Sat May 25 2013
Departments
Election Issues

Recipe for hacking ES&S and Sequoia, Hursti-style
by Black Box Voting
January 4, 2006

Hold on to your lugnuts, ES&S and Sequoia may risk Hursti-style hack

Dec. 13, 2005: Harri Hursti performs devastating hack in Leon County Florida with Diebold optical scan system, proving he could control votes by manipulating a credit-card-sized memory card..

Jan. 3, 2006: Information received pointing to similar vulnerabilities in the ES&S and Sequoia "Optech" optical scan machines.

In an exclusive interview by BBV investigator Jim March with Dr. Douglas Jones, University of Iowa associate professor and a former voting machine examiner for the state of Iowa, it was learned that one of the most widely-used voting machines over the last 15 years may suffer from design flaws broadly similar to Diebold's version 1.94 and 1.96 optical scan system.

The first problem is that memory chip contents can be modified with easy to obtain reprogramming devices, in ways that could enable Hursti-style hacking.

The second problem is that Sequoia and ES&S have been able to force their way into intimate access to the mechanics of democracy. The electronic ballot controls were maintained exclusively by the vendors at the vendor's headquarters rather than by county election staff.

Diebold took over total control of elections in counties that allowed it. ES&S and Sequoia didn't give them a choice because of the system's design. This effectively removed county officials from their proper oversight role.

ORIGINS OF THE OPTECH MACHINE

Two of the four major voting machine companies have been using an identical machine, the Optech, originally produced by Business Records Corp (BRC).

BRC was the largest voting machine company in America when ES&S purchased it in 1997. The SEC objected on anti-trust grounds, and in the resulting decision, allowed ES&S to purchase BRC, splitting the Optech scanners up between ES&S (service contracts for existing machines) and Sequoia Voting Systems (sales of new machines).

Although now being phased out, Optechs have been used for 15 years without a peep from the federal testing labs, and without the public ever being told of their vulnerabilities, nor of the vendor’s extraordinary level of control over local elections.

SYSTEM DESIGN

According to Dr. Jones, the Optech machines are precinct optical scanners originally developed in the late 1980s. They reflect the technology of that period. They are broadly similar to the Global/Diebold optical scanners designed around the same time: These voting machines store votes on removable electronic memory devices and print out an "end of day ticker tape" on paper similar to a cash register tape, providing a precinct total of votes for each candidate and issue.

The Optech machines don't use a credit card-sized memory card – rather, they use a memory pack about the size of a pack of cigarettes.

This cigarette pack-sized device plugs into the body of the scanner with a proprietary connection. The memory pack provides three things:

- A chip ("ROM" memory) which is difficult to modify outside of a factory and contains the programming for the machine ("firmware")
- An "EPROM" chip which is easier to modify (more on that to follow) containing the ballot layout and precinct information
- Battery-powered memory chips to hold the vote totals

THE GOOD NEWS

As Dr. Jones points out, there's one advantage to this pack design. Honest election officials can separate the scanner body from the pack and send the large bulky scanner out to the field (precinct) days or weeks ahead of the election. Tampering with scanners that are missing the pack isn't really possible (other than to simply vandalize it) because the "brains" aren't present to tamper with. It’s the "memory pack" that needs to be held in strict security. The memory pack can later be hand-carried to the precinct by a group of poll workers and plugged into the scanner on election morning.

THE BAD NEWS

One reason the Hursti hack in Leon County resulted in a failure is that Diebold's memory device holding the votes and critical programs is both read-write (tamperable) and reader/writer devices like the Crop Scanner are available commercially to alter the cards.

The ES&S/Sequoia memory pack has a funky connector. It should be even more secure, right?

Not exactly.

JIM'S RIG-A-VOTE RECIPE

1. Unscrew the top of the pack.

The most critical chip holding the ballot/candidate/precinct layouts is sitting right there in an easy-access socket.

2. Find a chip burner. Once the chip is out with a screwdriver, you can find alteration devices (chip burner) for that chip even more easily that you can find the Crop Scanner.

Tip for finding a read/write device: The chips is called an "EPROM" - Electrically Programmable Read Only Memory .

Here are some examples:

http://www.stag.co.uk/products/EEprom_programmer.htm
http://www.action2k.com/topmax.htm
http://www.elettronicaceleste.com/celeste/programmatore_eeprom/sp280_uk.htm

3. Put the chip in the chip burner device connected to a PC and read the contents. Edit at will using your PC.

4. Peel the sticker off the back of the EPROM, exposing a glass window. This makes the actual silicon surface visible through the glass. It's a neat looking critter, shiny and with lots of tiny circuits that geeks will love.

