The Hursti Hack was a successful attempt to alter the votes recorded on a Diebold optical scan voting machine. The hack is named after Harri Hursti.
The participants were:
In a series of four tests conducted in Feb., May, and Dec. 2005, Ion Sancho invited Black Box Voting to Tallahassee after an invitation to check the Diebold machines. Black Box Voting engaged the services of Dr. Herbert Hugh Thompson and Harri Hursti. [1] Dr. Thompson and Hursti believed they could change or hack vote totals without the system detecting entry. The first two projects targeted the computer program that adds up all the voting machine results and produces the final report. On Feb. 14 and again on May 2, Thompson successfully hacked the Diebold GEMS central tabulator and bypassed all passwords by using a Visual Basic script. This, however, would be detected in a vigilant environment if the supervisor of elections checks the poll tapes (voting machine results) against the central tabulator report.
For purposes of demonstration, an election was run using Leon High School as a model. The results of the first hack are shown below.
Leon High School (pre-hack) | |||
---|---|---|---|
Candidate | Votes | Percentage | |
Bud Baker | 623 | 54.79% | |
Thomas Guthrie | 192 | 16.89% | |
Nadiyah Smith | 322 | 28.32% |
Leon High School (post-hack) | |||||||
---|---|---|---|---|---|---|---|
Candidate | Votes | Percentage | |||||
Bud Baker | 623 | 10.71% | |||||
Thomas Guthrie | 192 | 3.30% | |||||
Nadiyah Smith | 5000 | 85.98% |
To show that both the results tapes and the central tabulator could be hacked, Black Box Voting then engaged the services of Hursti to hack the poll tapes. Black Box Voting purchased a card reader from the internet and Hursti used it to produce counterfeit memory cards, which successfully altered the voting machine results tapes on May 26, 2005. [2]
A fourth trip to Tallahassee was made on Dec. 13, 2005. Black Box Voting and the producers of the film Hacking Democracy organized the test. Attending were Harris and Kathleen Wynne from Black Box Voting, Hursti, Thompson, along with Susan Pynchon of Florida Fair Elections Coalition from Volusia County, Florida, and Susan Bernecker, a former candidate for New Orleans city council who videotaped Sequoia-brand touch-screen voting machines in her district recording vote after vote for the wrong candidate. [3] During his research, Hursti found that Diebold's cards allowed negative votes. Hursti successfully altered the votes using only a memory card, producing a one-step hack that simultaneously altered both the central tabulator results and the voting machine results tapes for matched (but rigged) results. "I would have had no way of knowing," said Sancho. "I would have certified this election."
Three voting machines hacking tests have been performed by Finnish computer expert Harri Hursti for the nonprofit elections watchdog group Black Box Voting [4] and the producers of Hacking Democracy [5] who filmed it. The first two Hursti Hacks were set up in Leon County, Florida with the authorization of Supervisor of Elections Ion Sancho and these tests examined a Diebold Election Systems (DES) Accu-Vote OS 1.94w (optical scan) voting machine. The third Hursti test was conducted for Black Box Voting in collaboration with Bruce Funk, then-County Clerk of Emery County, Utah, on a Diebold TSx touch-screen.
The tests by Hursti were the third (May 26, 2005) and fourth (Dec. 13, 2005) in a series of five voting machine examinations produced by the Black Box Voting group. The first four tests were authorized by Supervisor of Elections for Leon County, Ion Sancho to ascertain whether votes could be altered on a Diebold voting machine. Tests on Feb. 14, 2005 and May 2, 2005 were conducted on the Diebold GEMS central tabulator by Herbert Hugh Thompson, who proved that results reports could be altered without a password by using a Visual Basic script. The third and fourth tests were memory card tests performed by Hursti. The fifth test took place with both Hursti and Thompson in Emery County Utah.
