Wednesday, August 12, 2009

Computer scientists reveal new voting machine hack successfully changed votes

A team of computer scientists at University of California, San Diego, the University of Michigan and Princeton University announced a new way to electronically steal votes Monday.

“We wanted to find if a real criminal could do this, starting from scratch, with no access to source code or other closely guarded technical information,” the announcer begins. “We faced several challenges: getting a voting machine, figuring out how it works, discovering a weakness, overcoming the machine’s security features and constructing attack software.”

“In the end we found that it is possible to undetectably change votes and that such an attack takes a lot less time and money than one might expect,” the announcer said.

A Princeton professor was able to acquire five voting machines for just $82 that had been resold on a government surplus website. The acquired machines were originally sold by Sequoia Voting Systems.

While the voting machines were older and had been discontinued by North Carolina, where they were originally used, the voting apparatus are still in use in Louisiana and New Jersey.

Professors and computer science graduate students found that they could switch votes use a technique called “return oriented programming.”

The students theorized that voting machines could be easily broken into by attackers the night before the election, and vote hacking software installed. The following day, machines would produce altered votes without being able to be detected.

The study was done using 16 graduate students and cost a total of $100,000 — a tiny fraction of the money spent by both parties during the 2008 presidential campaign.

This video is from University of California, San Diego, broadcast Aug. 10, 2009.