Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security United States Politics

Voting Machine Manual Instructed Election Officials To Use Weak Passwords (vice.com) 197

An anonymous reader quotes a report from Motherboard: An election security expert who has done risk-assessments in several states since 2016 recently found a reference manual that appears to have been created by one voting machine vendor for county election officials and that lists critical usernames and passwords for the vendor's tabulation system. The passwords, including a system administrator and root password, are trivial and easy to crack, including one composed from the vendor's name. And although the document indicates that customers will be prompted periodically by the system to change the passwords, the document instructs customers to re-use passwords in some cases -- alternating between two of them -- and in other cases to simply change a number appended to the end of some passwords to change them.

The vendor, California-based Unisyn Voting Solutions, makes an optical-scan system called OpenElect Voting System for use in both precincts and central election offices. The passwords in the manual appear to be for the Open Elect Central Suite, the backend election-management system used to create election definition files for each voting machine before every election -- the files that tell the machine how to apportion votes based on the marks voters make on a ballot. The suite also tabulates votes collected from all of a county's Unisyn optical scan systems. The credentials listed in the manual include usernames and passwords for the initial log-in to the system as well as credentials to log into the client software used to tabulate and store official election results.

This discussion has been archived. No new comments can be posted.

Voting Machine Manual Instructed Election Officials To Use Weak Passwords

Comments Filter:
  • Why is it (Score:3, Funny)

    by Anonymous Coward on Monday November 05, 2018 @11:07PM (#57597982)

    The that biggest idiots always end up handling the most important tasks?

    • by Anonymous Coward

      Because technical brilliance, and leadership, are two entirely different skill sets.

      • Re: Why is it (Score:2, Interesting)

        by Anonymous Coward

        True. One involves bullying others in a manner that looks like comradery. The other is very much technical and facts-based.

        Hint: Facts get in the way of achieving desireable outcomes. Meeeeeh

  • The username is: password
    The password is: password
  • by PPH ( 736903 ) on Monday November 05, 2018 @11:15PM (#57598006)

    Ever seen the people who volunteer to staff polling places? Do you want to budget for the tech support staff needed to reset passwords when Aunt Eugenia forgot it again?

    • Re:Reasoning (Score:4, Informative)

      by DethLok ( 2932569 ) on Tuesday November 06, 2018 @04:17AM (#57598516)

      in Australia (apparently a nazi country since we have govt regulation of business, gun control, national healthcare?) we also have the Electoral commission.

      They run the voting system.

      Everyone votes the same way, on paper.

      They hire extra staff from existing public service agencies, experienced & arguably trustworthy govt workers.

      Voting is too important to let states or cities make up their own rules, or to let just anyone work in the polls.

      And boy, am I curious to see the results and hysteria of these US midterm elections, it is going to make Bush vs Gore look like a couple of toddlers fighting over a toy!

      • by orlanz ( 882574 ) on Tuesday November 06, 2018 @06:09AM (#57598724)

        No, Voting is too important to let centrals run it. I don't think you understand how voting works in the US. Nationally, no one votes directly but same safeguards as states.

        State level, you need a LOT of corruption across a highly distributed network of independent voluntary organizations to impact a vote. That complex non-standard setup is the primary safeguard against vote results tampering. The second is the volunteers who have a self interest in making sure the other isn't cheating and many independents who ensure no one cheats.

        At the local level, you do have independent and committee based outsiders who ensure the few locals aren't cheating the local population.

        The paper based voting system in the US that has been used for decades is pretty good. It was the State level discrimination laws and more recently end voter manipulation via social media that has been their only real threats. A "committee" would have made both worse.

        BTW, we do have many committees here, they just aren't the only thing the system relies on.

        • State level, you need a LOT of corruption across a highly distributed network of independent voluntary organizations to impact a vote

          The votes move from hand to hand from thousands of locations through small groups of trusted parties. That's tens of thousands of weak links--millions in some states.

          The paper based voting system in the US that has been used for decades is pretty good.

          It is. It's a complex mess with enormous integrity problems, but it's only severely-abused in a few places--and that severe abuse is relatively minor. A strong, decisive victory or even just huge voter turn-out is usually enough to overcome the level of tampering even in states where it's rampant.

          We estimate about 30,000 ballots just tos

        • This is all true, but it ignores the fact that we have partisan administration of the voting system, as well. And that's always the party in power. And we HAVE that "lot of corruption" necessary to make an impact.

          We have unfair poling place positioning and voter to polling place rations. We have voter suppression based on IDs. We have laws which forbid felons to vote. We have no penalties for targeted "accidental" mailing of the wrong date or location for voting by the partisan voting administrators.

