digg

Facebook Connect Join Digg About

Diebold Posts Image of Master Key to Website; Hackers Make Real Master Key

bradblog.com In what has got to be both the stupidest move by Diebold and the most hilarious hack ever, Princeton students take an image of the master key to the Diebold voting boxes on the Diebold website and use it to create a real master key that will open any Diebold voting box. Clever.

Who dugg this? Made popular Jan 25, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

93 Comments

show profanity settings
expand all
  • dsendecki, on 10/12/2007, -1/+156I'm in your Diebolds, killing your democracy.
  • supermanred, on 10/12/2007, -1/+57These are real morons running this diebold company. Posting pictures of master keys????? Using unencrypted excel files to tabulate the results?????????

    *****, if I felt like it I could drive around America on voting day with a palm pilot and make myself president.... no I could make Osama Bin Laden President of the United States!!! WOAH or even worse I could steal a few key counties and make George Bush president!! Oh wait, they already did that.

    Diebold should be burned to the ground. What a disaster of electronic voting. The end of democracy in America is called Diebold.
  • Akaji, on 10/12/2007, -1/+57Wow, so... why are we trusting these people to be in charge of creating voting utilities?
  • zweben, on 10/12/2007, -1/+47"I'm in your Diebolds, killing your democracy."

    That's both funny and scary at the same time.
  • CrimsonBlur, on 10/12/2007, -0/+45Why the hell would you use a photo of the actual keys in the online store? They're keys, we get it, a picture of any key will do if you need one, *****! What morons!
  • Qumahlin, on 10/12/2007, -0/+43Watch the HBO documentary "Hacking Democracy"....their software security is even worse, how do you like the fact that your votes are just stored in a non-encrypted access database that anyone can open and modify if they have access to the computer
  • shtonkalot, on 10/12/2007, -0/+42It's OK we can all relax now as Diebold have removed the image from their website.
    Thank god they did before someone could... oh.
  • scabbers, on 10/12/2007, -0/+35I believe the bigwigs at Diebold include convicted felons.
  • jonjon602, on 10/12/2007, -4/+33even more disturbing....the president of Diebold "promised to deliver ohio to mr. Bush" and look whats happened since
  • ahknight, on 10/12/2007, -0/+20And the video: http://www.youtube.com/watch?v=UfGvSJA20-Y&eurl=
  • heiroglyph, on 10/12/2007, -1/+20President/dictator wannabe...check
    Unreliable elections...check
    Mega-corp feeding off of war...check
    Top government officials getting paid by Mega-corp...check
    Rights eroding daily...check.
    Indifferent citizens...???

    We are SO screwed.
  • masgrada, on 10/12/2007, -0/+18Why go through all the trouble making them, they were right there for 6 bucks!
  • noreturn, on 10/12/2007, -0/+17I can't believe I had better security to protect my textbooks in high school.
  • capiCrimm, on 10/12/2007, -0/+17maybe they just wanted an excuse for when something happens.

    "It wasn't us, someone must have made a key from our website. See, those kids did it!"
    "Why did you do that in the first place, though?"
    "Hey, wanna hear a joke?"
  • shtonkalot, on 10/12/2007, -1/+15[quote]Terrorists? The most likely beneficiaries of this would be the GOP. The CEO of Diebold is a major GOP supporter.[/quote]
    Right! as leobaby said, terrorists.
  • inactive, on 10/12/2007, -5/+17Yeah, the Ohio presidential elections were *****.
    Ohio just elected a Democrat governor with 65% of the vote, and they try to say Bush got 51% in Ohio?
    *****.
  • rockforever, on 10/12/2007, -1/+11They wanted an inexuse alright.
    "Its not our fault, they stole it from out interwebs!"
    "Ban the internet!!1! Its ruining democracy."
  • inactive, on 10/12/2007, -0/+9Those are very cheap keys. i wonder how much they bill the government for the "locking mechanism" on those machines, and then kick back some of the money to whoever gave them the contract.
    the rest of the machine is probably of equally good quality.
  • flamingmb, on 10/12/2007, -2/+11wow that website looks like *****.
  • leobaby, on 10/12/2007, -2/+9Talk about handing terrorists the key to our voting machines...
  • mrgreen4242, on 10/12/2007, -0/+7"You could certainly do a recount with the paper tape the same as you could with the older paper ballots to verify that the machines are working properly. I still can't say that I care for them though because how many times are the results challenged and a handcount is done to verify the results?"

    Those aren't the machines that people are in a fit about. Those are actually probably fairly reliable. You have a large, easy to use touch screen to input data which is then recorded both electronically and on paper that you can see before you approve your ballot. There are actually machines out there that work in the same way, except they don't have a paper trail (believe it or not) at all. Those are the ones people are most concerned about being used - if someone tampers with it there's not really anything you can do about it, in retrospect.

