When Super-Tuesday has come and gone...

Security Analysis of the Diebold AccuBasic Interpreter
David Wagner David Jeerson Matt Bishop
Voting Systems Technology Assessment Advisory Board (VSTAAB)
with the assistance of:
Chris Karlof Naveen Sastry
University of California, Berkeley
February 14, 2006

http://www.votetrustusa.org/pdfs/California_Folder/DieboldReport.pdf
Page 13
Impact. The consequence of these vulnerabilities is that any person with unsupervised access to
a memory card for sucient time to modify it, or who is in a position to switch a malicious memory
card for a good one, has the opportunity to completely compromise the integrity of the electronic
tallies from the machine using that card.
Many of these vulnerabilities allow the attacker to seize control of the machine. In particular,
they can be used to replace some of the software and the rmware on the machine with code of
the attacker's choosing. At that point, the voting system is no longer running the code from the
vendor, but is instead running illegitimate code from the attacker. Once the attacker can replace
the running code of the machine, the attacker has full control over all operation of the machine.
Some of the consequences of this kind of compromise could include:
 The attack could manipulate the electronic tallies in any way desired. These manipulations
could be performed at any point during the day. They could be performed selectively, based
on knowledge about running tallies during the day. For instance, the attack code could wait
until the end of the day, look at the electronic tallies accumulated so far, and choose to modify
them only if they are not consistent with the attacker's desired outcome.
 The attack could print fraudulent zero reports and summary reports to prevent detection.
 The attack could modify the contents of the memory card in any way, including tampering
with the electronic vote counts and electronic ballot images stored on the card.
 The attack could erase all traces of the attack to prevent anyone from detecting the attack
after the fact.
 It is even conceivable that there is a way to exploit these vulnerabilities so that changes could
persist from one election to another.
In other words, these vulnerabilities mean that a procedural lapse in one
election could potentially aect the integrity of a subsequent election. However, we would
not be able to verify or refute this possibility without experimentation with real systems.

 It is conceivable that the attack might be able to propagate from machine to machine, like a
computer virus.
----------------------------------
In addition, most of the bugs we found could be used to crash the machine. This might
disenfranchise voters or cause long lines. These bugs could be used to selectively trigger a crash only on some machines, in some geographic areas, or based on certain conditions, such as which
candidate has received more votes. For instance, it would be possible to write a malicious AccuBasic
script so that, when the operator prints a summary report at the end of the day, the script examines
the vote counters and either crashes or continues operating normally according to which candidate
is in the lead.

The impact on the paper ballots (AV-OS). It is important to note that even in the worst
case, the paper ballots cast using an AV-OS remain trustworthy; in no case can any of these
vulnerabilities be used to tamper with the paper ballots themselves.
*Please read more:
http://www.votetrustusa.org/pdfs/California_Folder/DieboldReport.pdf

PROTECTING ELECTIONS
IN AN ELECTRONIC WORLD
Summary
All three of the most commonly purchased electronic voting systems have significant security and reliability vulnerabilities. These vulnerabilities pose a real danger to the integrity of national, state, and local elections. When the goal of an attack on voting systems is to change the outcome of a close statewide election, attacks that involve the insertion of corrupt software are the least difficult attacks. Voting machines that have wireless components are significantly more vulnerable to a wide array of attacks.
Few jurisdictions have implemented any of the key countermeasures that could make the least difficult attacks against voting systems much more difficult to execute.
------------------------------------
Of the 27 states that mandate voter-verified paper trails, only 13 require regular audits. Current federal guidelines for voting systems do not ban wireless components; only two states, New York and Minnesota, ban wireless components in voting machines. Only four states conduct parallel testing statewide. After evaluating more than 120 possible attacks on voting systems for more than a year, the Brennan Center’s Task Force on Voting System Security recommends: (1) automatic routine audits of paper records; (2) parallel testing of voting machines; (3) banning of wireless components on all voting machines; (4) transparent and random selection procedures for parallel testing and audits; (5) decentralized programming and voting system administration; and (6) implementation of effective procedures for addressing evidence of fraud or error.
Brennan Center for Justice at NYU School Of Law
161 Avenue of the Americas, 12th Floor • New York, NY 10013
212-998-6730 • www.brennancenter.org
http://www.federalelectionreform.com/pdf/Voting%20Systems%20Issue%20Brief.pdf

Tell Congress: Pass Emergency Bill for Secure Elections in 2008

Now is your best chance to to help make the 2008 Presidential election verifiable. Please ask your members of Congress to co-sponsor the "Emergency Assistance for Secure Elections Act of 2008”, Representative Rush Holt's bill to provide emergency funding for paper ballots voting systems and random hand counted audits of the November elections.

The Emergency Assistance for Secure Elections Act offers states or counties reimbursement for purchasing paper ballot systems in time for the November elections, and reimbursement for conducting random hand-counted audits of the November election results.

The bill would offer money only for the most reliable voting systems: those that use voter-marked paper ballots, with accessible ballot-marking devices to serve voters with disabilities. By offering crucial funding, Congress can empower state and county officials to do the right thing in time for November.

Rep. Holt's bill could not be more timely. As the Presidential primary season unfolds, 14 states will use paperless electronic system in their primaries, either as the statewide system, or as the system used in many counties.

It doesn't have to be this way in November. Urge your Representative to cosponsor the Confidence in Voting Act. Take action now: please send the letter below (or feel free to edit as you see fit). Thank you!
http://salsa.democracyinaction.org/o/199/campaign.jsp?campaign_KEY=22334