During Hursti's first memory card hack on May 26, 2005, he altered the program that creates the "poll tapes", or voting machine results reports. However, this hack would be detected if the supervisor of elections compared the poll tape results with the GEMS central tally report. The GEMS tally report can be hacked to match, as demonstrated during two earlier Black Box Voting projects in Leon County with Herbert Thompson. Thompson successfully manipulated the GEMS tally program using a Visual Basic script.
The May 26 version of the Hursti memory card hack would require two steps to succeed without detection in a vigilant election setting: Both the memory card and the GEMS tabulator program would need to have matching hacks. [6]
During a videotaped meeting in Cuyahoga County, Ohio, DES Research and Development chief Pat Green stated that checks and balances would detect the tampering and that it would not be possible to alter the votes themselves on the memory card.
However, during the Dec. 13 2005 testing, Hursti successfully altered the votes on the memory card. His memory card manipulations falsified both the voting machine results tapes and the GEMS central tabulator report. Leon County Supervisor of Elections Ion Sancho stated that he would have had no way to detect the tampering and would have certified the election.
The Hursti memory card hack performed in Leon County on Dec. 13, 2005 is a variation on stuffing the ballot box prior to any votes being cast. Hursti had pre-loaded the memory card giving one candidate 5 positive votes and one candidate 5 negative votes to create a "zero report." This keeps the machine accurate in votes cast compared to number of voters.
"What we are going to do here is modify one card and then bring it to the election provider's Ion Sancho's office, log it has the real card...if in any election as to the real election system and run ballots through and that's the same system which have been used in a number of previous elections...and we'll see that what is the power in the ballot box, this should be an empty box containing the votes but it has more capabilities than that."
— Harri Hursti, Tuesday, December 13, 2005. [7]
Actual paper ballots were used pre-printed with the following question: "Can the votes on this Diebold system be hacked using the memory card?"
Ballots Cast By Participants | ||
---|---|---|
Participant | Yes or No | |
Bev Harris | No | |
Thomas James | No | |
Ion Sancho | No | |
Susan Bernecker | No | |
Susan Pynchon | No | |
Kathleen Wynn | No | |
Hugh Thompson | Yes | |
Harri Hursti | Yes | |
TOTAL: | 6 NO 2 YES | |
Actual Results By Diebold Machine | ||
YES | NO | |
7 | 1 |
Since Hursti was the technical advisor he was asked by Sancho to remain outside of the test area. Selection of the voting machine was done by random draw. Machine #15191 was pulled as the random machine. [8] Hursti only touched the memory card but did not come into contact with any machines.
Seven participants made out their ballots using the opti-scan paper sheets (Hursti remaining outside the test area). Sancho then went to Hursti and gave him a ballot which Hursti filled out. Hursti then gave Sancho the memory card to insert into the machine. The operation of the machine was explained by Sancho to those in attendance and the card inserted and machine turned on which then produced the "zero total tape." The tape produced zero votes cast. The test ballots were then inserted into the Diebold machine followed by the "ender card" (same size as ballot) was inserted telling the machine to turn off its counting function and start its reporting function. The machine then produced a paper tape with 7 yes votes and 1 no vote.
This test demonstrated that Diebold Election Systems made misrepresentations to Secretaries of State across the nation when the company claimed votes could not be changed on the memory card, the credit card-sized ballot box used by computerized voting machines. More seriously Diebold Election Systems claimed in writing to state election officials that the Diebold memory cards did not contain any executable code. In fact the memory cards did contain executable code - likened to 'a living thing' inside the cards - and it was this executable code that hacking expert, Harri Hursti, used to defraud the Diebold voting system.
Furthermore, DES wrote a press release referring to the famous vote changing 'Hursti Hack', stating that - "Harri Hursti is shown attacking a DES machine in Florida. But his attack proved later to be a complete sham." In response to the test election, California's Secretary of State commissioned a special report by scientists at UC Berkeley to investigate the 'Hursti Hack'.
