Voter's Watchdog
 | |  | |  | |  | |  | |  | |  | |  | |  |
Nixon’s 18 minutes of missing tape resulted in his downfall. Karl Rove, White House aide to President George W. Bush, now can’t find thousands of missing e-mails that
Congress wants to see – including some reportedly linked to illegal caging of black voters.
Now, San Diego’s Registrar of Voters owes voters and our Board of Supervisors an explanation for a missing file entry erased off a log from the June 2006 election—a file that
one computer expert suggests could reveal evidence of election tampering in the hotly contested Busby-Bilbray race.
Congress wants to see – including some reportedly linked to illegal caging of black voters.
Now, San Diego’s Registrar of Voters owes voters and our Board of Supervisors an explanation for a missing file entry erased off a log from the June 2006 election—a file that
one computer expert suggests could reveal evidence of election tampering in the hotly contested Busby-Bilbray race.
“HACK” TESTS ORDERED BY SECRETARY OF
STATE PROVE VOTING MACHINES CAN BE
PENETRATED;
WERE SAN DIEGO ELECTIONS TAMPERED
WITH IN ’06?
By Miriam Raftery
On July 30th, California Secretary of State Debra Bowen made a
shocking announcement regarding the “red team hackers” hired to
test whether voting machines used in our elections could be
penetrated by malicious attackers to change votes.
“The independent teams of analysts were able to bypass both physical
and software security measures in every system,” Bowen revealed in a
conference call with media members.
Hackers successfully hacked into Diebold voting machines used here
in San Diego – and even managed to penetrate the GEMS central
tabulator used to count votes countywide. “Carrying the attack
requires only access to a voting system (i.e., someone voting) and not
technical expertise,” the hack team concluded in its report.
Nationally famed election attorney Paul Lehto, who co-founded the
election reform group Psephos along with El Cajon resident Linda
Poniktero, observed that the red team focused on outside attackers.
But he warned, “There’s no serious computer scientist that’s honest
who won’t admit that all bets are off if there is a criminal insider—
and there’s every reason to believe there will be one, because a
successful hacker or rigger gets to be the election official or at least to
influence electon “security” policy for the next election.
This means that if you are looking for an election criminal, or the
good friend of one, look in office.” He added pointedly, “The election
officials are the core problem. The computers cannot be made secure
against these insiders.”
A Campo resident, fears machines could be rigged to affect the
upcoming recall election of town planners who voted for Blackwater
USA’s controversial plan to build a private military training camp in a
national forest. “The caging news and the hackable voting machines
need to be mentioned in the context of Vu, Seiler and Haas on the
safety of our vote,” we were told. “The hackable voting machines
could make a difference in whether Potrero can have its recall
election.”
Michael Vu, recently named Assistant Registrar of Voters for San
Diego County, oversaw the 2004 election in Cuyahoga County, Ohio in
which two of his employers were previously convicted of felony
election rigging in a presidential recount, as this publication has
previously reported. Debra Seiler, San Diego’s new Registrar of
Voters, has previously worked as a sales representative for Diebold, a
maker of election equipment.
Former Registrar Mikel Haas, recently promoted to an oversight
position with the County, has drawn sharp criticism in the past for
failing to secure voting machines before elections. Haas allowed
machines to be taken home by pollworkers weeks before elections and
also admitted in a prior interview with the East County Californian
that he had allowed the GEMS central tabulator to be hooked up to the
Internet. Told that this violated California elections law, Haas later
tried to recant his admission.
HOW HACK TEAMS PENETRATED OUR VOTING
SYSTEMS
Hack teams in Sacramento and the University of California, Santa
Barbara, tested vulnerabilities in Diebold, Sequoia, and Hart Intercivic
voting systems. Testers looked at ballot preparation systems, voting
mechanisms, and vote tallying (counting) systems.
Among the most troubling findings was the vulnerability of Windows
operating systems to outside attacks. “If an attacker can gain
privileged access to the underlying operating system, they can control
the election management system,” the hackers warned, adding that
malicious Trojan horse programs could then be loaded to modify files
and completely control the underlying system.
Results of the hack tests proved conclusively that “the above attacks,
and many like them, can be realized,” the report concluded.
Other tampering mechanisms ranged from crude techniques(such as
unscrewing screws or removing and replacing tape to access voting
machines) to forging voter cards.
For San Diego voters, the tests revealed causes for serious concerns in
Diebold machines used locally to count votes Countywide, including
here in East County.
Testers successfully penetrated the GEMS server—the central system
or brains of the County vote-counting system—by exploiting
vulnerabilities in Windows, giving hackers direct access to voting
data. Testers took security-related actions that went unrecorded by
the GEMS server in its audit logs. The hackers even managed to load
wireless drivers onto the GEMS server that could then be used to
access a wireless device plugged surreptitiously into the back of the
GEMS server.