    The best idea I've heard is to have electronic voting and assign each voter, at the time they vote, a random alpha-numeric ID. Post the results of the election, vote by vote, on the web. Anyone can then tally up the votes to check the results AND each person could go and find their single user, random voter ID to verify that their vote is what they entered. Pair this with a paper trail like the machine you used so citizens can call up the election board in their area and have them check the paper record off the machine to see what IT says. There will be voting error (people hitting the wrong keys, etc) but it will be trackable by EACH PERSON and countable by numerous 3rd parties.

    It's a pretty decent idea, doesn't really cost a ton to implement, and gives people a wonderful sense that their vote is, you know, COUNTED.
  • Aikinai, on 10/12/2007, -3/+9Diggmirror didn't work for me but finally I got into the real site, so just in case:

    DIEBOLD VOTING MACHINE KEY COPIED FROM PHOTO AT COMPANY'S OWN ONLINE STORE!
    Princeton University Computer Scientists Confirm 'Secret' Key For Every Diebold Voting Machine 'Revealed' on Company Website!
    [UPDATE] Shutting the Barn Door After the Horse Has Left, Diebold Removes Photo, PLUS: Receives Certification for U.S. Homeland Security Contracts...

    Good lord in heaven. How dumb are these guys at Diebold?! Can you believe the United States has actually entrusted them to build a security system for the original U.S. Constitution, the Declaration of Independence and the Bill of Rights?!

    After everything else. Now comes this.

    It was revealed in the course of last summer's landmark virus hack of a Diebold touch-screen voting system at Princeton University that, incredibly, the company uses the same key to open every machine. It's also an easy key to buy at any office supply store since it's used for filing cabinets and hotel mini-bars! That is, if you're not a poll worker who already has one from the last time you worked on an election (anybody listening down there in San Diego?)

    The Princeton Diebold Virus Hack, if you've been living in a cave, found that a single person with 60 seconds of unsupervised access to the system who either picked the lock (easy in 10 seconds) or had a key, could slip a vote-swapping virus onto a single machine which could then undetectably affect every other machine in the county to steal an entire election.

    But the folks at Princeton who discovered the hack (after our own organization, VelvetRevolution.us, gave them the Diebold touch-screen machine on which to perform their tests) had resisted showing exactly what the key looked like in order to hold on to some semblance of security for Diebold's Disposable Touch-Screen Voting Systems.

    But guess what? Diebold didn't bother to even have that much common sense.

    This idiotic company has had a photograph of the stupid key sitting on their own website's online store! (Screenshot at end of this article.)

    Of course, they'll only sell such keys to "Diebold account holders" apparently --- or so they claim --- but that's hardly a problem. J. Alex Halderman, one of the folks who worked on the Princeton Hack, but who had tried to keep the design of the key a secret for obvious reasons, revealed Tuesday that a friend of his had found the photo of the key on Diebold's website and discovered that it was all he needed to create a working copy!

    Halderman writes:
    The shape of a key is like a password — it only provides security if you keep it secret from the bad guys.
    ...
    Could an attacker create a working key from the [Diebold website] photograph? Ross [Kinard of SploitCast] decided to find out. Here’s what he did:

    I bought three blank keys from Ace. Then a drill vise and three cabinet locks that used a different type of key from Lowes. I hoped that the spacing and depths on the cabinet locks’ keys would be similar to those on the voting machine key. With some files I had I then made three keys to look like the key in the picture.

    Ross sent me his three homemade keys, and, amazingly, two of them can open the locks on the Diebold machine we used in our study!


    Kinard's homemade key --- created only from the photo at Diebold's online store --- is seen opening the machine at Princeton in the video on the left. Unbelievable.

    As to the "security" expected vis a vis these keys, Halderman points out that the key unlocks the compartment on each voting machine where one would slip a memory card containing a virus such as the one created at Diebold over the summer. Most jurisdictions use some form of "security tape" to deter and/or expose such an incident but, as both Halderman and history point out, that "security" provision is both easily defeated and often ignored by elections officials. Machines which have been breached in the past have been kept in service despite the breach instead of removing them immediately as they should be. Such a "security mitigation procedure", if it were actually followed, of course, means that one could also launch a "denial of service" attack simply by breaching the "security seals" of each machine and forcing it immediately offline. There could be nothing left to vote on.

    As is, given the myriad known security vulnerabilities in all of Diebold's electronic voting systems (and those of all of its "competitors") one might already argue that there is little left to vote on. If confidence in that vote being counted accurately is important to ones electoral system, in any case.

