With as much fuss as we raise over the myriad of
Diebold security and stability failures, it looks like we've got it pretty good in the States when compared to the e-voting methods of the Dutch. Their ES3B voting system is based on circa-1980's computing hardware, which seems to be rather lacking in the areas of physical and software security. A few hackers got a hold of a unit and essentially had their way with the machine. Their first order of business was installing a chess program, since Jan Groenendaal of the Nedap/Groenendaal company -- which manufactures the machines -- had responded to the hackers' claims of it being possible with a smarmy "I'd like to see that demonstrated." After they got bored playing chess against a weak sauce 68000 processor with 16KB of RAM, they installed their own "PowerFraud" app to demonstrate methods for generating phony election results, and then went on to do some RF reading that helped them discover ways to wirelessly detect which votes were being registered on the machines by spotting "spurious emissions" from the computer display whenever it gets refreshed. The hackers responsible were kind enough to recommend fixes for most of their hacks, but we would think a bit of a technology refresh could help these Nedap/Groenendaal guys immensely. Or maybe Diebold can give them a ring once they're done botching our elections and they can all work together to further their respective nefarious and democracy-ending aims.
[Via
Hack-A-Day]
Reader Comments (Page 1 of 1)
Average Betty @ Oct 6th 2006 6:35PM
Gee... and we thought people had trouble with the butterfly ballot!
http://www.averagebetty.com
mc @ Oct 6th 2006 6:40PM
what a bul it is not about the tools it is about the people that us them end need to prses the info thats what is bad in this cont end how they do it in holand. maybe is a lott bether end evry bod can do what the did if you have the masch
abraham
Nick @ Oct 6th 2006 6:58PM
wut he said ^^
Scott @ Oct 6th 2006 7:40PM
MC, I have no idea what you just said, therefore I'm going to assume it was either
1. Stupid
2. Ignorant
3. Useless
That is All
crzy @ Oct 6th 2006 8:16PM
What *did* he say?
Igor @ Oct 6th 2006 9:07PM
i trhink he wrote that in dutch and then translated like this
dutch->french->spanish->italian->chinese->dutch->english
NeoteriX @ Oct 6th 2006 9:52PM
Maybe more people will be attracted to come out and vote if after they punch in their vote for their favorite candidate, they can follow it up with a round of Halo capture the flag with the other voters.
Boris714 @ Oct 6th 2006 11:36PM
No matter who plays, it always says "Bush won"
Dp462090 @ Oct 7th 2006 1:10AM
I propose a Deep Blue vs. Dutch Voting Machine in chess match!
Marc @ Oct 7th 2006 3:56AM
Delicate is also the way the hackers got hold of a voting machine: Supposedly they simply called a local goverment and asked for a voting machine for an article about the upcoming elections, pretending to be journalists. This was okay!
Another group in Holland (http://www.wijvertrouwenstemcomputersniet.nl/ (we do not trust voting machines); probalby affiliated with the hackers) is organising busttrips to the ten voting districts still using the old red pencil voting method.
I won;t use that, but I'm seriously thinking about filing an official complaint during voting about 'me unable to verify the registration of my vote'
Joscha @ Oct 7th 2006 5:39AM
Using simplified, 'ancient', technology is actually a bonus for some high-security applications. The Diebold machines run on windows, you can link up to them using a standard modem connection (even during election) and access the content of the voting files and the voting application. Using MS Access, you may change the voting files without leaving a trace.
Not so with the Nedap computers: the Dutch hackers physically opened the device and replaced the EPROMs that contained the voting software. How fair is that? And how far is it from replacing the mainboard?
To be sure, the security of the Nedap machines leaves a lot to be desired (paper trail, verifiable software, authentification of parts). But they are definitely not going to be improved by upgrading them to a pentium and installing MS Windows.
Baby-G @ Oct 7th 2006 9:42AM
STUPID?
USELESS?
WOW!!!!!
THIS WOULD HAVE BEEN ALLOT NICER THEN VOTING FOR BUSH!!!!
i would have liked to play some chess instead of voting for that tupe wearing jackass..... now that im 18 i can vote... and guide this country to it's rightfull place..... instead of voting for jackasses that only do stuff for he rich.... lets play chess....
HB @ Oct 7th 2006 4:57PM
In before obligatory Bush jok- Oh wait.
This is pretty interesting stuff.
JGL @ Oct 7th 2006 5:14PM
Ballots have a pivotal role in republic nations around the world. And the speed with which ballots are counted and gathered does not and cannot out-weigh the value of an uncontestably accurate ballot. Governments must embrace efficiency, it's true. But their citizenry must have full confidence is the efficient manner in which a government conducts itself, otherwise government is wholely useless as a head cut off from the body. The head senses the environment around the body but gathers little of what goes on inside the body.
Spinchange @ Oct 7th 2006 6:19PM
This is inaccurate. A Dutch group of hackers did this to a Diebold machine that's used in Ireland not the Netherlands. I think someone misconnected the dots here
see:http://www.theregister.com/2006/10/05/e-voting/
Juicebeetle @ Oct 7th 2006 7:05PM
It was a Nedap/Groenendaal ES3B machine, not a Diebold one. Even your own link says Nedap.
The 'few hackers' mentioned in the article are actually a "coalition of concerned citizens" calling themselves "We don't trust voting computers" and they were able to BUY two machines off an unnamed municipality in The Netherlands to test the manufacturer's claim it was "hack proof".
The group even give {some of) their names and cell phone numbers on their website. One of them, Rop Gonggrijp, is a very well known 'white hat' hacker in The Netherlands.
http://www.wijvertrouwenstemcomputersniet.nl/English
http://www.wijvertrouwenstemcomputersniet.nl/Nedap-en
http://www.wijvertrouwenstemcomputersniet.nl/images/9/91/Es3b-en.pdf
col @ Oct 7th 2006 8:52PM
What happened was that in 2004 these machines were used in ireland, dublin only. It was later discovered that these machines were found to give out inaccurate results. a report was commisioned and it was from the findings in this report that the dutch hackers used to hack into the e-voting machines.
umopapisdn @ Oct 9th 2006 12:26PM
That's funny. Fully electronic voting is going to take a really long time to get implemented if this is the kind of technology people are aiming for right now.
http://www.lunareclipse.com/?diebold-tries-again