          • Thanks for all the advice, rest of the world, but we're good here. It's nice you've finally figured out how to run your countries. Keep in mind that there are many, many years between the founding of our countries current governance and the founding of your current government. It's not even close.

            If and when this government topples, then you, the rest of the world, can compete to see which of your governments last as long.

            • Right. Not invented here. Therefore of no value. Yep. Good point.

              Let's all go back to polishing our flintlocks.

        • And yet your vote barely matters https://www.youtube.com/watch?... [youtube.com]
      • by HiThere ( 15173 )

        The House may change, but the Senate is going to stay R, or possibly turn more R, because more D's than R's are up for reelection.

      • by jbr439 ( 214107 )

        in Australia (apparently a nazi country since we have govt regulation of business, gun control, national healthcare?) ...!

        I believe that every developed country on the planet, with the exception of the US, is a 'nazi country' by this definition.
        So don't you go feeling you're special :-)

        [written from nazi country Canada]

  • I bet they hired some clueless shlub who wrote the manual based on observing actual practices instead of checking with a security expert. Seen it happen.

    Boss: "Fred, I'm reassigning you to write the manual for the new voting system."

    Fred: "But I don't know anything about voting systems."

    Boss: "Just observe the testers in action, and write down what they do."

    Fred: "Okay, I can do that! On-it, boss!..."

    • Let's put aside the issue of using a password based system in the first place. But a "security expert" would have made things worse. So the official manual will say use a secure 10 character, upper, lower, special, & number password.

      The unofficial manual will say look for tape under the machine.

      Atleast with the current manual, people will be less likely to share their accounts because it's so easy to setup new ones.

      • Let's put aside the issue of using a password based system in the first place.

        No, let's not do that. It never even occurred to me to use passwords when I stared writing the SAFE VOTES guidelines (elections procedures and standards specifically for elections run via direct-recording electronic voting). I didn't even require 2FA--largely because using the credentials to do anything permanently takes the machine out of commission, causes alarms, and generally draws a whole lot of attention and stops your election, but also because the credential is created at poll open and is destroy

  • by jd ( 1658 ) <imipak&yahoo,com> on Tuesday November 06, 2018 @02:11AM (#57598324) Homepage Journal

    Few obvious questions.

    First, with aren't they using smart cards with passwords on the keys?

    Second, why did the software permit weak choices? Manual be damned.

    Third, why are infosec officers not replacing those pages in the manual, training users in proper procedures, rejecting the products at user acceptance or running tools for weak password detection?

    This is a failure of the entire procurement procedure, start to finish.

    • First, with aren't they using smart cards with passwords on the keys?

      Because voting machine manufacturers are money-changers, not security experts. They make ATMs, they make voting machines.

      Second, why did the software permit weak choices?

      Made to order.

      Third, why are infosec officers not replacing those pages in the manual, training users in proper procedures, rejecting the products at user acceptance or running tools for weak password detection?

      The same companies who provide the machines also provide voter outreach and elections consulting. They'd be the ones deciding if you should reject this shit.

      Why do you think I'm starting a business and breaking into that industry? Paper ballots look kind of like the Internet to me (from thousands of polling places, through the hands of small groups of trustees, flow

    • The voting machine companies arrived like there was a gold rush. The most important selling point of any voting machine system is "NO RECOUNTS" because A. recounts cost money, and B. The people counting the votes don't like them.

      NO RECOUNT sets the bar pretty low -- "just throw a machine together that spits out an excel spreadsheet or an access database."
      NO RECOUNT actively discourages a paper trail.

      The designs were stupid. The purchases were stupid. All money spent on them was a mistake. No one wants t

  • Sometimes I think we should remove all digital security features.

    Based on the same principle that the way to make people drive more carefully would be a 6 inch spike in the middle of the steering wheel, people rely on passwords and encryption when they aren't completely effective. More to the point, the users typically don't understand them that well. The passwords themselves are next to useless here. Might as well remove them entirely.

    If the security systems are removed, then we'd have to rely on thing
    • Or you can just use actual secure methods of authentication. The stuff that is found on any standard enterprise level laptop. TPM chips, two factor, encryption, etc. I think we got this stuff down pat about 10 years ago? In the IT world, that's basically a lifetime ago.

      • The problem is enforcing it right along the chain.

        2 factor authentication is inconvenient, and people circumvent inconvenience. In this case they can't even be bothered doing single factor authentication properly. So they'll share the password, and the security card, or SecureID generator or whatever.