5. Put the chip in a tiny mouse-sized tanning booth. No, we’re not kidding – exposure to UV light for 25 minutes erases EPROMs. (Warning: We do not recommend putting in an actual mouse unless you can find very small sunglasses for him.)

PICTURE: http://testequip.com//sale/used/pictures/HES2152.jpg

6. Put the sticker back on the chip’s glass window and put it into the chip burner connected to the PC, and download your tampered code from your PC back to the chip.

7. Put the chip back into the "pack" and you’re done.

We have no reason to think that the security of the chip's contents is any better than in the Diebold environment. While this needs testing, it appears that hacking could cause all votes to be switched between any two candidates simply by altering the chip data.

Dr. Jones suggests the possibility of causing a minor party candidate's votes to go to a major party candidate, in addition to the major party candidate's proper votes. This would have the "benefit" of harming a small parties, possibly denying them ballot access. Each major party has at least one smaller party that tends to take a small chunk out of them – the Democrats always lose a few candidates to the Greens, the GOP loses a few to the Libertarians. Each major party would like to see their smaller more radical cousin go away, and that sort of hacking could do it.

THE WORSE NEWS

While moderately advanced hackers should be able to alter the contents of these packs fairly easily, county election officials can’t. Therefore, by design, the memory cards need to be programmed inside the vendor’s corporate headquarters.

WILL THEY DO IT CORRECTLY?

Well let’s see: ES&S was partially owned by now-Senator Chuck Hagel at the time Hagel won his first major political victory to get into congress. Hagel’s victory in the primary was so stunning that it made national news. According to CNN’s "All Politics," Hagel hoped he could make lightening strike twice by winning the big prize – and he did. He defeated popular Democratic Governor Ben Nelson who led in the polls since the opening gun in what the Washington Post called "The major Republican upset in the November [1996] election." (more: http://www.blackboxvoting.org/BBV_chapter-3.pdf)

Louisiana state elections chief Jerry Fowler was convicted on felony charges of taking bribes from Sequoia officials for system purchase decisions – one of Sequoia’s key people, Phil Foster, was indicted but the charges were dropped after a judge concluded that his immunized grand jury testimony couldn’t be used against him. (more: http://www.blackboxvoting.org/BBV_chapter-8.pdf)

So, is turning over the very foundation of Democracy to ES&S and Sequoia a good idea? We think not.

CONCLUSION

Nobody at the Federal or state testing labs seems to think like a hacker and tries to find ways to defeat these things. For that matter, nobody is paying attention to the basic ethics of the situation. No one ever asked the American citizens whether we choose to remain a Constitutional Republic versus a Corporate Republic.

Black Box Voting would like to do a "test hack" on the Optech with the blessing of public officials in any jurisdiction. Because these machines are not HAVA compliant, they are being phased out. We ask your help in facilitating this opportunity.

"There is only one force in the nation that can be depended upon to keep the government pure and the governors honest, and that is the people themselves. They alone, if well informed, are capable of preventing the corruption of power, and of restoring the nation to its rightful course if it should go astray. They alone are the safest depository of the ultimate powers of government."
-- Thomas Jefferson - END

---
Black Box Voting is a nonpartisan, nonprofit 501c(3) elections watchdog group supported entirely by citizen donations.

To support our work, go to http://www.blackboxvoting.org/donate.html or mail to Black Box Voting, 330 SW 43rd St Suite K PMB 547 Renton WA 98055




Recent Election Issues Articles

Renowned computer security expert agrees to meet California county supervisor's '1000 to 1' challenge to 'manipulate' Sequoia voting machine!
  December 13, 2006
  Brad Friedman

100 phantom votes found in one precinct; DelCo board of elections hinders investigation
  December 12, 2006
  Stephanie Frank Singer

Think globally, protect the vote locally
  December 1, 2006
  Paul Rogat Loeb

Will they or won't they: last chance for Democrats
  November 17, 2006
  David Swanson

The vote protectors
  November 16, 2006
  Robert C. Koehler

Ohio's 2006 vote count now includes a higher percentage of uncounted ballots than in 2004, and a statistically impossible swing to the Republicans
  November 14, 2006
  Bob Fitrakis, Harvey Wasserman and Ron Baiman

The drama of empty numbers
  November 9, 2006
  Robert C. Koehler

A monumental victory for the election protection movement
  November 8, 2006
  Bob Fitrakis & Harvey Wasserman

Pick a number 2006
  November 7, 2006
  Mike Ferner

How they stole the mid-term election
  November 7, 2006
  Greg Palast, The Guardian ( UK ), Comment

STOP Blackwell, what's that sign: Everyone look what's going down
  November 7, 2006
  Bob Fitrakis & Harvey Wasserman

Parallel election midday report
  November 7, 2006
  Rady Ananda

Tuesday's outcome may depend on the power of the election protection movement
  November 5, 2006
  Bob Fitrakis and Harvey Wasserman

The power of a social movement can beat the GOP double Chickenhawks
  November 2, 2006
  Bob Fitrakis and Harvey Wasserman

Check out We Count for a great TownHall confrontation between Vicki Lovegren of Ohio Vigilance and Michael Vu, Supervisor of Cuyahoga County BOE
  November 1, 2006
  Victoria Lovegren, Ph.D.