The UC Berkeley scientists wrote a Special Report On The Diebold Accuvote Voting Machine. Page 2 of their report states:
"Harri Hursti's attack does work: Mr. Hursti's attack on the AV-OS is definitely real. He was indeed able to change the election results by doing nothing more than modifying the contents of a memory card. He needed no passwords, no cryptographic keys, and no access to any other part of the voting system, including the GEMS election management server." [9]
A spokesman for DES said it was similar to "leaving your car unlocked, with the windows down and keys left in the ignition and then acting surprised when your car is stolen." [10]
The test election was filmed and shown in the conclusion of the Emmy nominated HBO documentary, Hacking Democracy , which premiered November 2, 2006." [11] [12] [13]
In 2006, Black Box Voting was invited by Emery County, Utah County Clerk Bruce Funk to examine the DES TSx touch-screen. Black Box Voting arranged for the services of Hursti and Black Box board member Jim March, who traveled to Utah March 1 and 2, 2006. Hursti discovered numerous security flaws, the most egregious being the ability to reload the entire operating system and the ability to replace the boot loader simply by inserting a memory card with a specific program name. [14] Hursti discovered that the system would accept macros in a manner that posed a risk to election security. Jim March opened the case of the TSx and photographed its interior, discovering a hidden SD wireless slot and piggyback connectors under the standard modem, both enabling the machine to be equipped for wireless communications without the knowledge of election directors. [15]
After seeing how serious the problems were, Black Box Voting engaged the services of Herbert Thompson, then head of the security company Security Innovation, to provide an independent opinion. Both Hursti and Thompson conducted a second series of tests on March 16 and 17, 2006 to confirm findings, which prompted emergency warnings and last minute corrective actions in Pennsylvania, California, and other states. [16]
Premier Election Solutions, formerly Diebold Election Systems, Inc. (DESI), was a subsidiary of Diebold that made and sold voting machines.
A voting machine is a machine used to record votes in an election without paper. The first voting machines were mechanical but it is increasingly more common to use electronic voting machines. Traditionally, a voting machine has been defined by its mechanism, and whether the system tallies votes at each voting location, or centrally. Voting machines should not be confused with tabulating machines, which count votes done by paper ballot.
Bev Harris is an American writer, activist, and founder of Black Box Voting, a national, nonpartisan elections watchdog group. She helped popularize the term "black box voting", while authoring a book of that title.
Black box voting signifies voting on voting machines which do not disclose how they operate such as with closed source or proprietary operations. If a voting machine does not provide a tangible record of individual votes cast then it can be described as black box voting.
An electronic voting machine is a voting machine based on electronics. Two main technologies exist: optical scanning and direct recording (DRE).
Vote counting is the process of counting votes in an election. It can be done manually or by machines. In the United States, the compilation of election returns and validation of the outcome that forms the basis of the official results is called canvassing.
Voter verifiable paper audit trail (VVPAT) or verified paper record (VPR) is a method of providing feedback to voters who use an electronic voting system. A VVPAT allows voters to verify that their vote was cast correctly, to detect possible election fraud or malfunction, and to provide a means to audit the stored electronic results. It contains the name and party affiliation of candidates for whom the vote has been cast. While VVPAT has gained in use in the United States compared with ballotless voting systems without it, hand-marked ballots are used by a greater proportion of jurisdictions.
Election Systems & Software is an Omaha, Nebraska-based company that manufactures and sells voting machine equipment and services. The company's offerings include vote tabulators, DRE voting machines, voter registration and election management systems, ballot-marking devices, electronic poll books, ballot on demand printing services, and absentee voting-by-mail services.
A DRE voting machine, or direct-recording electronic voting machine, records votes by means of a ballot display provided with mechanical or electro-optical components that can be activated by the voter. These are typically buttons or a touchscreen; and they process data using a computer program to record voting data and ballot images in memory components. After the election, it produces a tabulation of the voting data stored in a removable memory component and as printed copy. The system may also provide a means for transmitting individual ballots or vote totals to a central location for consolidating and reporting results from precincts at the central location. The device started to be massively used in 1996 in Brazil where 100% of the elections voting system is carried out using machines.
The Volusia error was an incident that occurred during the 2000 United States presidential election in Florida.
