Olá,
Em teste oficial de resistência ao ataque (teste de penetração) desenvolvido
nesta semana no Condado de Leon na Flórida, ficou demonstrado que é bastante
fácil adulterar os resultados da apuração dos votos nas urnas eletrônicas
fabricadas pela Diebold.
O teste foi desenvolvido pelo especialista em segurança de sistemas Harri
Hursti em conjunto com a ONG Black Box Voting, sob coordenação do Sr. Ion
Sancho, Supervisor Eleitoral do condado, e se demonstrou que é possivel
adulterar o resultado da apuração dos votos com o uso de cartões de memória, o
que era negado com insistência pelo fabricante.
Em consequência disto tudo o Presidente da Diebold, Sr. Walden W. O’Dell,
renunciou ao seu cargo e o Sr. Ion Sancho, Supervisor eleitoral de Leon,
declarou que nunca mais irá utilizar máquinas de votar na Diebold.
As relações desta notícia com o Brasil são:
1) a Diebold é a fabricante de aproximadamente 350 mil urnas eletrônicas
brasileiras;
2) o modelo de urnas fornecidas no Brasil é diferente do modelo fornecido nos
EUA de forma que o teste feito lá não se aplica diretamente a nossas urnas;
3) Desde 2000, a nossa Justiça Eleitoral recusa permissão de testes similares
negando pedidos formais apresentados pelos técnicos do PT e do PDT. Na recusa
dada ao PDT em 2004 o TSE alegou que não era necessário efetuar o teste porque
seria inviável atacar (modificar os votos) as suas urnas-e fabricadas pela
mesma Diebold;
Segue mensagem distribuida pelo fórum da Black Box Voting em:
http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/1954/15595.html
---------------------------------------------------
Posted on Tuesday, December 13, 2005 - 03:42 pm:
Wed. December 14, 2005:
Due to contractual non-performance and security design issues, Leon County
(Florida) supervisor of elections Ion Sancho has announced that he will never again
use Diebold in an election. He has requested funds to replace the Diebold system
from the county. On Tuesday, the most serious “hack” demonstration to date took
place in Leon County. The Diebold machines succumbed quickly to alteration of the
votes. This comes on the heels of the resignation of Diebold CEO Wally O'Dell, and
the announcement that a stockholder's class action suit has been filed against
Diebold by Scott & Scott. Further “hack” testing on additional vulnerabilities
is tentatively scheduled before Christmas in the state of California.
Finnish security expert Harri Hursti, together with Black Box Voting,
demonstrated that Diebold made misrepresentations to Secretaries of State
across the nation when Diebold claimed votes could not be changed on the
“memory card” (the credit-card-sized ballot box used by computerized voting
machines.
A test election was run in Leon County on Tuesday with a total of eight ballots. Six ballots voted
"no" on a ballot question as to whether Diebold voting machines can be hacked or not. Two
ballots, cast by Dr. Herbert Thompson and by Harri Hursti voted "yes" indicating a belief
that the Diebold machines could be hacked.
At the beginning of the test election the memory card programmed by Harri Hursti was
inserted into an Optical Scan Diebold voting machine. A "zero report" was run
indicating zero votes on the memory card. In fact, however, Hursti had pre-loaded the
memory card with plus and minus votes.
The eight ballots were run through the optical scan machine. The standard
Diebold-supplied "ender card" was run through as is normal procedure ending the
election. A results tape was run from the voting machine.
Correct results should have been: Yes:2 ; No:6
However, just as Hursti had planned, the results tape read: Yes:7 ; No:1
The results were then uploaded from the optical scan voting machine into the GEMS central
tabulator, a step cited by Diebold as a protection against memory card hacking. The
central tabulator is the "mother ship" that pulls in all votes from voting
machines. However, the GEMS central tabulator failed to notice that the voting machines
had been hacked.
The results in the central tabulator read:
Yes:7 ; No:1
This videotaped testing session was witnessed by Black Box Voting investigators
Bev Harris and Kathleen Wynne, Florida Fair Elections Coalition Director Susan
Pynchon, security expert Dr. Herbert Thompson, and Susan Bernecker, a former
candidate for New Orleans city council who videotaped Sequoia-brand
touch-screen voting machines in her district recording vote after vote for the
wrong candidate.
The Hursti Hack requires a moderate level of inside access. It is, however,
accomplished without being given any password and with the same level of access
given thousands of poll workers across the USA. It is a particularly dangerous
exploit, because it changes votes in a one-step process that will not be
detected in any normal canvassing procedure, it requires only a single a
credit-card sized memory card, any single individual with access to the memory
cards can do it, and it requires only a small piece of equipment which can be
purchased off the Internet for a few hundred dollars.
One thousand two hundred locations in the U.S. and Canada use Diebold voting
machines. In each of these locations, typically three people have a high level
of inside access. Temporary employees also often have brief access to loose
memory cards as machines are being prepared for elections. Poll workers
sometimes have a very high level of inside access. National elections utilize
up to two million poll workers, with hundreds or thousands in a single
jurisdiction.
Many locations in the U.S. ask poll workers to take voting machines home with
them with the memory cards inside. San Diego County (Calif) sent 713 voting
machines/memory cards home with poll workers for its July 26 election, and King
County (Wash.) sent over 500 voting machines home with poll workers before its
Nov. 8 election.
Memory cards are held in a compartment protected by a small plastic seal.
However, these simple seals can be defeated, and Hursti has found evidence that
the memory card can be reprogrammed without disturbing the seal by using a
telephone modem port on the back of the machine.
The Hursti Hack, referred to as “the mother of all security holes” was first
exposed in a formal report on July 4.
(http://www.blackboxvoting.org/BBVreport.pdf).
Diebold has insisted to county and state election officials that despite
Hursti’s demonstration, changing votes on its memory cards is impossible.
(Public records from Diebold, including threat letter to Ion Sancho:
http://www.bbvforums.org/forums/messages/2197/10535.html)
On Oct. 17, 2005 Diebold Elections Systems Research and Development chief Pat
Green specifically told the Cuyahoga County (Ohio) board of elections during a
$21 million purchasing session that votes cannot be changed using only a memory
card. (Video of Pat Green:
http://www.bbvforums.org/forums/messages/2197/14298.html) Over the objections
of Cuyahoga County citizens, and relying on the veracity of Diebold’s
statements, the board has chosen to purchase the machines.
According to Public Records obtained by Black Box Voting, Diebold has
promulgated misrepresentations about both the Hursti Hack and another kind of
hack by Dr. Herbert Thompson to secretaries of state, and to as many as 800
state and local elections officials.
Stockholder suit filed by the law offices of Scott and Scott:
and http://www.bradblog.com/archives/00002153.htm
Diebold CEO resigns:
http://www.informationweek.com/news/showArticle.jhtml?articleID=175001748
Permission to reprint granted with link to http://blackboxvoting.org
---------------------------------------
[ ]s
Amilcar Brunazo Filho
www.votoseguro.org
EU SEI EM QUEM VOTEI.
ELES TAMBÉM.
MAS SÓ ELES SABEM QUEM RECEBEU O MEU VOTO.
______________________________________________________________
O texto acima e' de inteira e exclusiva responsabilidade de seu
autor, conforme identificado no campo "remetente", e nao
representa necessariamente o ponto de vista do Forum do Voto-E
O Forum do Voto-E visa debater a confibilidade dos sistemas
eleitorais informatizados, em especial o brasileiro, e dos
sistemas de assinatura digital e infraestrutura de chaves publicas.
__________________________________________________
Pagina, Jornal e Forum do Voto Eletronico
http://www.votoseguro.org
__________________________________________________
