one of our own on NPR!!!

Driving from Washington to Idaho last night, I was listening to NPR for a bit (I know, I know, but the other stations were static there) and what should I hear but an interview with our very own Jim March! He walked a the interviewer through "how to hack into Diebold election tallies" on the air. Way to go Jim!!! :)


-K

I met him in Houston at a RKBA seminar.

That guy gets around;)

Darn, I just searched the NPR site for an archive... no joy. I was wondering when Jim would get interviewed about this; he's been chasing it for along time before the mass media caught it up as a story.


Good on you Jim.

Pardon the ignorance, but "how to hack into Diebold election tallies" doesn't mean anything to me. Maybe Mr. March could explain it to us as well as NPR? ;)

Balog, a VERY short summary is that the Diebold touch screen voting machines in use in some areas of the country appear to be very insecure and vulnerable to outside manipulation (hacking) to change the vote tallies and results.

Jim has been following this story for a few months now, after Diebold posted some of their internal files on their corporate website (apparently by mistake) and them these files were downloaded by various people across the county. Jim spent a lot of time and effort to crack the encryption on these files to prove that there was vote tally manipulation.


I think that about does it.

Heh. Ya, that was me :).

OK, for the best "initial primer" on this stuff, read my letters on file with the California Secretary of State:

http://www.equalccw.com/sscomment.html

http://www.equalccw.com/sscomments2.html

http://www.equalccw.com/sscomments3.html

What I was walking 'em through was this:

http://www.equalccw.com/dieboldtestnotes.html

And my main Diebold-related page is at:

http://www.equalccw.com/voteprar.html

Ya, in my "spare time" I have this weird hobby...saving Democracy :D.

Jim spent a lot of time and effort to crack the encryption on these files to prove that there was vote tally manipulation.Actually, the way I understand it is that there was no encryption to even hack. It was just open for anyone to look at and do anything they want with as long as they had a database program like Access (standard with any Microsoft Office software package).

Just let US know how to rig the results.

:D

Ya, in my "spare time" I have this weird hobby...saving Democracy :D

Well, as long as you don't wear blue tights and red underwear on the outside like that pansy Superman, that's fine by me. :neener:

TheOtherOne: actually, some of the files Bev Harris scooped up were "lightly encrypted" with ZIP file password protection. Some had already fallen to dictionary attacks before I got involved; I showed how to nail all of the rest save one with the "plain text attack method" (Diebold uses Visual Basic runtimes, never changed the version, so if you have one GEMS install from which to extract runtime files you can crack all the rest).

There's one data file we're still working on, that's highly suspicious:

http://www.beowulf.org/pipermail/beowulf/2003-September/007902.html

Topgun: cute. The reality is, for a general member of the public to use the techniques Bev Harris and I have documented would be difficult at best, even for us. Cracking any one particular county would be a pain, as you'd have to figure out the phone numbers in use on the GEMS modem pool and/or hack past the county firewall if they were stupid enough to put the central vote-count box (GEMS) on the county LAN (which some do).

But the COUNTIES THEMSELVES can booger the vote six ways from Sunday. And according to San Luis Obispo elections officials, Diebold routinely collects the data necessary to do such hacks when their techs are onsite.

Yes, it's possible that maybe one or two counties nationwide could get "outside hacked" during a major election. But it would be ridiculously easy for a small "black hat crew" of 5 to 8 people inside Diebold to do it nationwide. They'd need one person communicating with the field techs, one helping build the systems before they're shipped to the county, at least one of the programmers, a manager and one or two political consultants figuring out which races to hack. And one guy managing the "war-dialer room" with about 100 PCs in it that dial into GEMS boxes and upload nasty little scripts on election night.

Cocaine import rings have stayed under the radar for years with more people than that.

As a cryptographer..

If you need to know the complex math behind cryptography that is (not) used in the systems but should be.. let me know..

Any questions about biometrics, any security software or device you can possibly think of or have heard of, just ask.. I'll be more than happy to answer your questions..

(Like why is biometric based guns just dumber than snot)

and as for Jim saving democracy..

Naw.. He's trying hard to save THE REPUBLIC.. which is what we are..:D

I have a firm enough grounding in crypto to know they are REALLY screwing up. Bigtime.

:barf:

(Twoblink: it would be technically improper to say "saving THE Democracy", but not improper to save democracy as a concept that underscores the Republic. Besides, y'all know tounge is firmly in cheek, right? :neener: )

Jim: GOOD WORK! Thank you!

You are mentioned at every other meeting of the Sunnyvale Rod and Gun Club... between the club (1%) and everyone else in the Bay Area (who listen to NPR) I guess the word is getting out.

-s

Sven: what's the odds you can get me a speaking slot there? No fee of course, it's part of what I do under the CCRKBA hat...

Jim..

You save what you need to save, as long as you make sure you save the pretty women :neener:

As a professional cryptographer, we have a standard set of 20 or so attacks we run down the list to make sure a system is "reasonably secure".. When we did that for the San Fran proposal of an electronic election ballot box, it failed all of them..:rolleyes:

Jim, you've got my email. anything you need cracked... email it; and I'll see what I can do in my spare time :-)

I never took the cryptography class offered at my school; I found the midterm and final online, and I cracked them both (total of 6 questions) in about 2 hours.. :D

I heard Jim the other day in the 'This American Life' segment Good one Jim!

- Gabe

argument on packing.org a few days ago.
the guy attacking Jim couldn't spell and
came off as even dumber then myself,no easy task!

There is a Realplayer file of Jim's interview at http://www.thislife.org/ra/250.ram .

Jim is on Act One "Rock, Paper, Computer". Act One starts at about 5:20 into the program.

BTT

Gunsmith: can you get me a link to the packing.org thread?