New voting hack uses machines decommissioned by a North Carolina county

A bold new voting hack uses machines decommissioned by a North Carolina county. This hack demonstrates how important it was for the North Carolina legislature to pass one of the strongest verified voting laws in the country.

August 14, 2009
For immediate release

Joyce McCloy, North Carolina Coalition for Verified Voting 336-794-1240

A new voting hack takes over the machine, is practical, and costs only $100,000 to replicate. Computer scientists from three prestigious U.S. universities managed to hack into and steal votes from an electronic voting machine that was designed to resist takeover attempts. The hack comes on the anniversary of North Carolina’s law requiring paper ballots and regulating voting machines and vendors.The machines used in the research were decommissioned paperless voting machines from Buncombe County North Carolina.

This hack uses a return oriented program that was only developed in 2007 – scientists did not inject code into the system, they “reverse engineered” the system. They did not have to invade the ROM “read only memory”. Then the researchers were able to do an extremely clever hack on the system. This “return memory” hack has consequences not just for voting technology, but for computing technology. The hack would be much harder to detect than anything seen so far.

Computer scientists who performed the hack repeat calls for paper ballots in elections to increase transparency and ensure recovery from election problems.
North Carolina’s General Assembly passed such measures 4 years ago this week.

The Public Confidence in Elections Law SL 323 was ratified on August 16, 2005 and approved on August 26, 2005. .

This bill was passed with unanimous vote and full bi partisan support in the wake of a true election debacle in November, 2004: “A Florida-style nightmare has unfolded in North Carolina in the days since Election Day, with thousands of votes missing and the outcome of two statewide races still up in the air.” — AP Newswire, Nov 13 – North Carolina Ballot Blues

SL323 Public Confidence in Elections Became Law 4 years ago:
08/13/2005 Senate Concurred In H/com Sub 08/16/2005
Ratified 08/19/2005 Pres. To Gov. 8/17/2005
08/26/2005 Signed By Gov. 8/26/2005
08/26/2005 Ch. SL 2005-323

Researchers “hack the vote” in real-world e-voting attack by Ryan Paul Aug 13, 09
..Using a technique called return-oriented programming, they were able to circumvent the machine’s built-in safeguards and divert votes—without having access to source code or non-public documentation. … this study goes a step further and shows that it can be done in the wild without privileged access to source code or other specialized materials.

Voting machine hack costs less than $100,000 August 12, 2009
Researchers use a new return-oriented programming attack to change results
By Robert McMillan IDG News Service

The hack wasn’t easy — Halderman estimates that it took about 16 man-months of work to pull it off — but at university salaries that would still be cheaper than most U.S. election campaigns, he said. “The cost of that time was less than $100,000,” he said. The work was done without access to source code or any documentation beyond what is available on Sequoia’s Web site.

But using a new hacking technique, called a return-oriented programming attack, researchers were able to trick the machine into changing the results of an election, according to Alex Halderman, one of the university researchers behind the work. Halderman is with the University of Michigan, but researchers from the University of California, San Diego and Princeton University were also involved in the project. They presented their results at the Usenix 2009 Electronic Voting Workshop, held in Montreal this week.

The researchers tested their results on a machine purchased from a government auction site after Buncombe County, North Carolina, stopped using the voting machines in 2007.

Hang your head, Sequoia e-voting machine; you’ve been hacked again
Aug 13th 2009 Oh, Princeton University, won’t you leave the poor electronic voting machines alone?

The researchers’ 16 page report about the hack tells how the scientists obtained the voting machines. The machines used in the study were:

“machines decommissioned by Buncombe County, North Carolina, and purchased by Andrew Appel through a government auction site….”In 1997, Buncombe County, North Carolina, purchased a number of AVC Advantage electronic voting machines for $5200 each. In January 2007, they retired these machines and auctioned them off through a government surplus web site. Andrew Appel purchased one lot of five machines for $82 in total.”

Other hacks on these machines

Princeton publishes how-to guide for hacking Sequoia e-voting machines
by Tim Stevens posted Oct 24th 2008
Sequoia is now under the microscope and, after a little quality time with the company’s machines, Princeton researchers have filed a 158 page report on the ease of replacing their ROMs and winning yourself an election.

February 8, 2007 Princeton U prof Andrew Appel hacks machine purchased from Buncombe County North Carolina.
“The AVC Advantage can be easily manipulated to throw an election because the chips which control the vote-counting are not soldered on to the circuit board of the DRE. This means the vote-counting firmware can be removed and replace with fraudulent firmware.”

About us: The North Carolina Coalition for Verified Voting is a grassroots non-partisan organization fighting for clean and verified elections. We study and research the issue of voting to ensure the dignity and integrity of the intention of each voting citizen. The NC Voter Verified Coalition has consistently fought for increasing access, participation and ensuring the voter franchise. Contact Joyce McCloy, Director, N.C. Coalition for Verifiable Voting – phone 336-794-1240 – email Join the NC Coalition for Verified Voting website

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: