Monday, October 3, 2011

Monday 10-03-11

Does your vote really count, maybe not.

Diebold voting machines can be hacked by remote control
Exclusive: A laboratory shows how an e-voting machine used by a third of all voters can be easily manipulated

It could be one of the most disturbing e-voting machine hacks to date.

Voting machines used by as many as a quarter of American voters heading to the polls in 2012 can be hacked with just $10.50 in parts and an 8th grade science education, according to computer science and security experts at the Vulnerability Assessment Team at Argonne National Laboratory in Illinois. The experts say the newly developed hack could change voting results while leaving absolutely no trace of the manipulation behind.

“We believe these man-in-the-middle attacks are potentially possible on a wide variety of electronic voting machines,” said Roger Johnston, leader of the assessment team “We think we can do similar things on pretty much every electronic voting machine.”

The Argonne Lab, run by the Department of Energy, has the mission of conducting scientific research to meet national needs. The Diebold Accuvote voting system used in the study was loaned to the lab’s scientists by VelvetRevolution.us, of which the Brad Blog is a co-founder. Velvet Revolution received the machine from a former Diebold contractor

Previous lab demonstrations of e-voting system hacks, such as Princeton’s demonstration of a viral cyber attack on a Diebold touch-screen system — as I wrote for Salon back in 2006 — relied on cyber attacks to change the results of elections. Such attacks, according to the team at Argonne, require more coding skills and knowledge of the voting system software than is needed for the attack on the Diebold system.

Indeed, the Argonne team’s attack required no modification, reprogramming, or even knowledge, of the voting machine’s proprietary source code. It was carried out by inserting a piece of inexpensive “alien electronics” into the machine.

The Argonne team’s demonstration of the attack on a Diebold Accuvote machine is seen in a short new video shared exclusively with the Brad Blog [posted below]. The team successfully demonstrated a similar attack on a touch-screen system made by Sequoia Voting Systems in 2009.

The new findings of the Vulnerability Assessment Team echo long-ignored concerns about e-voting vulnerabilities issued by other computer scientists and security experts, the U.S. Computer Emergency Readiness Team (an arm of the Department of Homeland Security), and even a long-ignored presentation by a CIA official given to the U.S. Election Assistance Commission.

“This is a national security issue,” says Johnston. “It should really be handled by the Department of Homeland Security.”

The use of touch-screen Direct Recording Electronic (DRE) voting systems of the type Argonne demonstrated to be vulnerable to manipulation has declined in recent years due to security concerns, and the high cost of programming and maintenance. Nonetheless, the same type of DRE systems, or ones very similar, will once again be used by a significant part of the electorate on Election Day in 2012. According to Sean Flaherty, a policy analyst for VerifiedVoting.org, a nonpartisan e-voting watchdog group, “About one-third of registered voters live where the only way to vote on Election Day is to use a DRE.”

Almost all voters in states like Georgia, Maryland, Utah and Nevada, and the majority of voters in New Jersey, Pennsylvania, Indiana and Texas, will vote on DREs on Election Day in 2012, says Flaherty. Voters in major municipalities such as Houston, Atlanta, Chicago and Pittsburgh will also line up in next year’s election to use DREs of the type hacked by the Argonne National Lab.

Voting machine companies and election officials have long sought to protect source code and the memory cards that store ballot programming and election results for each machine as a way to guard against potential outside manipulation of election results. But critics like California Secretary of State Debra Bowen have pointed out that attempts at “security by obscurity” largely ignore the most immediate threat, which comes from election insiders who have regular access to the e-voting systems, as well as those who may gain physical access to machines that were not designed with security safeguards in mind.

“This is a fundamentally very powerful attack and we believe that voting officials should become aware of this and stop focusing strictly on cyber [attacks],” says Vulnerability Assessment Team member John Warner. “There’s a very large physical protection component of the voting machine that needs to be addressed.”

The team’s video demonstrates how inserting the inexpensive electronic device into the voting machine can offer a “bad guy” virtually complete control over the machine. A cheap remote control unit can enable access to the voting machine from up to half a mile away.



“The cost of the attack that you’re going to see was $10.50 in retail quantities,” explains Warner in the video. “If you want to use the RF [radio frequency] remote control to stop and start the attacks, that’s another $15. So the total cost would be $26.”

The video shows three different types of attack, each demonstrating how the intrusion developed by the team allows them to take complete control of the Diebold touch-screen voting machine. They were able to demonstrate a similar attack on a DRE system made by Sequoia Voting Systems as well.

In what Warner describes as “probably the most relevant attack for vote tampering,” the intruder would allow the voter to make his or her selections. But when the voter actually attempts to push the Vote Now button, which records the voter’s final selections to the system’s memory card, he says, “we will simply intercept that attempt … change a few of the votes,” and the changed votes would then be registered in the machine.

“In order to do this,” Warner explains, “we blank the screen temporarily so that the voter doesn’t see that there’s some revoting going on prior to the final registration of the votes.”



This type of attack is particularly troubling because the manipulation would occur after the voter has approved as “correct” the on-screen summaries of his or her intended selections. Team leader Johnson says that while such an attack could be mounted on Election Day, there would be “a high probability of being detected.” But he explained that the machines could also be tampered with during so-called voting machine “sleepovers” when e-voting systems are kept by poll workers at their houses, often days and weeks prior to the election or at other times when the systems are unguarded.

“The more realistic way to insert these alien electronics is to do it while the voting machines are waiting in the polling place a week or two prior to the election,” Johnston said. “Often the polling places are in elementary schools or a church basement or some place that doesn’t really have a great deal of security. Or the voting machines can be tampered while they’re in transit to the polling place. Or while they’re in storage in the warehouse between elections,” says Johnston. He notes that the Argonne team had no owner’s manual or circuit diagrams for either the Diebold or Sequoia voting systems they were able to access in these attacks.

The team members are critical of election security procedures, which rarely, if ever, include physical inspection of the machines, especially their internal electronics. Even if such inspections were carried out, however, the Argonne scientists say the type of attack they’ve developed leaves behind no physical or programming evidence, if properly executed.

“The really nice thing about this attack, the man-in-the-middle, is that there’s no soldering or destruction of the circuit board of any kind,” Warner says. “You can remove this attack and leave no forensic evidence that we’ve been there.”

Gaining access to the inside of the Diebold touch-screen is as simple as picking the rudimentary lock, or using a standard hotel minibar key, as all of the machines use the same easily copied key, available at most office supply stores.

“I think our main message is, let’s not get overly transfixed on the cyber,” team leader Johnston says. Since he believes they “can do similar things on pretty much every electronic voting machine,” he recommends a number of improvements for future e-voting systems.

“The machines themselves need to be designed better, with the idea that people may be trying to get into them,” he says. ” If you’re just thinking about the fact that someone can try to get in, you can design the seals better, for example.”

“Don’t do things like use a standard blank key for every machine,” he warns. “Spend an extra four bucks and get a better lock. You don’t have to have state of the art security, but you can do some things where it takes at least a little bit of skill to get in.”

http://politics.salon.com/2011/09/27/votinghack/

Would this be a bad thing with a worse thing coming?

Bombshell: DOJ Considering Elimination of ATF

Multiple sources, including sources from ATF, DOJ and Congressional offices have said there is a white paper circulating within the Department of Justice, outlining the essential elimination of ATF. According to sources, the paper outlines the firing of at least 450 ATF agents in an effort to conduct damage control as Operation Fast and Furious gets uglier and as election day 2012 gets closer. ATF agents wouldn’t be reassigned to other positions, just simply let go. Current duties of ATF, including the enforcement of explosives and gun laws, would be transferred to other agencies, possibly the FBI and the DEA. According to a congressional source, there have been rumblings about the elimination of ATF for quite sometime, but the move would require major political capital to actually happen.

“It’s a serious white paper being circulated, how far they’d get with it I don’t know,” a confidential source said.

After a town hall meeting about Operation Fast and Furious in Tucson, Ariz. on Monday, ATF Whistleblower Vince Cefalu, who has been key in exposing details about Operation Fast and Furious, confirmed the elimination of ATF has been circulating as a serious idea for sometime now and that a white paper outlining the plan does exist.

Sounds great right? Eliminating ATF? But there is more to this story. Remember, low level ATF field agents, like ATF whistleblower John Dodson, were uncomfortable conducting Operation Fast and Furious from the beginning, but were told by high level officials within ATF that if they had a problem with the operation, they could find a job elsewhere.