        I think to get this to work we'll need to fix human stupidity. Sadly I can;t see this happening.
    • So here's the thing: computers can be made impenetrable; physical locks can't. Computers, however, are immensely difficult to validate: we can ensure a small code body (maybe 4,000 lines) is correct, but we can't ensure the whole OS stack, the enormous application in its entirety, all libraries, and so forth are correct.

      You know that thing where you can't hack into a computer that's unplugged and unpowered? You can totally hack into a lock by getting a large enough hammer. Any lock. You can manufac

  • how hard is it? (Score:4, Insightful)

    by pereric ( 528017 ) on Tuesday November 06, 2018 @04:26AM (#57598530) Homepage

    Should not be too hard making a good voting system?

    Sweden (and many Europeans do it like this): Every citizen get sent a physical voting card to their home address (including information on where and how to vote). No need for registration, just being a citizen (national elections) or at least legal resident (local elections). Election places are all over towns, usually in schools of libraries. They are staffed by volunteer respected citizen.

    On election day, you go to the election place, take some ballots and envelope, and put one ballot in one envelope per election. Then you show your card at the front desk (always staffed by several volunteers), and get ticket off in the electoral roll. If you have lost your card, you can use some ID. The envelopes are put in sealed boxes (one per election) under your supervision. (Oh, you can also hand in you vote in advance, at advance election places anywhere in the country (and at consulates). They will be sent to your election place, and used if you haven't voted physically)

    The boxes are kept under supervision, and when election closes, counting starts. Everyone is welcome supervising the opening of boxes and envelopes, as well as the counting. Results are usually presented the same evening. The ballots are then handed in and re-counted once at a central location for each county just to be sure.

    The system is easy to audit, and hard to cheat - especially on a systematic nation-wide level (which is much easier if there is a electronic system to attack)

    • That's pretty much how it's done in much of the US at the local level. Except for mailing and using a voter card. Proof of identity & residency is all that is needed.

      • In Germany, the voting card is just for convinience. An ID is enough, but without the voting card the election observers would have to look up the name in their list.

      • Comment removed based on user account deletion
        • In California you're allowed to use a provisional ballot much of the time. Ie, if you move to a new location within the same county but did not re-register you can still vote but with a provisional ballot, and it will get counted as long as it shows you did not vote in any other precinct. If you move to a different county without re-registering, you can still vote with a provisional ballot, it will just take a bit longer to verify. For most hiccups, you can get the provisional ballot.

    • The system is easy to audit, and hard to cheat - especially on a systematic nation-wide level (which is much easier if there is a electronic system to attack)

      The same people who claim that there is election fraud are not making the claim because they want to eliminate election fraud.

      So they would hate your rather nice system with a passion.

  • by shentino ( 1139071 ) <shentino@gmail.com> on Tuesday November 06, 2018 @04:59AM (#57598584)

    Anyone wanna bet that this was done deliberately to make them easier to hack? Whoever made these things should know damn well how to keep it secure. Especially with the shenanigans around Diebold and so on. Election fraud is big news with the people who make the damned machines so there's no way they are doing this out of ignorance. These rules seem specifically designed with the OPPOSITE of security in mind.

    You know, you can have one orange finger and you'll get the benefit of the doubt. Two orange fingers and you'll still get the innocent until proven guilty treatment. But when your whole hand is orange and there's cheese powder on your lips and teeth? Dude, I didn't have to see you do it to know that you stole the fucking cheetos!

    • Diebold made ATMs. They're money-changers. They see a need for a system that collects and transmits votes.

      When you build a microwave oven, you don't load it up with fork-detection hardware. You tell people to never microwave a fork. In an election, people are intentionally trying to microwave a fork, and you need defenses against that. Diebold, ES&S, Hart, these people built a microwave to accomplish microwaving food, not to accomplish microwaving food in hostile territory where even the people w

  • Electronic systems are used by human beings. The vast majority of whom are terrible at security.
  • The people here on Slashdot who might be able to devise a secure electronic voting machine--are a minority compared of those here who could hack it.
  • I used to work as a temp on GoDaddy's web design team.

    Our first day, we had to go through a "security" tutorial that, among other things, advised that we satisfy the "mixed-case and at least one symbol" requirement by using an initial capital letter and putting an exclamation point at the end.

    I e-mailed the security team to explain to them why this is bad advice ("you've just removed all the benefits a six-character mixed-case password with a symbol has over a five-character all-lowercase password"). Unsur

I cannot conceive that anybody will require multiplications at the rate of 40,000 or even 4,000 per hour ... -- F. H. Wales (1936)

Working...