by DrDebugDU » Thu Sep 15, 2005 5:44 pm
In exclusive stunning admissions to The BRAD BLOG some 11 months after the 2004 Presidential Election, a "Diebold Insider" is now finally speaking out for the first time about the alarming security flaws within Diebold, Inc's electronic voting systems, software and machinery. The source is acknowledging that the company's "upper management" -- as well as "top government officials" -- were keenly aware of the "undocumented backdoor" in Diebold's main "GEM Central Tabulator" software well prior to the 2004 election. A branch of the Federal Government even posted a security warning on the Internet.<br><br>Pointing to a little-noticed "Cyber Security Alert" issued by the United States Computer Emergency Readiness Team (US-CERT), a division of the U.S. Department of Homeland Security, the source inside Diebold -- who "for the time being" is requesting anonymity due to a continuing sensitive relationship with the company -- is charging that Diebold's technicians, including at least one of its lead programmers, knew about the security flaw and that the company instructed them to keep quiet about it.<br><br>"Diebold threatened violators with immediate dismissal," the insider, who we'll call DIEB- THROAT, explained recently to The BRAD BLOG via email. "In 2005, after one newly hired member of Diebold's technical staff pointed out the security flaw, he was criticized and isolated."<br><br>In phone interviews, DIEB-THROAT confirmed that the matters were well known within the company, but that a "culture of fear" had been developed to assure that employees, including technicians, vendors and programmers kept those issues to themselves.<br><br>The "Cyber Security Alert" from US-CERT was issued in late August of 2004 and is still available online via the US-CERT website. The alert warns that "A vulnerability exists due to an undocumented backdoor account, which could a [sic: allow] local or remote authenticated malicious user [sic: to] modify votes."<br><br>The alert, assessed to be of "MEDIUM" risk on the US-CERT security bulletin, goes on to add that there is "No workaround or patch available at time of publishing.<br><br><!--EZCODE IMAGE START--><img src="http://www.bradblog.com/Images/Diebthroat_SecWarning.jpg"/><!--EZCODE IMAGE END--><br><br>"Diebold's upper management was aware of access to the voter file defect before the 2004 election - but did nothing to correct it," the source explained.<br><br>A "MEDIUM" risk vulnerability cyber alert is described on the US-CERT site as: "one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file."<br><br>DIEB-THROAT claims that, though the Federal Government knew about this documented flaw, originally discovered and reported by BlackBoxVoting.org in August of 2004, they did nothing about it.<br><br>"I believe that top Government officials had an understanding with top Diebold officials to look the other way," the source explained, "because Diebold was their ace in the hole."<br><br>But even DIEB-THROAT -- who says "we were brainwashed" by the company to believe such concerns about security were nonsense -- was surprised to learn that an arm of the U.S. Department of Homeland Security was well aware of this flaw, and concerned enough about it to issue a public alert prior to the election last year.<br><br>"I was aware of the Diebold security flaw and had heard about the Homeland Security Cyber Alert Threat Assessment website, so I went there and 'bingo,' there it was in black and white," the source wrote. "It blew me away because it showed that DHS, headed by a Cabinet level George Bush loyalist, was very aware of the 'threat' of someone changing votes in the Diebold Central Tabulator. The question is, why wasn't something done about it before the election."<br><br>The CEO of North Canton, Ohio-based Diebold, Inc., Walden O'Dell has been oft-quoted for his 2003 Republican fund-raiser promise to help "Ohio deliver its electoral votes to the president next year." O'Dell himself was a high- level contributor to the Bush/Cheney '04 campaign as well as many other Republican causes.<br><br>"A very serious problem...one malicious person can change the outcome of any Diebold election"<br><br>The voting company insider, who has also served as a spokesperson for the company in various capacities over recent years, admits that the "real danger" of this security vulnerability could have easily been exploited by a malicious user or an insider through remote access.<br><br>"I have seen these systems connected to phone lines dozens of times with users gaining remote access," said DIEB-THROAT. "What I think we have here is a very serious problem. Remote access using phone lines eliminates any need for a conspiracy of hundreds to alter the outcome of an election. Diebold has held onto this theory [publicly] for years, but Diebold has lied and has put national elections at risk. Remote access using this backdoor means that one malicious person can change the outcome of any Diebold election."<br><br>The ability to connect to the system remotely by phone lines and the apparent lack of interest by Diebold to correct the serious security issue in a timely manner -- or at all -- would seem to be at odds with at least one of their Press Releases touting their voting hardware and software.<br><br>(...)<br><br><!--EZCODE LINK START--><a href="http://www.bradblog.com/archives/00001838.htm">www.bradblog.com/archives/00001838.htm</a><!--EZCODE LINK END--><br><br>P.S. TruthIsAll has been found again as well. He can now be reached at <!--EZCODE LINK START--><a href="http://www.solarbus.org/forum/index.php?board=28.0">www.solarbus.org/forum/index.php?board=28.0</a><!--EZCODE LINK END--> <p></p><i></i>
