A DIEBOLD INSIDER SPEAKS! : 'Diebold System One of Greatest Threats Democracy Ha

[Guest guest]

S

Fri, 16 Sep 2005 15:48:37 -0700 (PDT)

A DIEBOLD INSIDER SPEAKS! : 'Diebold System One of Greatest

Threats Democracy Has Ever Known'

 

 

Blogged by Brad on 9/15/2005 @ 11:05am PT...

 

 

( As anyone who has been following these issues knows, there is proof all over

the internet that the elections were rigged. )

 

 

 

* EXCLUSIVE! * A DIEBOLD INSIDER SPEAKS!

DIEB-THROAT : 'Diebold System One of Greatest Threats Democracy Has

Ever Known'

Identifies U.S. Homeland Security 'Cyber Alert' Prior to '04 Election

Warning Votes Can be 'Modified Remotely' via 'Undocumented Backdoor'

in Central Tabulator Software!

 

In exclusive stunning admissions to The BRAD BLOG some 11 months after

the 2004 Presidential Election, a " Diebold Insider " is now finally

speaking out for the first time about the...

 

In exclusive stunning admissions to The BRAD BLOG some 11 months after

the 2004 Presidential Election, a " Diebold Insider " is now finally

speaking out for the first time about the alarming security flaws

within Diebold, Inc's electronic voting systems, software and

machinery. The source is acknowledging that the company's " upper

management " -- as well as " top government officials " -- were keenly

aware of the " undocumented backdoor " in Diebold's main " GEM Central

Tabulator " software well prior to the 2004 election. A branch of the

Federal Government even posted a security warning on the Internet.

 

Pointing to a little-noticed " Cyber Security Alert " issued by the

United States Computer Emergency Readiness Team (US-CERT), a division

of the U.S. Department of Homeland Security, the source inside Diebold

-- who " for the time being " is requesting anonymity due to a

continuing sensitive relationship with the company -- is charging that

Diebold's technicians, including at least one of its lead programmers,

knew about the security flaw and that the company instructed them to

keep quiet about it.

 

" Diebold threatened violators with immediate dismissal, " the insider,

who we'll call DIEB-THROAT, explained recently to The BRAD BLOG via

email. " In 2005, after one newly hired member of Diebold's technical

staff pointed out the security flaw, he was criticized and isolated. "

 

In phone interviews, DIEB-THROAT confirmed that the matters were well

known within the company, but that a " culture of fear " had been

developed to assure that employees, including technicians, vendors and

programmers kept those issues to themselves.

 

The " Cyber Security Alert " from US-CERT was issued in late August of

2004 and is still available online via the US-CERT website. The alert

warns that " A vulnerability exists due to an undocumented backdoor

account, which could [sic: allow] a local or remote authenticated

malicious user [sic: to] modify votes. "

 

The alert, assessed to be of " MEDIUM " risk on the US-CERT security

bulletin, goes on to add that there is " No workaround or patch

available at time of publishing. "

Diebold has fine-tuned its computerized system so that it meets

stringent security requirements. " We have independent verification

that the Diebold voting system provides an unprecedented level of

election security. This is crucial to maintaining the integrity of the

entire voting process, " Swidarski added.

 

 

 

Attempts by The BRAD BLOG to get comment from Swidarski were passed to

one of the Vice-Presidents at Diebold who has not returned our voice

mail message.

 

We did, however, hear back from Diebold Spokesperson David Bear of the

PR firm Public Strategies. He was referred to us by several different

Diebold offices as " the man to discuss voting machine issues with. "

 

Bear claimed to have never heard of the Cyber Alert issued by US-CERT

and when told of it, refused to acknowledge it as anything more than

" an unverified allegation. "

 

" One of the greatest threats our democracy has ever known "

 

Our source expressed emphatically that future democratic elections in

the United States are at stake and feels that the problem will not be

corrected until Congressional action forces the company to do so.

 

" In my opinion Diebold's election system is one of the greatest

threats our democracy has ever known, and the only way this will be

exposed is with a Congressional investigation with subpoenas of not

just Diebold officials but Diebold technicians. "

 

If our experience in discussing the matter with Bear, the man Diebold

referred us to for all matters concerning voting machines, is any

indication, then DIEB-THROAT may be correct. Even a Cyber Alert

Bulletin issued by an official arm of the U.S. Department of Homeland

Security more than a year ago was not enough to phase Diebold. At

least not enough to even inform their public spokesperson about the

matter, apparently.

 

" I don't know anything about it, " Bear claimed when we asked about the

Cyber Alert, and he refused to acknowledge there were anysecurity

concerns about Diebold's Voting Machines or its GEMS Central Tabulator

software.

 

Over and over, by rote, he repeated in response to our questions: " The

GEMS software has been used in hundreds of elections and there's never

been a security issue. "

 

Bear says that " Diebold machines have never lost a single vote, " but

beyond that could not speak to the vulnerability issue since, he said,

" I don't know what vulnerability they're referencing. "

 

We sent the link to the US-CERT Cyber Alert to Bear, but have not yet

heard back from about it. He did, however, send us a copy of the

well-worn Caltech/Massachusetts Institute of Technology report [PDF]

analyzing the 2004 Presidential Election which, Bear pointed out in

his Email, " concludes that the most improvement [in vote-counting and

integrity over 2000] occurred when counties/states changed to touch

screen systems. "

 

DIEB-THROAT was taken aback, but not wholly surprised, when we shared

the comments from Bear denying knowledge of the " backdoor " security

vulnerability in the GEMS software and his contention that there was

nothing more than " allegations. "

 

The vulnerability, and the ability to " manipulate votes " occurs

because the GEMS software uses the public Microsoft Access database

software to store vote totals in a separate data file. And, as

DIEB-THROAT explained, Access is " full of holes. There are so many

ways to get into it. "

 

Because GEMS uses the Access database, " you can enter and manipulate

the file without even entering into GEMS, " our source said in response

ot Bear's denials.