“Allowing loads of weapons that we knew to be destined for criminals, this was the plan. It was so mandated,” ATF Whistleblower John Dodson said in testimony on Capitol Hill on June 15, 2011.

In fact, not only were the ATF agents forced to carry out the operation, they were told to go against what they had been taught in training.

“This operation, which in my opinion endangered the American public, was orchestrated in conjunction with Assistant U.S. Attorney Emory Hurley. [Emory Hurley is the same Assistant U.S. Attorney who previously prevented agents from using some of the common and accepted law enforcement techniques that are employed elsewhere in the United States to investigate and prosecute gun crimes.] I have read documents that indicate that his boss, U.S. Attorney Dennis Burke, also agreed with the direction of the case,” Special Agent Peter Forcelli said in testimony on Capitol hill on June 15, 2011.

“I recall my first days at the ATF academy, where it was drilled into us as new agents that under no circumstances would any firearms, in any investigation, leave the control of ATF. Instructors stressed that even if a weapon was lost “by accident,” the agent was still subject to termination,” former ATF Attaché to Mexico Darren D. Gil said in testimony on June 15, 2011.

ATF field agents weren’t the problem with Operation Fast and Furious, high ranking officials within ATF and the Department of Justice were and still are. DOJ would eliminate ATF only to take the heat off of the Obama Administration. By eliminating the bureau, it makes it seem like DOJ is taking Operation Fast and Furious so seriously, they decided to “clear out the corruption, clean house,” however, it would only be a distraction away from the people at the top of the investigation. In fact, evidence shows the DOJ has been stonewalling the Oversight Committee investigation into the operation to protect Obama political appointees.

“It was very frustrating to all of us, and it appears thoroughly to us that the Department is really trying to figure out a way to push the information away from their political appointees at the Department,” former ATF Acting Director Kenneth Melson, who has since been moved to a position within DOJ, said of his frustration with the Justice Department’s response to the investigation in transcribed closed door testimony with the Oversight Committee in July 2011.

When I called the Department of Justice last week (five times) to request the white paper and receive a comment surrounding the idea of eliminating ATF, I received the following response: “Everyone is away from their desk right now.”

Up to this point, the Department of Justice has denied all allegations or involvement in Operation Fast and Furious, yet journalists and the House Oversight Committee have proved allegation after allegation to be true. For example, during a Congressional hearing in July, former ATF Special Agent in Charge William Newell, who has since been promoted to a position within the Justice Department, denied that his agency was trafficking guns to Mexico, despite overwhelming evidence and testimony from other ATF agents proving otherwise.

“At no time in our strategy was it to allow guns to be taken to Mexico,” Newell said on July 26, 2011, adding that at no time did his agency allow guns to walk.

We’ve heard this was a low level, “rogue” operation, turns out high level officials in the Justice Department, DEA, FBI, DHS, and even members of the White House national security team knew about Operation Fast and Furious.

Last week, ATF offered 400 agents buy outs to avoid budget cuts and is expecting 250-275 agents to take the offer through Voluntary Early Retirement. These buyouts come at a convenient time for the Justice Department, which can eliminate ATF, then say it’s because of budget cuts, when really, it’s to cover their tracks.

http://townhall.com/columnists/katiepavlich/2011/09/30/bombshell_doj_considering_elimination_of_atf/page/full/preview

JTAC: 3 Minutes to Change the World

HURLBURT FIELD, FL – As the only qualified Joint Terminal Attack Controller in an operation Oct. 5, 2009, an Air Force Special Operations Command combat controller knew the ground situation would be dire if he died. As an armor-piercing round entered his left shoulder and wrecked havoc throughout his chest, his focus wasn't on his young family in North Carolina, it was on his team.

"I've seen those types of injuries before and time isn't your friend," said the Air Force Cross recipient, Staff Sgt. Robert Gutierrez Jr. "I thought, I have three minutes before I'm going to die. I've got to do something big. Based on that time frame, I'm going to change the world in three minutes."

The team of 30 U.S. Army Special Forces and Afghan National Army commandos was surrounded in a 'Taliban-sympathetic village' in Herat province, Afghanistan. Reports show enemy fighters were positioned on rooftops just 10-feet from the team's position inside a neighboring building. Gutierrez was shot during the 4-hour firefight, which also included sniper and small-arms fire, as well as rocket propelled grenades.

