Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States

Falsedawn

.45 ACP
Platinum Member
Joined
Jun 14, 2009
Messages
28,900
Reaction score
15,193
https://motherboard.vice.com/en_us/...ote-access-software-on-systems-sold-to-states

Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States

Remote-access software and modems on election equipment 'is the worst decision for security short of leaving ballot boxes on a Moscow street corner.'

The nation's top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them.

In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had "provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006," which was installed on the election-management system ES&S sold them.

The statement contradicts what the company told me and fact checkers for a story I wrote for the New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. "None of the employees, … including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software," the spokesperson said.

ES&S did not respond on Monday to questions from Motherboard, and it’s not clear why the company changed its response between February and April. Lawmakers, however, have subpoena powers that can compel a company to hand over documents or provide sworn testimony on a matter lawmakers are investigating, and a statement made to lawmakers that is later proven false can have greater consequence for a company than one made to reporters.

Thought this was worth a thread separate from everything else.

Note that these are not voting machines, this is the actual management system.

Election-management systems are not the voting terminals that voters use to cast their ballots, but are just as critical: they sit in county election offices and contain software that in some counties is used to program all the voting machines used in the county; the systems also tabulate final results aggregated from voting machines.

To put this in perspective, imagine you have a critical banking system with transactional information for the past year...and you tape the password to the monitor. That's how idiotic this is.

But let's compound this.

https://gcn.com/articles/2012/01/26/ecg-disabling-remote-pc-software.aspx?m=1

Symantec warns pcAnywhere users of remote software code hack
  • By 1105 Media Staff
  • Jan 27, 2012
Security firm Symantec is advising customers of its pcAnywhere to deactivate the remote desk software after individuals from the Anonymous hacker group allegedly stole the source code of the software.

While the actual theft took place in 2006, Symantec only took the action this week to alert customers after an Anonymous-connected hacker located in India tweeted the release of the Norton Utilities source code Jan. 13.

From 2000-2006, this vendor was installing remote access software on these systems, and in 2006 the source code of the software was compromised (at which point these systems would be considered compromised if the software were on the system). Due to the secretive nature of these installs, how many of those do you think were updated to address the source disclosure? Moreover, why did they lie about it?

Conspiracy theorists, smoke em if you got em.
 
Seems like it would ge easy to open one up and see if it has a wireless NIC
 
Seems like it would ge easy to open one up and see if it has a wireless NIC

Why would it need a wireless NIC? Any system with TCP 5631 open would be vulnerable to pcanywhere exploitation if it was connected to a network in general (which these would have to be). The only way you would be able to verify that they weren't compromised without a forensic investigation is the lack of pcanywhere during the time period in question. If pcanywhere is on there after 2006, i'm assuming they were targeted.
 
So it’s not an outside connection to the voting machines themselves, but rather a connection to a hub that has access to the voting machines.

How the fuck is that any different? Once you’re in the network, then it’s just basic hacking to move further down the line

Voting machines should have 0 connection to any World Wide Web. It should all be a strictly self contained hardwired network at each voting location. Then officials simply report the results on a regular ass secured internet connection to the state official tallyer. The isolated voting machines can all be verified if any discrepancies arise, but you gotta drive your ass to that location and read it off the monitor yourself

Ideally, votes are cast on paper and counted by machines, with boxes of those paper votes kept for 12 years so we can always go back to the original source
 
Why would it need a wireless NIC? Any system with TCP 5631 open would be vulnerable to pcanywhere exploitation if it was connected to a network in general (which these would have to be). The only way you would be able to verify that they weren't compromised without a forensic investigation is the lack of pcanywhere during the time period in question. If pcanywhere is on there after 2006, i'm assuming they were targeted.

I would have assumed they weren't connected to any network at all, but I guess I was wrong. Really dumb to have them on a network
 
I was shocked by how easily the American public accepted electronic voting. Fucking sheep, sorry.
 
So it’s not an outside connection to the voting machines themselves, but rather a connection to a hub that has access to the voting machines.

How the fuck is that any different? Once you’re in the network, then it’s just basic hacking to move further down the line

Voting machines should have 0 connection to any World Wide Web. It should all be a strictly self contained hardwired network at each voting location. Then officials simply report the results on a regular ass secured internet connection to the state official tallyer. The isolated voting machines can all be verified if any discrepancies arise, but you gotta drive your ass to that location and read it off the monitor yourself

Ideally, votes are cast on paper and counted by machines, with boxes of those paper votes kept for 12 years so we can always go back to the original source

Yeah, I pointed that out to show that it's actually worse than having an issue with the voting machine, these are basically the databases used for vote tabulation and whatnot.

To put a hypothetical immoral use case out there, imagine if you just so happened to remote in and say...remove the trust relationship between a voting machine and the database. You could have a fully functional vote machine that doesn't report back to the database, effectively changing vote tallies.

Or, a personal favorite, straight man in the middle. Intercept the data, alter it, and then stream it into the database. You've falsified the tallies without indicating that a tally was even edited.

The implications of this should be far reaching and deadly serious. This is going to make people who are against treating voting infrastructure as critical look very stupid.
 
Wasn't this kind of thing exposed more than a decade ago?
 
voter-fraud.jpg
 
Should void every election where these machines were used and the companies execs should get the death penalty
 
it's no conspiracy, remote software is for convenience, if it werent for remote software, I'de be driving to an office everyday..... F that.

I could have sworn I posted about open source voting software way back, and warroomers were all opposed to that, so what exactly is the solution to this?
 
I was shocked by how easily the American public accepted electronic voting. Fucking sheep, sorry.
you've forgotten about Chad already?
 
How soon until we find out votes were changed? Feels like we've been slowly moving in that direction.

Now that would be a real shit show.
 
it's no conspiracy, remote software is for convenience, if it werent for remote software, I'de be driving to an office everyday..... F that.

I could have sworn I posted about open source voting software way back, and warroomers were all opposed to that, so what exactly is the solution to this?

I want a national ID in accordance with ISO 7816, implemented with PKI. One vote for one private key, verified with a pin. Could also be used for social services and birth information. Basically, kill 20 birds (and social security cards) with one stone.
 
Next step is to uncover all of the connections between individual ES&S employees and anything Republican.

And they don't necessarily even need to be solid connections of course.
 
Back
Top