Election Manipulation and Integrity: Attack Trees and Vulnerabilities - Prof. Timothy Ay, Exams of Information Systems Analysis and Design

Download Election Manipulation and Integrity: Attack Trees and Vulnerabilities - Prof. Timothy Ay and more Exams Information Systems Analysis and Design in PDF only on Docsity!

Election

Integrity

40 years ago

Our brothers died for this

Voting Rights Act of 1965: Meant toreverse the disenfranchisement ofminority voters. Key portions of thisAct are set to expire in August 2007.

Our soldiers died for this

In the 1800s

March 30, 1870: 15

th

Amendment

passed, giving men of color theright to vote

Throughout our history

Our ancestors came for this

Between 1892 and 1924 over22 million people camethrough Ellis Island and thePort of New York, many ofthem seeking citizenship.

Currently, approximately

13 percent of the U.S.

population is Latino.

If this was simple

If this was simplepeople wouldn’t keep dyingJust to give our children the right to vote

Election Security Issues Are RealWhen dealing with public officials:

• Focus on REAL mechanics, not theories- Identify risks- Describe proven exploits- Expect vendor-driven rebuttals

Remember that most election officials aredependent on their vendor for theirupcoming elections.

For more background onvendor dependency, seevideo in Black Box Votingdocument archives: “Vendorsare like family”

Mechanics of Election Manipulation

It’s not about BushBOTH PARTIES obstructing & denyingIt’s not about being “nonpartisan”It’s about defining problem accuratelyIt’s not about the presidential electionIt’s supervisors, primaries, judges…The mechanics are a patchwork: not uniform

Traditional targets

for election

manipulation

:

County supervisors, commissioners, whoallocate construction projects and approve land use; Sheriffs, who

control contraband &

also affect zoning

decisions (traffic

control study sign-off). These local races were

probably the first

beneficiaries of voting machine manipulation.

Identify attack categories

• People- Materials- Procedures
  • Laws & regulations
• Software- Hardware

Improving Election Integrity

Map attack points

• Vote authentication - Vote casting- Data / ballot transfer -

Data consolidation (central tabulation)

• Results reporting- Final canvass
• District mapping- Ballot Access

Voter registration

Ballot design & printing

• Vote suppression

Improving Election Integrity

Real life attack points

Vote casting

• Miscalibrate touchscreens- Pre-stuff ballot box with negative/positive votes

Data / ballot transfer- Create report falsifying program in memory card- Remote attackData consolidation(central tabulation)

• Insert trojan horse script in tabulator - Edit stored business logic

Ballot design, print

• Triggers in ballot ID code- Tampered op-scan calibration - Slight displacement of vote areas

Vote suppression- Ditch absentee ballots at mail processing centerVote authentication

• Arbitrary sig. comparison- Put trigger into voter card activators for touch-screens

Improving Election Integrity

Miscalibrate touch-screens

Palm Beach County, FL

(Sequoia touch-screens):

• 4,313 Voting Machines - Recalibrated 1,475 times Nov. 2

How to Pre-Stuff the Ballot Box

(Diebold precinct-based optical scan)

Memory Cards

Voting

Machine

GEMS

Voting

Machine

Voting

Machine

Don’t look at me

Voting

Machine

Voting

Machine

Voting

Machine

GEMS

Pre-stuff memory cardsto “roll over odometer”

How to Pre-Stuff the Ballot Box

Proof of Concept:Harri Hursti onDiebold opticalscan machine.May 26, Leon County, FL

Most people are familiar with the odometer in a

car, which “rolls over to zero” after 99,

miles. The rollover point in Diebold precinct-

based optical scans is 65,535 votes.