HARPER'S: A citizens' guide to hacking the 2004 election

April 1, 2004
Brendan Koerner
news photo

That serious problems plague our new, computerized voting machines--on which 29 percent of U.S. voters are poised to cast their votes in November--has been apparent ever since $3.9 billion in federal funding for the machines was made available in 2002, in the aftermath of Bush v. Gore. In the years since, report after report has cautioned that the machines lack the security and robustness necessary to withstand the assaults of hackers or unscrupulous technicians. But no one seems likely to stop the rollout of the machines, more than 50,000 of which have been purchased by states. For those who hope to salvage the integrity of this year's election, then, energies must shift from the effort to stop vote-hacking--now a doomed task, it would appear--to an effort, instead, to ensure that access to vote hacking will be as open and democratic as possible.

In that spirit, Harper's Magazine is pleased to offer the following primer. To be sure, you will not find it a simple task to steal the 2004 election--not compared with the Gilded Age, when one could cram ballot boxes with fraudulent votes in a ploy that Texans called the "Harrison County Methods." (Decrying such trickery in his memoir, one frustrated Texan politician wrote that "dead Negroes, mules and horses" had cast ballots for his opponent, as had Fido Jenkins, a dog who nevertheless had managed to vote five times.) But when voting-machine vendors dismiss the possibility of their machines being tampered with as "academic," they underestimate the intelligence, skill, and tenacity of the world's hackers--and even, perhaps, of ordinary readers such as yourself.

Option 1: Take a job at a voting-machine company.

The most destructive means of attack, albeit the most challenging, would be to seed the voting machines with a "Trojan horse," a malicious software program that would lie dormant and undetected until its services were required. Such a program could be triggered by the voting machine's internal clock to awaken only between the hours of 8:00 A.M. and 6:00 P.M. on the first Tuesday in November, at which time it could, for example, begin to subtract or disregard one vote out of every 100 for each candidate with a particular party affiliation. Note that for this option to succeed, you will need to stay in your boss's good graces: Hiding a Trojan horse in the machines will require administrative access to the machines' basic source code, which is ostensibly limited to trusted individuals within the company.

Having risen through the ranks at a voting-machine company, will you still be willing to risk your career for a candidate? Perhaps not. But should your partisanship flag, you can simply fall back on greed. Consider the good fortunes of Ron Harris, a mid-level computer technician for Nevada's Gaming Control Board, who embedded Trojan horses in dozens of video-poker and slot machines in the early to mid-1990s. Harris's program allowed accomplices to trigger maximum jackpots by placing bets in particular sequences. In this fashion he netted nearly $50,000 without arousing the casinos' suspicion. (Be careful not to overstep: when Harris attempted to hack a one-time, $100,000 jackpot in a New Jersey Keno game, his entire scheme was discovered.) Imagine how much a Bush Pioneer or an Emily's Lister might pay to guarantee victory.

Option 2: Take a job as an election worker.

Another kind of attack is possible in the period after the polls have closed, when the storage media that contain the voting records are manually transported to a central office. Some of the machines, such as those manufactured by Ohio-based Diebold Election Systems, store votes on simple PCMCIA cards, a storage device familiar to users of digital cameras. After stealing one of the PCMCIA cards, you can pass it to a confederate who will decode and re-encode it off-site.

Will it be possible to crack the code quickly enough? Probably so. Experts have long known DES, the encryption algorithm used to protect Diebold's cards, to be second rate. More than five years ago, the Electronic Frontier Foundation decoded a DES-protected message in twenty-two hours, and today's computers no doubt can accomplish the task much more rapidly. An added boon: all Diebold cards are encrypted using the same, hard-coded key--a design mistake inveighed against in even the most rudimentary cryptography class. If you can determine the DES key of a single machine prior to an election (an easy task, if a unit could be "kidnapped" for a day or two), you will have access to every machine manufactured by Diebold.

Option 3: Make your own "smart card."

Not all of the options will require a change of career. Many of the voting machines--for example, Diebold's, which are being used in more than 6,000 precincts nationwide--are operated by "smart cards" that are handed out to voters as they check in at their polling places. These smart cards perform no cryptographic function; that is, they do not try very hard to verify that the terminal they are communicating with is legitimate, and vice versa. If you can figure out the protocol that the card and the machine use to communicate with each other, then you can create a homemade smart card that allows for unlimited voting. (Programmable smart cards sell at computer shops for as little as $3.50 each.)

To figure out the protocol, you could fashion a sort of wiretap device to insert into the smart-card slot, allowing you to eavesdrop on the machine-to-card dialogue. Of course, far easier would be to consult the source codes of the various machines. Although these source codes are proprietary, in at least one case they have found their way into public circulation. Avi Rubin, the Johns Hopkins University computer scientist who was the first to warn of the possibility of smart-card attacks, was able to conduct his research because large portions of Diebold's source code had been discovered on one of the company's publicly accessible websites. (The code was stumbled upon during a routine Google search.) And in December the network of VoteHere, a voting-machine company based in Bellevue, Washington, was breached by a hacker; VoteHere officials have refused to reveal what information, if any, was stolen.

Option 4: Think demographically.

Perhaps the easiest way to use voting machines to tip an election will simply be to crash the machines of the most partisan districts. The smart card-based machines are shut down using "ender cards," which poll workers insert at the end of the election day. If you make a smart card that mimics an ender card, you could shut down or slow voting for hours in, say, Orange County, or in a heavily African-American district. (One brand of voting machine, Sequoia's AVC Edge, does not even require an ender card to shut down; the machine can be flipped into "supervisor mode" simply by pressing a button on the back. If poll workers neglect to lock the wire seal that protects the button, interfering with the election will be as easy as flicking a light switch.)

In their brutal simplicity, these final, most accessible options recall some of the most effective vote-hacking schemes from elections gone by: suppressing the African-American vote, whether through confusion or outright intimidation; delivering voting booths late, or not at all, to precincts that vote in an objectionable manner. If there is anything to be learned from the history of election stealing--or, for that matter, of computer hacking--it is that any possible tricks will be tried sooner or later. And, given the porousness of voting-machine security, some of these tricks will doubtless succeed. Having been presented an opportunity to make vote-hacking nearly impossible, our government seems merely to have handed the ability to do so from one class of criminal to another.