Official states electronic voting system added votes never cast in 2004 Presidential election; audit log missing
  November 1, 2006
  Peter Peckarsky, Ron Baiman, and Robert Fitrakis

Repairing the U.S. system of voting: 50 concrete steps
  November 1, 2006
  Harvey Wasserman, Bob Fitrakis and Steve Rosenfeld

Will a shocking new GOP court victory and Karl Rove's attack on Ohio 2006 doom the Democrats nationwide?
  October 30, 2006
  Bob Fitrakis & Harvey Wasserman

Renoite sue Sequoia Voting Systems
  October 28, 2006
  Patricia Axelrod

Severe election problems seen in ten states
  October 27, 2006
  Jason Leopold

Direct material proof of massive election fraud in Ohio in the 2004 U.S. presidential election
  October 26, 2006
  Ron Baiman

A talk with Mark Crispin Miller about what voters can do to prevent another stolen election
  October 26, 2006
  The Ostroy Report

Will Ken Blackwell find the ways to steal Ohio 2006 as he did in 2004?
  October 25, 2006
  Bob Fitrakis and Harvey Wasserman

Important voter activism
  October 22, 2006
  Victoria Lovegren, Ph.D.

A loaves & fishes/Holy Ghost victory for the GOP in November?
  October 17, 2006
  Bob Fitrakis & Harvey Wasserman

Why is the man who stole Ohio campaigning with a white supremacist?
  October 9, 2006
  Bob Fitrakis and Harvey Wasserman

This cannot be
  September 28, 2006
  Robert C. Koehler

Court victory lets preserved Ohio 2004 ballots tell new tales of theft and fraud as indictments and convictions mount
  September 25, 2006
  Bob Fitrakis & Harvey Wasserman

Unfit for use in ANY democracy
  September 20, 2006
  Rady Ananda

An open letter to Gov. Robert Taft and Sec. of State J. Kenneth Blackwell
  September 8, 2006
  Harvey Wasserman, et. al.

Coshocton County complaint
  September 3, 2006
  Tim Kettler

Saving the ballot evidence from Ohio 2004
  September 2, 2006
  Bob Fitrakis and Harvey Wasserman

San Diego suit’s second hearing: Judge to rule next Tuesday on constitutional and jurisdictional questions
  August 25, 2006
  Rady Ananda

New Zogby Poll: It’s Nearly Unanimous
  August 24, 2006
  Michael Collins, “Scoop” Independent Media

How the last presidential election awoke me from an unsound sleep
  July 22, 2006
  Jeanne Norris Weinberg

PFAW's Neas praises advance of Voting Rights Act, Calls on Bush Administration to start enforcing the law
  July 22, 2006
  People For the American Way

Why Democrats don't count: lessons from the un-Gore of Mexico
  July 16, 2006
  Greg Palast

Resolution of no confidence in current U.S. elections
  July 16, 2006
  J30 Coalition

An open letter from Ohio to the people of Mexico
  July 13, 2006
  Bob Fitrakis and Harvey Wasserman

The stolen election of 2004
  July 11, 2006
  Michael Parenti

The Democrats must now say "We Do Not Concede" in the U.S. as it's being said in Mexico
  July 9, 2006
  Bob Fitrakis and Harvey Wasserman

Project Vote, voting rights organizations, file to overturn restrictive voter registration rules
  July 7, 2006
  Brian Mellor

BBV: Unredacted Hursti Diebold reports, photos released
  July 4, 2006
  Bev Harris

Ignore that man behind the screen, Dorothy
  July 1, 2006
  Greg Palast

Bob Fitrakis for Governor -- he is now on the ballot
  July 1, 2006
  Fitrakis campaign

Alameda County supervisors embrace election fraud
  July 1, 2006
  Allen C. Michaan

San Diego’s run-off election aggregate results are plausible
  June 18, 2006
  Ron Baiman

A vote of no confidence: democracy left to languish in living rooms, garages
  June 15, 2006
  Robert C. Koehler

Kennedy's challenge: Salon, Mother Jones & the tortured dialogue
  June 15, 2006
  Michael Collins and

Warren County revisited
  June 12, 2006
  Richard Hayes Phillips, Ph.D.

