the ways could be done by a single person and some couldn't.

The David Jefferson quote in the OP, on the other hand, is about a specific exploit of a specific machine.

the ability to multiply effects exponentially is a basic characteristic of computers.

Here's the link to the WA Po article: one person is all it takes:

http://tinyurl.com/eagnz

IMHO, there should not be the implication that this is some kind of "special, one-person technique", nor is it something that's particularly 'fixable"

Thing #1:



Thing #2:



These two things (the one you referenced and the one I referenced) are similar but are not one and the same.

In the one I referenced, Jefferson is talking about some kind of "special, one-person technique" because he is talking about a specific flaw in a specific system that was reported by Hursti.

The study you referenced covers a comprehensive list of theoretical techniques, some of which are "special, one-person techniques" and some of which are not.

The specific flaw reported by Hursti is fixable.

The more general issue with computers being able to multiply a person's effort can't, I agree, be fixed in the general sense. It can however be thwarted in specific implementations with enough attention to details. But maybe what you are getting at is that computers should not be trusted because of their inherent nature and with that I wholeheartedly agree.

BTW, if anyone wants to look at the Brennan task force study (which is very comprehensive and has an impressive list of task force members including Doug Jones, David Dill, Dan Wallach, ...), here are some links:
Executive Summary
Full Report
About the Task Force


_{Edit: format and minor wording}

I do so like things that are different to be differentiated (and, in any case, as you know I am a Cat in the Hat fan).

I'd really like to know what was actually possible in 2004, and what can be/has been fixed (partly because I'd better variance parameters for my vote-theft model), but, like Land Shark, my fear is that in a general sense, digital information is infinitely copiable (and editable) which is why the damn ballots need some kind of corporeal identity (although unlike Land Shark, I think that HR550 is an important step towards ensuring that they do).

Lqwrence Livermore is a very serious collection of talent. The opportunity for an indepenent review of Hursti's work by them really makes the case and enhances Hursti's credibility even more.

Great stuff! K&R