American Election Hacker Testifies
November 2nd, 2006

American computer programmer Clinton Eugene Curtis is seen in this video testifying under oath in front of the U.S. House Judiciary Members in Ohio.

He tells the members how he was hired by Congressman Tom Feeney in 2000 to build a prototype software package that would secretly rig an election to sway the result 51 / 49 to a specified side.

He explains that it would be undetectable and only takes 100 lines of code to implement, watch it and then think about where your vote is really going :)

Share This Article : These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • Slashdot
  • Technorati
  • StumbleUpon
  • Google
  • Live
  • Facebook
  • YahooMyWeb
Continue Reading Election Hacking

Discussion

18 comments for “American Election Hacker Testifies”
  1. Punching Judy
    2:16 pm on November 2nd, 2006

    And thus the shit hits the fan. Finally.

  2. hsuan
    2:37 pm on November 2nd, 2006

    “He explains that it would be undetectable and only takes 100 lines of code to implement, watch it and then think about where your vote is really going”
    no he was very clear, the only way to detect tampering is to look at the source code. the source code shouldnt be more than 100 lines or so. not very dauntin.
    which is why its especially bad diebolds so secretive about thier source code.

  3. bamboogy
    3:25 pm on November 2nd, 2006

    100 lines of code eh? efficient?

  4. elmer fudd
    4:10 pm on November 2nd, 2006

    This guy is a nut job who is running against Fenney for his house seat. He is just making this stuff up. Palm Beach county like most of Florida went to the touchscreen machines after the 2000 election debacle.

  5. dove
    4:46 pm on November 2nd, 2006

    I think this man was killed shortly after this testimony. The same thing happened to 2 whistleblowers in Europe.

  6. Horizon
    9:10 pm on November 2nd, 2006

    Any idea on where the source code to this would be? I’d like a look at it.

  7. kikoki
    9:37 pm on November 2nd, 2006

    Horizon, you would of had to been one of the government elected “area experts” who got to look the machine inside and out to decide if it was safe or not.

    It did get leaked from the testing groups, but I think it was contained. Princeton and a few other universities also got a hold of it. But in general Diebold is insane about keeping it secret.

    The source itself is not 100 lines, let’s clear up the confusion. It’s thousands. He is saying it would take only about 100 lines to implement a hack. This is true, and it would take about 100 with medium efficiancy. It would also be possible to write the hack so it altered the paper receipt as well, as princeton and several others have. And it wouldn’t add too many more lines.

    I don’t know why they ask, the diebold machines DO have a self-diagnostic that runs through the code to find any mismatches, but that itself can be hack. Again, as demonstrated by princeton and several others.

    Don’t get your hopes up. The government has been shown many many times that these machines are easy to hack, but they don’t care.

  8. Joe Levi
    10:01 pm on November 2nd, 2006

    A related story from Utah: http://www.joelevi.com/blog/index.php/2006/10/25/rock-hack-the-vote/

  9. Ryan
    10:44 pm on November 2nd, 2006

    The code would be very simple…. No matter how large the code is, what makes the difference is only 1 simple variable that is being passed in the script

  10. Ricky Retaro
    1:44 am on November 3rd, 2006

    So we have a hack to “flip the vote 51/49″ and when asked furthur, “It’s a simple program, you are adding 1 to a person’s total. Its a 100 lines of code tops.”

    What the hell is he talking about? What does “adding 1 to a person’s total” mean when you are programmatically adjusting the results to be 51%/49% regardless of individual talleys? Princeton has demostrated tangible proofs of concept on the dangers of these machines, but this yahoo isn’t on the level and more than likely didn’t write jack crap.

    And I know he’s propped up as an ‘expert’, but asking a programmer if he thinks the election was rigged because of someone’s interpretation of exit polling data is a bit retarded. Each time this video plays, somewhere in the world, a statistician’s baby kitten dies.

  11. Questionable
    5:04 am on November 3rd, 2006

    Ricky Retaro is correct, J. Random programmer probably has no experience with exit polls and how they are tabulated. His opinion on whether Ohio’s vote was hacked is slim.

    As far as 100 lines of code making the final result equal to whatever percentage you set, this would easily be detected with some simple testing. Enter 10 votes for Republicans, 5 votes for Democrats and the anomoly would easily be detected.

    In order to make it more insidious / undetectable would require a bit more work. You would need to check date/time for 2nd Tues in November,after poll closing time, minimum number of votes counted > {some large number, close to what is expected}, a set of variables to track D votes, R votes, I votes, total # of votes (don’t want a sloppy bug to set the vote total different than “real” total) and you need to do this either real-time or while machine is idle (in between voters).

    Those machines are not computing powerhouses, if you try to do a select count(*) statement and then update the rows based upon that at the end, the processing time required will be obvious. You also need to put in a routine to alter the logs so a simple transaction log of the database doesn’t show the shenannigans.

    Given enough time and practice it can be done and it’s really not that hard, but to accomplish _all_ that in 100 lines of code is a bit too optimistic. The less lines of code used, the more likely you’re leaving a big clue that something happened.

  12. spankbot
    11:40 am on November 3rd, 2006

    This is old - the guy was shown to be a fraud.

    http://en.wikipedia.org/wiki/Clint_Curtis

  13. novacodova
    8:48 am on November 4th, 2006

    You never see the person asking the questions and you never see Clinton Eugene Curtis speak, if it is even him… How do you know that the audio hasn’t been doctored?

  14. Dark Sided
    6:01 pm on November 4th, 2006

    Curtis didn’t testify as an “expert.” He IS the guy who was asked to reprogram the machines. I don’t see how the wikipedia article (nor the original Wired article) show Curtis to be a fraud. Raising some doubts does not mean he’s a fraud.

  15. LifeIsGoode
    2:29 am on November 5th, 2006

    You can’t physically get at the machines internals without being detected. There is plenty of physical security. After that you can’t network multiple voting machines. They aren’t designed to be networked. Nobody could rig an election, much less rig one polling precinct. There will always be conspiracy theories. Just imagine how bad the conspiracy theories will get once we start voting on-line someday.

  16. Janes
    10:59 pm on November 6th, 2006

    Can’t you see the real issue here is the changing of the paradigm wich open source brought about?

    It is crystal clear from the video, when the judge is aksing Curtis if the machines can be protected and for a while the hacker doesn’t understand the question as the judge doesn’t understand the answer, when he finnaly gets it! YOU HAVE TO LOOK AT THE SOURCE CODE!

    The secrecy is damaging, the only way to be sure that elections aren’t rigeg is by opening the source code to the interested public! And not by propiertary mumbojumbo!

  17. rcopley
    10:34 pm on May 20th, 2007

    it would be a simple fix, wouldn’t it, just check the machines one by one using a comparison program.
    P.S. woot Ohio

  18. American Election Hacker Testifies « Security News
    4:53 pm on October 8th, 2007

    [...] read more | digg story [...]

This site supports Gravatars, to get your Global Avatar visit www.gravatar.com

Post a comment

advertise with us