    Diebold is the once-great American security company that helped kick off this entire e-voting debacle after it was discovered they left their "secure" source code for their unsecure voting machines sitting out on the net for anyone to download from a public FTP site in 2003. Later, in 2004, just prior to the Presidential Election, a branch of the U.S. Homeland Security Dept. issued a warning about the exploitable backdoor on the company's central e-vote tabulation system (subsequently ignored by all media except for The BRAD BLOG, natch). And if you couldn't figure out how to hack one of their systems from all of that alone, now they've given you the model to build your own key at home! Have fun, kids!

    Anybody seen the U.S. Constitution lately? We know Bush hasn't. But other than that, seriously, maybe someone oughta check the National Archives just to be sure...

    UPDATE 1:31pm PT: Once again, closing the barn door after the horse is gone, Diebold has now removed the photo of the keys from their online store. How they'll be removing it from Google archives and unringing the bell remains to be seen. Our screenshot of the page as it existed until this afternoon is still below.

    All of which, of course, makes the following news even more disturbing than it would already be anyway (Hat-tip BRAD BLOG commenter PatGinSD):
    Diebold, Incorporated (DBD - news), one of the nation's largest security integrators with expertise in the government, commercial, financial and retail markets, has solidified its homeland security presence. The company recently earned certification from the General Services Administration (GSA) to deliver security integration services that meet the requirements of the Homeland Security Presidential Directive 12 (HSPD-12).
  • OBKenobi, on 10/12/2007, -4/+10[quote]Talk about handing terrorists the key to our voting machines...[/quote]

    Terrorists? The most likely beneficiaries of this would be the GOP. The CEO of Diebold is a major GOP supporter.
  • OBKenobi, on 10/12/2007, -1/+6Republic turned Empire. Where have I seen that one before?
  • kevxross, on 10/12/2007, -2/+7And the http://duggmirror.com (site's crashing fast, but duggmirror caught it).
  • conna, on 10/12/2007, -1/+6For a company that can swindle an entire presidential election, they should at least try to appear competent. I hope this bankrupts them.... Idiots..
  • SheriffJWPepper, on 10/12/2007, -0/+5Here's all of the funny Diebold posters. Some are pretty funny.

    http://homepage.mac.com/rcareaga/diebold/adworks.htm

    other than one giving the finger and some profanity, all are SFW that I see.
  • BradBlog, on 10/12/2007, -0/+4Oh...and if ya dugg that one, don't forget Sequoia Voting Systems is just as bad.

    See how pressing the Yellow Button on the back of any Sequoia touch-screen system allows you to vote as many times as you want!

    http://www.bradblog.com/?p=3714
  • BradBlog, on 10/12/2007, -1/+5You're talking about RETAIL fraud, amigo. Ballot box by ballot box. Which is also quite traceable.

    The problem with the Electronic Voting systems made by Diebold (and ES&S and Sequoia and Hart Intercivic) is that a single person can access a single machine and steal an entire election without leaving a trace behind.

    I've been reporting on this stuff at http://BradBlog.com for at least three years now (while the MSM fiddled) and have spoken with one computer scientist and security expert after another. All of who regard this whole debacle as a "grave national security risk".

    Secret software, written by private companies and tested by no one (and don't let 'em fool ya, it's tested by no one) has no place in our public democracy.

    Please sign the Open Letter to Congress by more than 40 non-partisan Election Integrity Orgs calling for a paper BALLOT (not "trail" or "record") for every vote cast in America!
    http://www.VelvetRevolution.us/Campaigns/PaperBallots
  • inactive, on 10/12/2007, -1/+5I don't understand why this isn't a bi-partisan issue. How do the repubs know the midterms weren't rigged. Any non-retarded college student could hack just 1 machine and throw aff a close election.
  • 3dom, on 10/12/2007, -0/+4..which is only vulnerable because they made every damn lock the same
  • Muyoso, on 10/12/2007, -2/+6How the hell does leaking the key to everyone benefit the GOP? If there was some massive conspiracy and Diebold was in it for the republicans, wouldnt they want to keep it all to themselves instead of leak it?
  • Ragnar0k, on 10/12/2007, -0/+3Unfortunately instead of this being heralded as a sign to show the inept nature of voting in the US, all that will happen is politicians scrambling to indite the college student with charges, (probably something vague, like "hacking") and call him/her a terrorist, making the nation display their hatred for the person. It's not their fault, but they are protecting us from the paedophile filled naked nipple showing dirty liberal intertube residents.

    After all, that's far more convenient.