Testers also bypassed controls on optical scanners using common
household objects, causing machines to shut down, stop counting
ballots at precincts and not inform voters if they had “over voted”
their ballots. They also found a way to rig machines to stop issuing
reminders to voters to check their printed records. On the Diebold
AccuVote TSx systems, testers found numerous ways to overwrite
firmware.
“These attacks could change vote totals,” the report concluded.
Moreover, hackers found that they could escalate access by switching
privileges from those of a voter to those of a poll worker or central
count administration. This enabled them to reset an entire election,
issue unauthorized voter cards, or close polls—with no knowledge of
security keys needed.
Although hackers were able to penetrate all three systems, testers
warned that security flaws found may be only the tip of the iceberg. A
report warns that “all team members felt that they lacked sufficient
time to conduct a thorough examination, and consequently may have
missed other serious vulnerabilities.” One vendor (Hart) refused to
turn over key software, while some testers lacked important security-
related documents.
STATE PROVE VOTING MACHINES CAN BE
PENETRATED;
WERE SAN DIEGO ELECTIONS TAMPERED
WITH IN ’06?
By Miriam Raftery
On July 30th, California Secretary of State Debra Bowen made a
shocking announcement regarding the “red team hackers” hired to
test whether voting machines used in our elections could be
penetrated by malicious attackers to change votes.
“The independent teams of analysts were able to bypass both physical
and software security measures in every system,” Bowen revealed in a
conference call with media members.
Hackers successfully hacked into Diebold voting machines used here
in San Diego – and even managed to penetrate the GEMS central
tabulator used to count votes countywide. “Carrying the attack
requires only access to a voting system (i.e., someone voting) and not
technical expertise,” the hack team concluded in its report.
Nationally famed election attorney Paul Lehto, who co-founded the
election reform group Psephos along with El Cajon resident Linda
Poniktero, observed that the red team focused on outside attackers.
But he warned, “There’s no serious computer scientist that’s honest
who won’t admit that all bets are off if there is a criminal insider—
and there’s every reason to believe there will be one, because a
successful hacker or rigger gets to be the election official or at least to
influence electon “security” policy for the next election.
This means that if you are looking for an election criminal, or the
good friend of one, look in office.” He added pointedly, “The election
officials are the core problem. The computers cannot be made secure
against these insiders.”
A Campo resident, fears machines could be rigged to affect the
upcoming recall election of town planners who voted for Blackwater
USA’s controversial plan to build a private military training camp in a
national forest. “The caging news and the hackable voting machines
need to be mentioned in the context of Vu, Seiler and Haas on the
safety of our vote,” we were told. “The hackable voting machines
could make a difference in whether Potrero can have its recall
election.”
Michael Vu, recently named Assistant Registrar of Voters for San
Diego County, oversaw the 2004 election in Cuyahoga County, Ohio in
which two of his employers were previously convicted of felony
election rigging in a presidential recount, as this publication has
previously reported. Debra Seiler, San Diego’s new Registrar of
Voters, has previously worked as a sales representative for Diebold, a
maker of election equipment.
Former Registrar Mikel Haas, recently promoted to an oversight
position with the County, has drawn sharp criticism in the past for
failing to secure voting machines before elections. Haas allowed
machines to be taken home by pollworkers weeks before elections and
also admitted in a prior interview with the East County Californian
that he had allowed the GEMS central tabulator to be hooked up to the
Internet. Told that this violated California elections law, Haas later
tried to recant his admission.
HOW HACK TEAMS PENETRATED OUR VOTING
SYSTEMS
Hack teams in Sacramento and the University of California, Santa
Barbara, tested vulnerabilities in Diebold, Sequoia, and Hart Intercivic
voting systems. Testers looked at ballot preparation systems, voting
mechanisms, and vote tallying (counting) systems.
Among the most troubling findings was the vulnerability of Windows
operating systems to outside attacks. “If an attacker can gain
privileged access to the underlying operating system, they can control
the election management system,” the hackers warned, adding that
malicious Trojan horse programs could then be loaded to modify files
and completely control the underlying system.
Results of the hack tests proved conclusively that “the above attacks,
and many like them, can be realized,” the report concluded.
Other tampering mechanisms ranged from crude techniques(such as
unscrewing screws or removing and replacing tape to access voting
machines) to forging voter cards.
For San Diego voters, the tests revealed causes for serious concerns in
Diebold machines used locally to count votes Countywide, including
here in East County.
Testers successfully penetrated the GEMS server—the central system
or brains of the County vote-counting system—by exploiting
vulnerabilities in Windows, giving hackers direct access to voting
data. Testers took security-related actions that went unrecorded by
the GEMS server in its audit logs. The hackers even managed to load
wireless drivers onto the GEMS server that could then be used to
access a wireless device plugged surreptitiously into the back of the
GEMS server.
