Diebold System One of Greatest Threats Democracy Has Ever Known

In exclusive stunning admissions to The BRAD BLOG some 11 months after the 2004 Presidential Election, a "Diebold Insider" is now finally speaking out for the first time about the alarming security flaws within Diebold, Inc's electronic voting systems, software and machinery. The source is acknowledging that the company's "upper management" -- as well as "top government officials" -- were keenly aware of the "undocumented backdoor" in Diebold's main "GEM Central Tabulator" software well prior to the 2004 election. A branch of the Federal Government even posted a security warning on the Internet.

Pointing to a little-noticed "Cyber Security Alert" issued by the United States Computer Emergency Readiness Team (US-CERT), a division of the U.S. Department of Homeland Security, the source inside Diebold -- who "for the time being" is requesting anonymity due to a continuing sensitive relationship with the company -- is charging that Diebold's technicians, including at least one of its lead programmers, knew about the security flaw and that the company instructed them to keep quiet about it.

"Diebold threatened violators with immediate dismissal," the insider, who we'll call DIEB-THROAT, explained recently to The BRAD BLOG via email. "In 2005, after one newly hired member of Diebold's technical staff pointed out the security flaw, he was criticized and isolated."

In phone interviews, DIEB-THROAT confirmed that the matters were well known within the company, but that a "culture of fear" had been developed to assure that employees, including technicians, vendors and programmers kept those issues to themselves.

More at
http://www.bradblog.com/

------------------------------------------------------
URGENT yet easy! Hold the government accountable for Katrina's aftermath
http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=104x4736062

Save the gulf, then save the nation! http://www.geocities.com/greenpartyvoter/electionreform.htm

Diebold

Vendor & Software Name:
GEMS Central Tabulator 1.17.7, 1.18

A vulnerability exists due to an undocumented backdoor account, which could a local or remote authenticated malicious user modify votes.

Vulnerability - Impact
Patches - Workarounds
Attacks Scripts:
No workaround or patch available at time of publishing.

We are not aware of any exploits for this vulnerability.

Common Name: GEMS Central Tabulator Vote Database Vote Modification

Medium
Source: BlackBoxVoting.org, August 31, 2004

Look at the source.

not BBV..

is a bit of a persona non-grata here, and with good reason it seems.

Here is another link from securityfocus, a good internet security site, that seems to be another confirmation of this bug advisory.

http://www.securityfocus.com/bid/11076/references

It's great that bradblog has got the insider to verify the backdoors existed and were known about, and maybe the taint of BBV wont sabotage any potential this story has :) I'm hopeful.

Given the implications, GEMS should be an extreme threat. Thanks for the additional link. You're right, getting an insider is a huge breakthrough. I just hope that we can get a name soon. And I share your regards on BBV, I hope she(they) doesn't get involved at this point.

But, I believe the one speaking-out. What's not to, with that culture of fear statement. Haven't we all seen and heard that one too many times since * stole office.

Does Diebold pay that handsomely? Quit.

I wonder what you can get nowadays for info like that?

If it is a lot, you could leave and not worry for a while.

Or, do both...stay, and sell it too as a whistleblower.

If you don't like that deal, they'll let Liddy, Negroponte, Cherthoff et al make you an offer you can't refuse.

At least he can get it out to his audience.

and congratulations to Brad for this story.

This needs much broader coverage and needs to keep getting circulated and investigated until people start to notice how serious it is.

good work, Brad

those voting machines... They were rejected for security reasons. Sometimes I really DO think all of this is a world conspiration *sigh*

But the Dieb Throat is good news.

-------

Remember Fallujah

Bush to The Hague!

of course not you DUers.

but until a congressional criminal investigation starts requesting records, memos, evidence, etc., it's all just hearsay.

DIEB-THROAT needs to present enough compelling evidence to warrant such an investigation regardless of the "sensitive relationship" if he or she wants to really bring this to light and make a difference.

Also the more open DIEB-THROAT is about dangerous information, if true, the less likely it is that he or she will be found on a median with a bullet hole in head and a suicide note in someone else's handwriting, or in a vacant motel room bathtub having a solo razor party after emphatically and repeatedly stating that could never happen voluntarily.

:evilfrown:

except the guy from Diebold who talked to BRAD BLOG. Its not to hard to surmise that diebold knew of the vulnerabilities that are all over the web and in the news. All he did was confirm this and say they didn't fix them, which is something anyone with a copy of the software could have tested and found out.

See:

http://www.us-cert.gov/cas/bulletins/SB04-252.html#diebold

This is a standard compendium of security vulnerabilities, entirely public knowledge.

Note the source of the report is "Black Box Voting".

Has this been corroborated by anyone else (University researchers, "white hat" hackers, etc.)? If so, it would add some meat to this story.

I'm referring here to the original flaw, and not to the insider's story about being instructed to keep quiet about this flaw.

"I believe that top Government officials had an understanding with top Diebold officials to look the other way," the source explained, "because Diebold was their ace in the hole."

But even DIEB-THROAT -- who says "we were brainwashed" by the company to believe such concerns about security were nonsense -- was surprised to learn that an arm of the U.S. Department of Homeland Security was well aware of this flaw, and concerned enough about it to issue a public alert prior to the election last year.

"I was aware of the Diebold security flaw and had heard about the Homeland Security Cyber Alert Threat Assessment website, so I went there and 'bingo,' there it was in black and white," the source wrote. "It blew me away because it showed that DHS, headed by a Cabinet level George Bush loyalist, was very aware of the 'threat' of someone changing votes in the Diebold Central Tabulator. The question is, why wasn't something done about it before the election."

--from Bradblog article: http://www.bradblog.com/

--------------

Question : Has this "public alert" issued by DHS ever been cited by any of the Congressional reps looking into the election question--Conyers, Holt, Clinton etc? Do they even know about it?

that this violates HAVA, Wilms?

I think it might not actually be stipulated as such...perhaps it's why Holt's Bill has a lot about e-security.

just trying to get a handle on the ramifications...

time to tell every city official and get these machines de-certified for legally violating HAVA....

http://verifiedvoting.org

lawsuits could spring up all over the place....as a result of this evidence..