Doug Jones is a recognized computer expert on this stuff. There's a lot of stuff about Diebold on this page online -- go most of the way down the page for this.
DIALING IN TO GEMS
Doug Jones
discussing the SAIC report on Diebold for Maryland
http://www.cs.uiowa.edu/~jones/voting/dieboldftp.html <> Remove the SBE GEMS server immediately from any network connections. Rebuild the server from trusted media to assure and validate that the system has not been compromised. Remove all extraneous software not required for AccuVote-TS operation. Move the server to a secure location.
Again, the redactions make it hard to criticize this, but apparently, despite repeated public assurances from Diebold that GEMS servers are not connected to networks, the Maryland centeral GEMS system was. Furthermore, Diebold's Election Support Guide dated October 21, 2002 makes it clear, in Section 13, item 1 (on page 23) that Diebold was equally happy to have results distributed to the press using LAN connections, FTP transfers, HTTP transfers or "sneakernet" (hand-carried data). Only the latter can be considered secure in this context, and even then, such security can only be trusted if there is a trivial proof that the data transfer is one-way, outgoing only, from the GEMS server. One way to assure this is if only new or bulk-erased disks are ever loaded into the disk drive on the GEMS system, instead of allowing one disk to be alternately loaded on one system and the other.
But, that deals only with one of the paths into the GEMS server. If the GEMS machine serves a pool of modems that are used to make connections with the voting machines at the precincts, then GEMS is already connected to a public network, the telephone system. Depending on how the modems are managed, this is just as dangerous as the Internet, and in fact, it can be considered part of the Internet, because a huge number of computers connect to the Internet using the telephone network.
There are several risks that must be addressed here. First, that an outsider could dial in to the GEMS server and corrupt data on that server directly, and second, that an outsider could dial in to the GEMS modem bank and 'tunnel through' that modem bank to a machine at the polling place, connecting to that machine and corrupting data there. Because the Diebold AccuVote machines at the polling place use the PPP protocol to connect to GEMS, the nature of the PPP server connected to the GEMS machine determines whether this attack is feasible.
Diebold's Election Support Guide offers several options, in section 11.3.2 (page 19) in this regard, and it offers no advice for any of these options for how to configure the modem pool and PPP server to prevent 'tunneling through'. This is a crucial barrier to such an attack. In general, PPP servers, particularly "intelligent port servers" such as Diebold's suggested option 2, are delivered, out of the box, with no effective logging of connections and no effective security against use to establish arbitrary network connections.
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore
