link to Home Page

Hack the Vote

How to Hack the Vote: the Short Version
Chuck Herrin, CISSP, CISA, MCSE, CEH
'I'm just a voter who happens to be a Professional IT Auditor.'

If the GEMS machine is networked - (I have heard conflicting reports as to whether they are or not)

1) Wander into the building, and quietly put a wireless access point on the same network segment as the Tabulation PC, maybe behind a copier somewhere, and then casually come in from across the street using a laptop and wireless card.

We know they're connected by modems, so:

2) Find the telephone number of the office the PC is located in, and use a “war-dialing” program such as ToneLoc to dial all of the numbers in that exchange looking for a hanging modem. This technique was made famous by the 1983 movie “Wargames” and it still works today. These machines typically have hanging modems installed, so this should be a fairly easy way in.

3) Come in through the Internet. It is reported that many of these machines are connected to the Internet to enable results to be queried using Jresult to pull data from the central PCs. Windows PCs on the Internet are inherently vulnerable, particularly if they’re not behind a firewall. Since a firewall would prevent the legitimate Jresult queries from being made, these machines are likely at extreme risk for being compromised through their Internet connection.

Then there are the REALLY easy ways….

4) If you’re an insider, you already have the phone numbers and any usernames and passwords you may need. Dial into the machine, authenticate normally, and then manipulate the data as explained below.

5) Again, if you’re an insider - walk up to the machine and use the keyboard and mouse. Most poll workers, despite being good, caring people, tend to be political enough to motivate them to volunteer. It’s just human nature to use the tools at your disposal to your advantage, and people have a remarkable knack for justifying even the worst acts if they can convince themselves that the cause is worthwhile.