Ion Voltaire Sancho was an elected official who served Leon County, Florida, as Supervisor of Elections for 28 years, from 1989 to 2017. During his time in office, he was admired for his integrity as a voter advocate and elections expert, and became nationally known for his role in the Florida presidential election recount of 2000. He was also known for his appearance in the 2006 investigative documentary Hacking Democracy.
Hacking Democracy is a 2006 Emmy nominated documentary film broadcast on HBO and created by producer / directors Russell Michaels and Simon Ardizzone, with producer Robert Carrillo Cohen, and executive producers Sarah Teale, Sian Edwards & Earl Katz. Filmed over three years it documents American citizens investigating anomalies and irregularities with 'e-voting' systems that occurred during the 2000 and 2004 elections in the United States, especially in Volusia County, Florida. The film investigates the flawed integrity of electronic voting machines, particularly those made by Diebold Election Systems, exposing previously unknown backdoors in the Diebold trade secret computer software. The film culminates dramatically in the on-camera hacking of the in-use / working Diebold election system in Leon County, Florida - the same computer voting system which has been used in actual American elections across thirty-three states, and which still counts tens of millions of America's votes today.
An optical scan voting system is an electronic voting system and uses an optical scanner to read marked paper ballots and tally the results.
Dr. Herbert Hugh Thompson is a computer security expert, an adjunct professor in the Computer Science Department at Columbia University, and the Chief Technology Officer of NortonLifeLock. He is also the Chairman of RSA Conference the world's largest information security conference with over 25,000 attendees annually. Thompson is the co-author of a book on human achievement titled The Plateau Effect: Getting from Stuck to Success published by Penguin in 2013 and has co-authored three books on information security including, How to Break Software Security: Effective Techniques for Security Testing published by Addison-Wesley, and The Software Vulnerability Guide published by Charles River 2005. He is known for his role in exposing electronic voting machine vulnerabilities as part of the HBO Documentary Hacking Democracy. He was named one of the "Top 5 Most Influential Thinkers in IT Security" by SC Magazine and has been referred to by the Financial Times as "One of the world’s foremost cryptology and internet security experts."
Harri Harras Hursti is a Finnish computer programmer and former chairman of the board and co-founder of ROMmon, where he supervised in the development of the world's smallest 2-gigabit traffic analysis product that was later acquired by F-Secure Corporation.
Dominion Voting Systems Corporation is a North American company that produces and sells electronic voting hardware and software, including voting machines and tabulators, in Canada and the United States. The company's headquarters are in Toronto, Ontario, where it was founded, and Denver, Colorado. It develops software in offices in the United States, Canada, and Serbia. Dominion produces electronic voting machines, which allow voters to cast their votes electronically, and optical scanning devices used to tabulate paper ballots. Dominion voting machines have been used in countries around the world, primarily in Canada and the United States. Dominion systems are employed in Canada's major party leadership elections, and across the nation in local and municipal elections.
Election cybersecurity or election security refers to the protection of elections and voting infrastructure from cyberattack or cyber threat – including the tampering with or infiltration of voting machines and equipment, election office networks and practices, and voter registration databases.
Electronic voting in the United States involves several types of machines: touchscreens for voters to mark choices, scanners to read paper ballots, scanners to verify signatures on envelopes of absentee ballots, and web servers to display tallies to the public. Aside from voting, there are also computer systems to maintain voter registrations and display these electoral rolls to polling place staff.
Kill Chain: The Cyber War on America's Elections is an American television documentary film produced by Ish Entertainment, Blumhouse Productions and HBO Films. The film examines the American election system and its vulnerabilities to foreign cyberwarfare operations and 2016 presidential election interference. The film also features hackers at the conference DEF CON in their attempts to test the security of electronic voting machines.
Sarah Teale is a British-American documentary film producer and director, known for her Emmy nominated HBO documentaries Hacking Democracy, Dealing Dogs, The Weight of the Nation and Kill Chain: The Cyber War on America’s Elections.