Diebold source code leaked again
Another breach on the e-voting front as elections near
IDG News Service - Source code to Diebold Election Systems Inc. voting machines has been leaked once again.
On Wednesday, former Maryland state legislator Cheryl C. Kagan was anonymously given disks containing source code to Diebold's BallotStation and GEMS (Global Election Management System) tabulation software used in the 2004 elections. Kagan, a well-known critic of electronic voting, is executive director of the Carl M. Freeman Foundation, a philanthropic organization based in Olney, Md.
The disks were created and distributed by two federal voting machine testing labs run by Ciber Inc. and Wyle Laboratories Inc. They had been testing systems on behalf of the state of Maryland, Diebold said in a statement.
This is not the first time that Diebold source code has been leaked. In early 2003, Diebold critic Bev Harris uncovered similar source code while conducting research using Google Inc.'s search engine.
Soon after, researchers at Johns Hopkins University and Rice University published a damning critique of Diebold's products, based on an analysis of the software.
They found, for example, that it would be easy to program a counterfeit voting card to work with the machines and then use it to cast multiple votes inside the voting booth.
Diebold says it has since introduced security enhancements to its products, but the fact that the company's sensitive source code has again leaked out is not a good sign, according to Avi Rubin, a computer science professor with Johns Hopkins and one of the authors of the 2003 report.
The first leak should have taught Diebold a lesson on securing its source code, he said. "You would think that given the amount of embarrassment that caused them, they would do a better job of protecting it."
Rubin, who was shown the latest source code by a reporter at The Washington Post, said that it appeared to be "just another version" of the code that was published in 2003.
The disks came with a letter that was highly critical of Maryland State Administrator of Elections Linda Lamone, Rubin said on his blog. "It read like it was from somebody with a very, very serious axe to grind," he said. "It was one of the more outlandish things I've read."
Rubin believes the disks were given to Kagan because of her past criticism of electronic voting machines. "I guess whoever did this knew she would pursue it doggedly, which she did."
Diebold said the source code was for BallotStation 4.3.15C, which is no longer being used in the U.S., and for GEMS 1.18.19, which is being used in a "limited number of jurisdictions."
The FBI is investigating the leak, Diebold said.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
If you use ‘password,’ one the worst passwords, as your password, fail to keep antivirus protection updated and don’t bother to deploy security patches to close critical vulnerabilities, then maybe you should consider working for the cybersecurity-clueless federal government; you’d fit right in, according to Senator Tom Coburn's cybersecurity and critical infrastructure report.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Red Hat Enterprise Linux - The Original Cloud Operating System
- Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse
- Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Building a Bridge to the Next Generation Data Center
- Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- OpenStack and Red Hat: IDC White paper
- Most OpenStack deployments are by public cloud providers that are early adopters of technology and use OpenStack in a do-it-yourself deployment and support... All Government IT White Papers
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of...
- All Government IT Webcasts