    ``Ragnarok
  • kersny, on 10/12/2007, -0/+3This should be a DEFCON competition:

    "Who can create the top secret master key from the picture first"
    or
    "Who can hack the Government-Contract Might-Change-World-History Voting Machine"
    or simply
    "Hack the Vote"

  • dongiaconia, on 10/12/2007, -1/+4@Akaji
    Why you ask?
    The summation of: Government contracts, the lowest bidder, incompetency and all that I'd guess.
  • vagarach, on 10/12/2007, -0/+3Ineptitude of the first class. Which genius decided to post pictures of a key on their site?
  • WallyAnti, on 10/12/2007, -3/+6No two Democrats are alike. There are actually people out there who don't just vote the party line. That doesn't excuse the Diebold fiasco. No doubt something fishy was going on behind the scenes.
  • SampleSize, on 10/12/2007, -1/+4Jesus ***** we are ***** straight to *****.
  • stimcaps, on 10/12/2007, -0/+3The questions I have are: why do we have to read about this on some obscure blog? Why has the issue of insecure voting machines been almost totally absent from mainstream media? What will it take to make this a major mainstream issue?
  • DavidDigg, on 10/12/2007, -1/+4I don't quite understand how the American people put up with these bogus electronic voting machines. They are completely *****, we're talking Hello Kitty in hardcore porn *****. Seriously, George Orwell was right - we've got Gonzales saying 1+1 = 3, Bush is vague as hell about "dire consequences" if we "lose" in Iraq, whatever "losing" means at this point, and Cheney is calling the shots from behind the curtain. Ten years ago we were rocking! And then we had the war on weaklings, also known as the "Global War on Terror."
  • colincornaby, on 10/12/2007, -0/+3A better question: WHY the hell do they have a web store selling keys to the voting boxes?
  • Qumahlin, on 10/12/2007, -0/+3because they aren't part of the good ole boys club. Not to mention they wouldn't charge enough for it and the US government seems to be distrustful of anyone who dare not to grossly profit from something.
  • Akaji, on 10/12/2007, -0/+3@Cleanlyness: cleanlyness is not a word. "lawl research boi ;)"

    Now that you know how idiotic that sounds, even when applied appropriately, I hope that you will avoid acting like an idiot in the future.
  • BradBlog, on 10/12/2007, -0/+2Actually, they've now done a bait and switch and replaced the page with the mechanical key for one with a digital key card! Classic Diebold stuff. The original story has more details on the latest updates...

    Server is behaving better. At least for now...
  • rodgerdodger5, on 10/12/2007, -1/+3Last time we went to vote, they had one Diebold touchscreen voting machine and then the traditional large fill in the circle paper ballots (which are also counted by and older Diebold scan machine). The election commisioner was standing by the new touchscreen machine and showing people how to use it. I asked her if she was aware of any of the controversy surrounding the machines. She litterally talked to me for 10-15 minutes telling me how secure the machines were, how they kept a paper tape of the votes cast, etc. Quite a little sales pitch from her about the machines.

    I told her that she should really go look the machines up on the internet to find out more about the problems with them. She was unaware of any of the problems with the machines such as the key. She was quite confident in her key card that she kept around her neck and the single use card they gave to each person who voted. She kept showing me the cards over and over again. These new machines do have a paper tape hard copy that you can view while you vote so the count is backed up by paper hardcopy. I am not sure how this could be hacked because you watch the tape print through a little window as you cast each vote. Anyways, our election commissioner is totally sold on them. You could certainly do a recount with the paper tape the same as you could with the older paper ballots to verify that the machines are working properly. I still can't say that I care for them though because how many times are the results challenged and a handcount is done to verify the results?




  • desqjockey, on 10/12/2007, -0/+2At some point 'well we spent the money on Diebold, no going back' wont fly anymore. County Election Boards let technologically unsophisticated people buy machines that did not do the job. Suck it up, fix your process, and spend some more cash. They act like denying that there is a problem is some kind of solution.
    Maybe the Dems will get some kind of national law passed where we are all on the same system. Diebold didnt give them much cash.
  • jake13jake, on 10/12/2007, -0/+2It's especially ridiculous since many of these security flaws are so obvious to avoid.
    Let's see, make a voting booth with curtains, except make it so the damn side of the machine with the lock is visible to everyone. The person nor their vote have to be visible to anyone else, but the side of the machine with the lock? What idiots.
  • pbgswd, on 10/12/2007, -0/+2Dear americans, you are screwed until you get rid of this crap. And only then will you be able to begin the painful long process of unscrewing yourselves from Bush, Cheney, Gonzales, Rice, Diebold, and all the other bad bad people you have running your country into the ground for the sake of their own ideology.
  • Sarkos, on 10/12/2007, -0/+2Winner takes the Presidency!
  • inactive, on 10/12/2007, -0/+2Yes, but Strickland has come out and said he opposes many things that Bush supports.
  • Fetching more discussions...
    Show 51 - 94 of 94 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.