 

" GEMS sits on top of this database and it pretty much feeds

information down to the database from GEMS. It's almost like you're on

the first floor of your house and all of your operating equipment is

in the basement so that anything that happens on the first floor ends

up downstairs. Well, downstairs has a wide open door to it. So we're

dumping all the votes downstairs and that's wide open to the rest of

the computer system. "

 

" A culture of fear "

 

In trying to understand why the U.S. Homeland Security Department's

Cyber Alert didn't force Diebold to make fixes, patches or corrections

quickly available for their software prior to -- or even since -- the

'04 election, DIEB-THROAT repeated over and over that Diebold was

simply " not concerned about security " .

 

" They don't have security solutions. They don't want them...They leave

security policy issues up to the states. They've known about this for

some time. They don't really care, " the source said, comparing the

security flaw to " leaving the front door at Fort Knox open. " It's just

" blatant sloppiness and they don't care. "

 

The versions of the GEMS Central Tabulation software listed on the

US-CERT site are 1.17.7 and 1.18 and DIEB-THROAT says the same

versions of the same software are still in use by States around the

country and haven't had any fixes or patches applied to correct the

problem.

 

Diebold spokesman, Bear, was unable to confirm whether or not Diebold

had updated its GEMS software in any way since the US-CERT Cyber Alert

was released telling us only that " There's different versions of the

software for different needs " and that he didn't know if patches,

fixes or corrections were ever released by the company.

 

" There's always an evolution, " Bear said. " Before any software can be

used it's federally qualified and then certified by the states...Where

different versions are running, I just don't know. "

 

" They're still at that same version number, " DIEB-THROAT said. " A lot

of our customers still have it and there's not been any patch....They

really don't care about this sort of thing. They really don't. People

may find it hard to believe...in other words [the company says] 'we'll

give you a machine to vote on and the rest is up to you. "

 

" This is a very profit motivated company, " the source continued, " they

don't care what happens after the sale. Once they have the contract

they've got the customer tied up pretty good. "

 

Initially DIEB-THROAT claims to have been " brainwashed " by the

pervasive " company line " at Diebold, that all of the talk about

security concerns and the possibility that someone could hack the vote

was the talk of " conspiracy theorists " . Apparently that was -- and is

still is -- " the company line. " But after one of Diebold's head

technicians who works out of their McKinney, Texas facility confirmed

the gaping security hole in the software to our source, it was

understood that these concerns were for real.

 

" Up until his confirmation, I had heard it through the grapevine, as

rumors and such, but he confirmed it for me. The lead technician who

worked on the software, who has a Phd in mathematics and so forth, was

saying that 'this problem exists!' "

 

So why hasn't that technician, or anyone else from within the company

spoken out until now?

 

" This is a culture of fear. Really. Only because we were good friends

did [the head technician] confide in me that these were problems that

needed to be fixed, " DIEB-THROAT said.

 

" They all knew... "

 

In regards to possible remote access to the GEMS Central Tabulator by

modem via phone lines, a way that hackers could easily and simply

change the vote total information in the Access database, Diebold's

official spokesman seemed to be similarly in denial even today.

 

When we asked Bear whether or not the Central Tabulator is still

accessible via modem in their machines, he first denied that it's even

possible, telling us " the Central Tabulator isn't accessable via modem. "

 

When we pressed about whether or not there are still modem

capabilities in the machines and software they sell, Bear admitted,

" There is a modem capability, but it's up to a jurisdiction whether

they wish to use it or not...I don't know of any jurisdiction that

does that. "

 

" Oh, boy. Such lies, " DIEB-THROAT said in response. " There are several

jurisdications that use [the modem capabilities] in the

machines...Probably one of the most robust users of modems is Prince

Georges County in Maryland. They've used it in every election. I

believe they started in 2000. And Baltimore County used them in the

November election in 2004. Fulton County and Dekalb County in Georgia

may have used them in 2004 as well. "

 

While we were unable to hear back in response to messages left with

Election Officials at several of those offices prior to the

publication of this article, a review of " Lessons Learned " after the

November 2004 Election conducted by the Maryland state Board of

Elections obtained by The BRAD BLOG, confirms that modems were used to

access the GEMS Central Tabulator to send in information from

precincts on Election Night.

 

We are still reviewing the complete document, but amongst the findings

in the report is that " the GEMS system froze several times during

heavy modem transmitting periods requiring the system to be rebooted,

which generated delays and prohibited BOE from receiving polling

places' transmissions. "

 

As well, the report concludes, " Modem lines testing in polling place

still problematic; need better coordination with school system. "

 

It also says that " 7% of voting units deployed failed on Election Day "

and that an additional 5% " were suspect based on the number of votes

captured. " The BRAD BLOG hopes to have a follow-up article in the

coming days which looks in more detail at the full Maryland state

Board of Elections report and the alarming rate of failure for Diebold

Touch-Screen voting machines.

 

 

 

When we asked our source if they had any evidence to show that the

security flaw described by the U.S. Dept. of Homeland Security was

actually exploited in the 2004 election, DIEB-THROAT told us only: " I

wouldn't say I have evidence that it was exploited....only that it was

known. To the feds, to state officials and to Diebold. They all knew.

In spite of the gap they move forward as normal...As if it didn't

exist. " http://www.bradblog.com/archives/00001838.htm