As the combat controller, Gutierrez was the only qualified radio operator communicating with Airmen overhead, providing close air support and real-time battlefield surveillance, critical for the team mission and to be able to evacuate their wounded.

"Combat controllers are the air-to-ground interface, bringing the firepower and communications links to the ground force commander," Gutierrez said. "We bring an extraordinary amount of firepower in a small package, able to shoot, move and communicate at the same time."

Believing he was about to die, the San Diego native refused to remove his body armor, which held his radio, despite two medics repeatedly ordering him to take it off so his wounds could be treated. Gutierrez only relented momentarily, allowing the medic to insert a needle decompression tube just below his collar bone.

A sucking chest wound, common in gunshot victims, fills the chest cavity with blood, collapsing the lungs. The medic's procedure released the growing pressure on his collapsed lung, allowing Gutierrez to breathe and speak - so he got back on the radio. He continued to advise the ground force commander and request close air support of F-16 and A-10 aircraft overhead.

The A-10 pilot said Gutierrez's voice was calm the entire time, and he only knew of his injuries when the team was moving to the medical evacuation landing zone.

"I realized he was shot after the third (and final) strafe pass," said Capt. Ethan Sabin, then assigned to the 354th Expeditionary Fighter Squadron. "He said he would be off of the 'mic' for a few to handle his gunshot wounds, until that point he was calm, cool and collected."

Gutierrez will be awarded the Air Force Cross for extraordinary heroism, superb airmanship, and aggressiveness in the face of the enemy, according to the medal citation. Chief of Staff of the Air Force Gen. Norton Schwartz announced the award Sept. 20 during the Air Force Association convention in Washington D.C.

"It is entirely fitting that the official awarding will occur later when his very proud family might join in the celebration, for this is truly a family affair," Schwartz said. "In the meantime, it gives me special pleasure to ask Sergeant Gutierrez to please rise here with his Air Force family, and allow us the privilege of expressing, in person, our tremendous respect and sincere gratitude for a job spectacularly well done."

In all, Gutierrez suffered a gunshot wound to the upper shoulder and triceps muscle, left chest and lateral muscle, resulting in two broken ribs, broken scapula, a softball-sized hole in his back, a collapsed lung and multiple blood infections, which required three chest tubes, three blood transfusions and seven surgeries. To top it off, the 'danger-close' 30-mm strafing runs ruptured both of his ear drums.

Despite losing five pints of blood and walking 1 ½ kilometers, Gutierrez stayed on the radio calling for his own medical evacuation and ensuring surveillance coverage for the safe return of the ground force team.

Gutierrez credits the U.S. Army Special Forces medic and U.S. Air Force A-10 pilot with saving their lives. During an interview in early 2010, Gutierrez said, "I don't care if I get an award or not. The team was outstanding. I'm just a product of what I've been taught and a product of AFSOC."

Since Sept. 11 there have been four Air Force Cross medals awarded, all to AFSOC Airmen. Gutierrez is the second living-recipient to receive the medal. Staff Sgt. Zachary Rhyner was awarded the Air Force Cross while assigned to the 21st Special Tactics Squadron, Pope Field, N.C., as a combat controller for combat operations April 6, 2008, in Nuristan province, Afghanistan. During that operation, Gutierrez was also a fellow teammate and received the Bronze Star Medal with Valor and Purple Heart.

"There is no doubt his heroic actions under extremely dangerous circumstances, and despite being wounded, saved the lives of his teammates," said Lt. Gen. Eric Fiel, AFSOC commander. "His courage and character is unsurpassed. While I know he is a humble person that does not seek the spotlight, he is so deserving of the Air Force Cross. His actions are just a snapshot of what AFSOC Airmen are doing everyday in our current theater of operations."

Gutierrez was assigned to the 21 STS during the 2009 operation and is currently assigned to the Air Force Special Operations Training Center, instructing future Special Tactics Airmen, so that they may be 'First There...That Others May Live.'

http://www.shadowspear.com/special-operations-news/105767-jtac-cct-afsoc-gutierrez.html

No comments:

Post a Comment