Testers also bypassed controls on optical scanners using common
household objects, causing machines to shut down, stop counting
ballots at precincts and not inform voters if they had “over voted”
their ballots. They also found a way to rig machines to stop issuing
reminders to voters to check their printed records. On the Diebold
AccuVote TSx systems, testers found numerous ways to overwrite
firmware.
“These attacks could change vote totals,” the report concluded.
Moreover, hackers found that they could escalate access by switching
privileges from those of a voter to those of a poll worker or central
count administration. This enabled them to reset an entire election,
issue unauthorized voter cards, or close polls—with no knowledge of
security keys needed.
Although hackers were able to penetrate all three systems, testers
warned that security flaws found may be only the tip of the iceberg. A
report warns that “all team members felt that they lacked sufficient
time to conduct a thorough examination, and consequently may have
missed other serious vulnerabilities.” One vendor (Hart) refused to
turn over key software, while some testers lacked important security-
related documents.
| ©2007 Our Back Fence and Marketing Strategies of California Web Design 760-917-1251 Webmaster@WalterDavisEnterprises.com |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
SERIOUS ALLEGATIONS RAISED AGAINST SAN
DIEGO’S REGISTRAR:
IS ALTERED FILE A SMOKING GUN MASKING
ELECTION THEFT?
Bruce Sims, a computer expert and election reform activist, has
made numerous public records requests in an effort to examine
voting records and security procedures following in San Diego’s
2006 elections. In a letter to Deputy Secretary of State Lowell
Finley, Sims reveals that officials ignored his repeated requests to
view the original audit log.
According to Sims, Seiler told him that she’d provided him with a
copy of the audit log—not the original—and that the log was “post
election.” However, a timestamp indicates the log was Tuesday,
June 6th –date of the primary election and also the contested
Congressional special election in which Republican Brian Bilbray
reportedly defeated Democrat Francine Busby. The Republican-
controlled Congress at that time swore in Bilbray 16 days before
his victory was certified by San Diego’s Registrar.
Lehto filed an unsuccessful court challenge, arguing that Bilbray
should not have been seated by Congress until a hand recount was
completed and the race certified by the Registrar.
Sims recently requested help from San Diego County Counsel
Dennis Floyd, who provided a file that purported to be another copy
of the GEMS audit log.
But although both files were the same size,Sims spotted a
disturbing different: the second file was missing an entry titled
`Connection Everett’ which had apparently been edited out.
“This raises what I consider to be VERY serious concerns,” Sims’
letter stated. If the documents are indeed copies, he noted, then
interim Registrar Mischelle Townsend made “misleading”
statements to the Secretary of State.
Moreover, he concluded that the time stamp of the entry indicated
that “Deborah Seiler’s response was an outright falsehood.” Sims
added that “the editing out of the `Connection Everett’ is some
sort of crime given the State and Federal election material
retention codes.”
If the documents provided were not actual copies of the original
GEMS audit log for the June 2006 election, it raises the question of
why materials were not turned over as required under the public
records act. “Is it possible that the actual record no longer exists--
a more than obvious violation of State and Federal election
material retention codes?” Sims asked.
He also provided documentation suggesting that all memory cards
and touch screens were not tested as required by the Secretary of
State’s office. Sims asked the Secretary of State to investigate
San Diego’s Registrar of Voters. He speculated that the erased
`Connection Everett’ listing might refer to Diebold’s Everett,
Washington location, or to a Registrar employee named Everett
Giles who had Windows Administrator capabilities on the GEMS
server.
What might an insider do with such a connection?
“The Red Team used Windows Administrator access on the GEMS
server to manipulate and corrupt GEMS databases,” Sims stated,
quoting from the hack team’s report on Diebold systems. “These
actions could result in manipulated vote totals or in the inability to
read previously generated ballot definitions if no valid database
backups were available (whether because the backups were not
made or because the backups had also been corrupted),” he added.
The Red Team found such methods from within could not be
tracked by the GEMS audit logs, “allowing malicious GEMS users
to conceal actions they had taken while logged in.”
A request sent to County spokesperson Michael Workman
requesting an interview with Seiler was not responded to by press
deadline.
Sims expressed frustration with Bowen’s office for failing to rectify
what he believes are violations of election codes by San Diego
election officials. Is it time to call the Attorney General into the
picture?” he asked, referring to California Attorney General Jerry
Brown.
Lehto and other election integrity activists, who have long warned
about the vulnerability of electronic voting equipment to hacking,
are now calling on Secretary of State Bowen to decertify machines
that failed the hack tests and require paper ballots, counted at the
polls.
