www.blackboxvoting.org/

[Guest guest]

We now have evidence that certainly looks like altering a

computerized voting system during a real election, and it happened

just six weeks ago.

 

MONDAY Nov 1 2004: New information indicates that hackers may be

targeting the central computers counting our votes tomorrow. All

county elections officials who use modems to transfer votes from

polling places to the central vote-counting server should disconnect

the modems now.

 

There is no down side to removing the modems. Simply drive the vote

cartridges from each polling place in to the central vote-counting

location by car, instead of transmitting by modem. " Turning off " the

modems may not be sufficient. Disconnect the central vote counting

server from all modems, INCLUDING PHONE LINES, not just Internet.

 

In a very large county, this will add at most one hour to the

vote-counting time, while offering significant protection from outside

intrusion.

 

It appears that such an attack may already have taken place, in a

primary election 6 weeks ago in King County, Washington -- a large

jurisdiction with over one million registered voters. Documents,

including internal audit logs for the central vote-counting computer,

along with modem " trouble slips " consistent with hacker activity, show

that the system may have been hacked on Sept. 14, 2004. Three hours is

now missing from the vote-counting computer's " audit log, " an

automatically generated record, similar to the black box in an

airplane, which registers certain kinds of events.

 

COMPUTER FOLKS:

 

Here are the details about remote access vulnerability through the

modem connecting polling place voting machines with the central

vote-counting server in each county elections office. This applies

specifically to all Diebold systems (1,000 counties and townships),

and may also apply to other vendors. The prudent course of action is

to disconnect all modems, since the downside is small and the danger

is significant.

 

The central servers are installed on unpatched, open Windows computers

and use RAS (Remote Access Server) to connect to the voting machines

through telephone lines. Since RAS is not adequately protected, anyone

in the world, even terrorists, who can figure out the server's phone

number can change vote totals without being detected by observers.

 

The passwords in many locations are easily guessed, and the access

phone numbers can be learned through social engineering or war dialing.

 

ELECTION OFFICIALS: The only way to protect tomorrow's election from

this type of attack is to disconnect the servers from the modems now.

Under some configurations, attacks by remote access are possible even

if the modem appears to be turned off. The modem lines should be

physically disconnected.

 

We obtained these documents through a public records request. The

video was taken at a press conference held by the King County

elections chief Friday Oct 29.

 

The audit log is a computer-generated automatic record similar to the

" black box " in an airplane, that automatically records access to the

Diebold GEMS central tabulator (unless, of course, you go into it in

the clandestine way we demonstrated on September 22 in Washington DC

at the National Press club.)

 

The central tabulator audit log is an FEC-required security feature.

The kinds of things it detects are the kinds of things you might see

if someone was tampering with the votes: Opening the vote file,

previewing and/or printing interim results, altering candidate

definitions (a method that can be used to flip votes).

 

Three hours is missing altogether from the Sept. 14 Washington State

primary held six weeks ago.

 

Here is a copy of the GEMS audit log.

 

Note that all entries from 9:52 p.m. until 1:31 a.m. are missing.

 

One report that GEMS automatically puts in the audit log is the

" summary report. " This is the interim results report. We obtained the

actual Sept. 14 summary reports, printed directly from the King County

tabulator GEMS program, because we went there and watched on election

night and collected these reports. These reports were also collected

by party observers, candidates, and were on the Web site for King County.

 

Here are summary reports which are now missing from the audit log.

 

Note the time and date stamps on the reports. Note also that they are

signed by Dean Logan, King County elections chief. We have the

original reports signed in ink on election night.

 

What does all this mean?

 

We know that summary reports show up in the audit log.

 

There are other audit logs, like the one that tracks modem

transmissions, but this audit log tracks summary reports.

 

Dean Logan held a press conference Friday morning, Oct. 29. Kathleen

Wynne, a citizen investigator for Black Box Voting, attended the press

conference and asked Dean Logan why three hours are missing from the

audit log.

 

Here is a video clip

 

Logan said the empty three hours is because no reports were printed.

OK. But we have summary reports from 10:34 p.m., 11:38 p.m., 12:11

a.m., 12:46 a.m., and 1:33 p.m. These reports were during the time he

said no reports were run. Either the software malfunctioned, or audit

log items were deleted. Because remote access through the modems is

possible, the system may have been hacked, audit log deleted, without

Logan realizing it.

 

Perhaps there are two of this particular kind of audit log? Perhaps

this is an incomplete one?

 

Bev Harris called King County elections office records employee Mary

Stoa, asking if perhaps there are any other audit logs at all. Mary

Stoa called back, reporting that according to Bill Huennikens of King

County elections, the audit log supplied to us in our public records

request is the only one and the comprehensive and complete one.

 

Perhaps it is a computer glitch?

 

The audit log is 168 pages long and spans 120 days, and the 3 hours

just happen to be missing during the most critical three hours on

election night.

 

Diebold says altering the audit log cannot be done. Of course, we know

a chimpanzee can't get into an elections office and play with the

computer, but to demonstrate how easy it is to delete audit log

entries, we taught a chimpanzee to delete audit records using an

illicit " back door " to get into the program, Diebold told reporters it

was a " magic show. " Yet, Diebold's own internal memos show they have

known the audit log could be altered since 2001!

 

Here is a Diebold memo from October 2001, titled " Altering the audit

log, " written by Diebold principal engineer Ken Clark:

 

" King County is famous for it " [altering the audit log]

 

Here is Dean Logan, telling a Channel 5 King-TV News reporter that

there were no unexpected problems with the Diebold programs. This was

at the " MBOS " central ballot counting facility in King County in the

wee hours of Sept. 15, on Election Night.

 

Here are the trouble slips showing problems with modems. Note that

King County generously provided us with the " secret " information

needed to hack in by remote access. We did redact the specific

information that gives this information to you.

 

Here are more trouble tickets. One that is a concern: " OK to format

memory card? " (This would wipe out the votes in the electronic ballot

box.)

 

Election officials: Disconnect those modems NOW. If you don't: You

gotta be replaced.

Reporters: Some election officials will lie to you. Show your kids

what bravery looks like. Be courageous. Report the truth.

Citizens: Please help us by joining the Cleanup Crew. For now, e-mail

crew to join, since our signup form has been taken

out.