How secure are voting machines?

redteamsamurai

Voting, Elections and Security…NOT!

Some folks have requested some more information on the topic of voting machines, some information that is being said about voting irregularities and security in general when it comes to voting machines. I thought it would be a great topic to expand on after my recent information and short report on BotNet attacks we saw on Election day and what this could mean in regards to tampering attempts on the election results.

Hacking voting machines is real

To dispell some of the fud that is going on hacking voting machines is a real issue and yes it is possible. having said that you all shouldn’t go out in the streets and burn down everything you see but read and educate your self first on what needs to be done to actually hack an election. I am not saying our election was hacked (I’d need more evidence to support that) but I am saying it may have been influenced and maybe even some results tampered with. With all things tampering the proof is in the puddling and unfortunately I don’t have any pudding to use as proof.

Anyway voting machines have had security issues for some time, don’t believe me? Well just google security analysis of voting machines, voting machine security, etc. You will get more than enough hits and certainly don’t need to trust me blindly, heck I would also think that 1d10t sometimes has a tinfoil hat on (maybe I do) ;-). Anyway hacking voting machines…

There are multiple companies that manufacture voting software and machines, these companies include:

  • Everyone Counts LLC
  • Dominion Voting Systems Inc.
  • Electron Systems & Software LLC
  • Smartmatic International Corp.
  • HP Hewlett Packard

The companies listed above all have patents and they can be viewed easily. Yes, I said that. Just check and don’t believe everything I say ya lazy dippy. 😉

One company not included in the 2014-2015 list includes a company called Diebold. This company manufactures ATMs as well as voting machines including a model called the AccuVote-TS (yeah cute name….). This machine was used in over 385 counties in Georgia and Maryland back in 2006 elections. There were over 33K machines used and deployed at least of this model and yes it was highly vulnerable to a multitude of attacks.

Extensive tests done by various institutions found that these machines had at least the following security issues:

  1. Malicious software could compromise the machines and steal votes from  candidates and tally this towards intended candidates without detection. (hmm…)
  2. Physical access to machines was a big security issue as they used memory cards that where not scanned for viruses or malicious software. So insert memory card with choice of flashy software, do your voting, watch the magic later on as your candidate won….
  3. AccuVote machines were notoriously susceptible to viruses that could infect them before and after elections.
  4. Multiple issues were also cased by the hardware which was not easily resolved with an AV detector or OS upgrade.

Here are also some of the issues that many voting machines suffer from, these are hardware related, software related and access related. In addition to those issues many threats and tampering could not be detected even when they were done in a lab to prove they were effective. These results are also applicable for other voting machines and are by no means limited to Diebold. Code injection attacks are therefore a very real and considerable threat to multiple voting machine types. Additionally the hardware and operatiing systems used in this and other machines have multiple threat vectors that (when known) can be exploited in a dedicated campaign to infect and tamper with election results in that the tallied numbers do not reflect the actual results. When code that tampers with results is not detected then no one would know unless numbers were also tallied in parallel to the electronic ones.

So lets take a look (briefly) at the attack vectors then and now and put these attack “scenarios” into groups:

  1. Vote-Stealing Attacks
  2. Denial-of-Service Attacks (on machine)
  3. Injection Attack Code
  4. Voting Machine Viruses
  5. Hardware-based Attacks (Firmware, drivers)
  6. Voting Software / Server

These areas are all verified as possible (at least back in 2007) and we assume that any solutions based on them are also still vulnerable (albeit with more work) today.

Conventional Voting

In conventional voting we have four phases:

  1. Authentication
  2. Voting
  3. Counting
  4. Verification

Any one of these areas can be “hacked” if you know the details. Based on current research we know that tallies of multiple counties are sent to a regional server that is then passed on to a central counting / tallying server for total counts. Within this process we have multiple ways in which to tamper and change results of transmissions within the chain. I will not bore you with details but we are talking about supply chain security (in essence) and communication security in particular. If we look at numbers that leave the counties we want to understand how those numbers are send to a regional then state server for storage and counting the total national votes for a election.

Some attacks focus on DDOS (Distributed Denial-of-service-) all the way to tampering with data transfers. For instance MITM (man in the middle) attacks that are common in other areas are also very likely to be used here when the opportunity presents itself.

Data Misinterpretation(not voting machine related)

A newer type of attack that is not directly related to machines but to election tampering is false information planting by agents of a threat actor that wants to tamper with an election. In this case the influence uses botnets on social media or other media channels to influence certain areas that he or she needs to win by injecting false election results into the local media, radio station or local cached sites for a state or county. In the last election we have seen clear signs of this on Twitter and Facebook (none of these outlets stopped or blocked the activities from happening. In many cases Wikileaks and other cyber terrorists / hacktivists used botnets to curb and influenced debates on one candidate in particular (Clinton). The influence was push so intensively that no one questioned the validity of data being released nor the fact that Wikileaks, Snowden and Assange are financed and supported by Russian and Putin. Does this mean that Putin and Russia proactively changed and tampered with the US Elections? I will let you be the judge of that and ask yourself if you have observed any of the following signs of tampering:

  1. Accounts that are created with low, no or minimal friends and followers
  2. Accounts that are friends of known contact people and groups (Wikileaks, etc.)
  3. Accounts that attack any comment and person that comments negatively about the supported candidate
  4. Attacks on any person that say something negative about a protected candidate
  5. Hacked accounts of contrary people, groups or interests against a protected candidate
  6. Sudden data released that “shows” criminal or demoralize activities of an opposing candidate from unverified sources
  7. Out of the ordinary press releases, aggressive behavior or disruptions posing as the opposing candidates followers or members
  8. Hazing, harassing and bombarding of massive messages in an effort to drown out debate of an opposing candidate or its followers.

All of these signs are clearly visible and present in the last election and the proof is there, but don’t believe what I say.  Do your own research find out your truth and ask yourself the questions if they hold up or not. One very clear way to recognize false from fact is by gathering data that can be verified by multiple sources. I do not care if you believe me, I do care that you ask yourself the questions to find out what the truth is of any given situation and if tampering IS possible. Then the work starts of trying to find un-tampered evidence of if something happened or not.  Keep in mind that anyone that goes to these extents of illegal activities to steal an election or votes will do everything possible to stop you from finding evidence and the truth.

Your 1D1ot

Security Noob, Researcher (so not going away….)

Copyright HDN 2016

All attempts to hack this site WILL be hacked back, exposed and logged. I reserve the right to hack back!

 

Some additional research:

https://pdfs.semanticscholar.org/91e8/0a8b547f49ce5f0246704eca60a9c1420b17.pdf

https://www.usenix.org/legacy/event/evt07/tech/full_papers/feldman/feldman_html/

http://www.jatit.org/volumes/Vol34No2/7Vol34No2.pdf

https://blog.cylance.com/cylance-discloses-voting-machine-vulnerability