Something smells fishy in San Diego!
  June 11, 2006
  Ron Baiman

Response to Salon Magazine
  June 6, 2006
  Ron Baiman

Analysis of Connally spreadsheet and other documents
  June 5, 2006
  Ron Baiman

RFK and Rolling Stone nail Ohio's stolen 2004 election, but much more must be done
  June 3, 2006
  Bob Fitrakis and Harvey Wasserman

Pick a card, any card
  May 27, 2006
  Richard Hayes Phillips, Ph.D.

Will the major media finally cover the electronic election fraud issue?
  May 15, 2006
  Bob Fitrakis and Harvey Wasserman

The money pit: Diebold vs. America
  May 15, 2006
  Denis Wright

Worst security flaw ever - 3 states invoke Diebold emergency procedures
  May 15, 2006
  Black Box Voting

Cranks and Kooks: Kerry won in '04
  May 11, 2006
  Greg Palast

Ohio 2004 election thief grabs Gov nod while (surprise! surprise!) voting machines malfunction
  May 5, 2006
  Bob Fitrakis and Harvey Wasserman

Hand counted paper ballots in 2008
  April 14, 2006
  Sheila Parks

Busheviks connected to New Hampshire phone-jamming scheme
  April 14, 2006
  The Ostroy Report

Are mainstream churches finally standing up to the GOP’s hateful “Christian” blitzkrieg?
  April 9, 2006
  Bob Fitrakis and Harvey Wasserman

Thousands march in New Orleans for right for Katrina survivors to vote in the city’s April 22 election
  April 7, 2006
  Rainbow/PUSH Coalition

Shocking Diebold conflict of interest revelations from Secretary of State further taint Ohio's electoral credibility
  April 6, 2006
  Bob Fitrakis and Harvey Wasserman

Faith-based voting
  March 30, 2006
  Robert C. Koehler, Tribune Media Services

Targeting the voters in Toledo
  March 30, 2006
  Richard Hayes Phillips, Ph.D.

Targeting the voters in Cincinnati
  March 30, 2006
  Richard Hayes Phillips, Ph.D.

Through a glass Darkely
  March 30, 2006
  Richard Hayes Phillips, Ph.D.

Is the Mainstream Media finally getting half the rigged voting machine story?
  March 29, 2006
  Bob Fitrakis and Harvey Wasserman

Please help Clint Curtis
  March 23, 2006
  Robert Lockwood Mills

Utah testing of the Diebold touch-screen reveals new problems
  March 19, 2006
  Black Box Voting

Trust us
  March 17, 2006
  Robert C. Koehler, Tribune Media Services

Harman vs. Winograd, tough choice?
  March 17, 2006
  David Swanson

Why did J. Kenneth Blackwell seek, then hide, his association with super-rich extremists and e-voting magnates?
  March 10, 2006
  Bob Fitrakis and Harvey Wasserman

Did 308,000 cancelled Ohio voter registrations put Bush back in the White House?
  February 28, 2006
  Bob Fitrakis and Harvey Wasserman

Statisticians recommend new measures to ensure vote count accuracy, release "Ohio’s 2004 exit poll analysis for novices”
  February 17, 2006
  Kathy Dopp

As Alito takes Supreme Court seat, Ohio GOP guts election protection
  February 1, 2006
  Bob Fitrakis and Harvey Wasserman

The Harri Hursti hack and its importance to our nation
  January 29, 2006
  Susan Pynchon, Florida Fair Elections Coalition   

Programmer Jeff Dean worked for chief of White House Plumbers unit
  January 26, 2006
  Bev Harris, Kathleen Wynne, and John Howard

Free Press Editor in Film at Sundance
  January 23, 2006
  Free Press Staff

PA activists sue to vote on machines
  January 20, 2006
  Rady Ananda

Important documents
  January 20, 2006
  Free Press staff

The gun is smoking - The gun is smoking - 2004 Ohio precinct-level exit poll data show virtually irrefutable evidence of vote miscount
  January 18, 2006
  Kathy Dopp and Ron Baiman

Recipe for hacking ES&S and Sequoia, Hursti-style
  January 4, 2006
  Black Box Voting

What’s all the fuss about Diebold in Florida and California?
  January 4, 2006
  John Washburn, for VoteTrustUSA  

New info may take out Diebold touchscreens
  January 1, 2006
  Black Box Voting




Read Election Issues Articles by Year:
2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000



FREE PRESS EMAIL UPDATE


Donate to the Free Press Election Protection Fund to help us investigate and monitor election fraud in this year's election.


Donate to The Free Press The Free Press Store

FOLLOW US ON
twitter
facebook


SEARCH THE FREEPRESS




1021 E. Broad St. Columbus, OH 43205 | 614.253.2571 | truth@freepress.org
All content © 1970-2012 The Columbus Free Press
Disclaimer