Members of the public who wish to contact Bowen’s office to urge
decertification or voice other views may contact the Secretary of
State at votingsystems@sos.ca.gov.
Revelations of vote-hacking on machines are particularly troubling
for voters in Potrero, a town where a ballot box was once found
burned in a field – evidence that no voting system is invulnerable
to tampering, and that vigilant observation of any vote count is a
must.
“I always vote at Ruffin Road [the Registrar’s office] anymore in
an effort to ensure my vote will count,” said one Campo resident,
who is discouraged by the hack team’s revelations about voting
machines at the Registrar’s office.
Now, they concluded glumly, echoing the sentiments of many area
voters, “I have no confidence in even that.”
DIEGO’S REGISTRAR:
IS ALTERED FILE A SMOKING GUN MASKING
ELECTION THEFT?
Bruce Sims, a computer expert and election reform activist, has
made numerous public records requests in an effort to examine
voting records and security procedures following in San Diego’s
2006 elections. In a letter to Deputy Secretary of State Lowell
Finley, Sims reveals that officials ignored his repeated requests to
view the original audit log.
According to Sims, Seiler told him that she’d provided him with a
copy of the audit log—not the original—and that the log was “post
election.” However, a timestamp indicates the log was Tuesday,
June 6th –date of the primary election and also the contested
Congressional special election in which Republican Brian Bilbray
reportedly defeated Democrat Francine Busby. The Republican-
controlled Congress at that time swore in Bilbray 16 days before
his victory was certified by San Diego’s Registrar.
Lehto filed an unsuccessful court challenge, arguing that Bilbray
should not have been seated by Congress until a hand recount was
completed and the race certified by the Registrar.
Sims recently requested help from San Diego County Counsel
Dennis Floyd, who provided a file that purported to be another copy
of the GEMS audit log.
But although both files were the same size,Sims spotted a
disturbing different: the second file was missing an entry titled
`Connection Everett’ which had apparently been edited out.
“This raises what I consider to be VERY serious concerns,” Sims’
letter stated. If the documents are indeed copies, he noted, then
interim Registrar Mischelle Townsend made “misleading”
statements to the Secretary of State.
Moreover, he concluded that the time stamp of the entry indicated
that “Deborah Seiler’s response was an outright falsehood.” Sims
added that “the editing out of the `Connection Everett’ is some
sort of crime given the State and Federal election material
retention codes.”
If the documents provided were not actual copies of the original
GEMS audit log for the June 2006 election, it raises the question of
why materials were not turned over as required under the public
records act. “Is it possible that the actual record no longer exists--
a more than obvious violation of State and Federal election
material retention codes?” Sims asked.
He also provided documentation suggesting that all memory cards
and touch screens were not tested as required by the Secretary of
State’s office. Sims asked the Secretary of State to investigate
San Diego’s Registrar of Voters. He speculated that the erased
`Connection Everett’ listing might refer to Diebold’s Everett,
Washington location, or to a Registrar employee named Everett
Giles who had Windows Administrator capabilities on the GEMS
server.
What might an insider do with such a connection?
“The Red Team used Windows Administrator access on the GEMS
server to manipulate and corrupt GEMS databases,” Sims stated,
quoting from the hack team’s report on Diebold systems. “These
actions could result in manipulated vote totals or in the inability to
read previously generated ballot definitions if no valid database
backups were available (whether because the backups were not
made or because the backups had also been corrupted),” he added.
The Red Team found such methods from within could not be
tracked by the GEMS audit logs, “allowing malicious GEMS users
to conceal actions they had taken while logged in.”
A request sent to County spokesperson Michael Workman
requesting an interview with Seiler was not responded to by press
deadline.
Sims expressed frustration with Bowen’s office for failing to rectify
what he believes are violations of election codes by San Diego
election officials. Is it time to call the Attorney General into the
picture?” he asked, referring to California Attorney General Jerry
Brown.
Lehto and other election integrity activists, who have long warned
about the vulnerability of electronic voting equipment to hacking,
are now calling on Secretary of State Bowen to decertify machines
that failed the hack tests and require paper ballots, counted at the
polls.
Members of the public who wish to contact Bowen’s office to urge
decertification or voice other views may contact the Secretary of
State at votingsystems@sos.ca.gov.
Revelations of vote-hacking on machines are particularly troubling
for voters in Potrero, a town where a ballot box was once found
burned in a field – evidence that no voting system is invulnerable
to tampering, and that vigilant observation of any vote count is a
must.
“I always vote at Ruffin Road [the Registrar’s office] anymore in
an effort to ensure my vote will count,” said one Campo resident,
who is discouraged by the hack team’s revelations about voting
machines at the Registrar’s office.
Now, they concluded glumly, echoing the sentiments of many area
voters, “I have no confidence in even that.”