Diebold source code leaked again
Another breach on the e-voting front as elections near
IDG News Service - Source code to Diebold Election Systems Inc. voting machines has been leaked once again.
On Wednesday, former Maryland state legislator Cheryl C. Kagan was anonymously given disks containing source code to Diebold's BallotStation and GEMS (Global Election Management System) tabulation software used in the 2004 elections. Kagan, a well-known critic of electronic voting, is executive director of the Carl M. Freeman Foundation, a philanthropic organization based in Olney, Md.
The disks were created and distributed by two federal voting machine testing labs run by Ciber Inc. and Wyle Laboratories Inc. They had been testing systems on behalf of the state of Maryland, Diebold said in a statement.
This is not the first time that Diebold source code has been leaked. In early 2003, Diebold critic Bev Harris uncovered similar source code while conducting research using Google Inc.'s search engine.
Soon after, researchers at Johns Hopkins University and Rice University published a damning critique of Diebold's products, based on an analysis of the software.
They found, for example, that it would be easy to program a counterfeit voting card to work with the machines and then use it to cast multiple votes inside the voting booth.
Diebold says it has since introduced security enhancements to its products, but the fact that the company's sensitive source code has again leaked out is not a good sign, according to Avi Rubin, a computer science professor with Johns Hopkins and one of the authors of the 2003 report.
The first leak should have taught Diebold a lesson on securing its source code, he said. "You would think that given the amount of embarrassment that caused them, they would do a better job of protecting it."
Rubin, who was shown the latest source code by a reporter at The Washington Post, said that it appeared to be "just another version" of the code that was published in 2003.
The disks came with a letter that was highly critical of Maryland State Administrator of Elections Linda Lamone, Rubin said on his blog. "It read like it was from somebody with a very, very serious axe to grind," he said. "It was one of the more outlandish things I've read."
Rubin believes the disks were given to Kagan because of her past criticism of electronic voting machines. "I guess whoever did this knew she would pursue it doggedly, which she did."
Diebold said the source code was for BallotStation 4.3.15C, which is no longer being used in the U.S., and for GEMS 1.18.19, which is being used in a "limited number of jurisdictions."
The FBI is investigating the leak, Diebold said.
This pilot fish is a contractor at a military base, working on some very cool fire-control systems for tanks. But when he spots something obviously wrong during a live-fire test, he can't get the firing-range commander's attention.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Reduce federal infrastructure risk with compliance management and situational awareness
- IBM continuous monitoring and management solutions deliver real-time situational awareness to help federal agencies understand vulnerabilities, and protect the infrastructure.
- EndPoint Interactive eGuide
- In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- The Business Value of Continuous Delivery
- Download this whitepaper to learn more about the business value of Continuous Delivery and see why it could be a game changer for...
- Ten Factors Shaping the Future of Application Delivery
- Download this research report conducted by Enterprise Management Associates (EMA) to learn how those that are seeking to accelerate application delivery are leveraging...
- Software Asset Management: Ensuring Today's Assets
- Today's trends like BYOD and SaaS are new and exciting in terms of how they will help make our jobs more productive but... All Government IT White Papers
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt.
- IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- Leveraging Flash Storage to Accelerate Oracle Real Application Clusters Join this webinar to understand the latest solid-state storage trends, the specific applications driving solid-state storage deployments and the benefits of deploying the...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- All Government IT Webcasts