Brad Friedman Byon 6/5/2008, 10:34am PT

From the St. Petersburg Times...

Two pieces of malicious software detected Thursday have been removed from Pinellas County's voting tabulation system. The two bugs, known as Flush.G and W32.SillyDC, work in tandem and go from computer to computer redirecting Internet browsers to sites the user hasn't selected, officials said. The worm is carried through removable media like USB drives, is easily detected and, officials say, rather harmless. Pinellas Deputy Supervisor of Elections Rick Becker said the worm isn't the kind of Trojan horse that would be used to corrupt a computer voting system and was unsure just where it came from.

And yet, we're often told by voting machine companies that viruses can't get into these systems. Then there are the election officials who have bought into these systems, yet know nothing about them, who respond to the public and the media as if they do, regularly making ridiculous claims that such problems can't happen because "at no time are our systems connected to the Internet."

Whether they are or aren't, it's an absurd response. Malicious software can get into the system any number of ways, via non-Internet networking, USB thumb drives, etc. It can then undedectably affect an election without detection.

In the Summer of 2006, after my organization, VelvetRevolution.us, was given a Diebold touch-screen system from an insider source, we loaned it to Prinecton for testing and they were able to insert a vote-flipping virus via the memory card which could pass itself from machine to machine and flip an entire election without detection.

And, of course, on the first day of Early Voting in the now-infamous FL-13 Congressional race in 2006 where 18,000 votes mysteriously and still-inexplicably disappeared, a malicious viral worm took down a key part of the network infrastructure on which the registration system ran, grinding voting to a halt that day.

Similarly, exclusively reported thereafter, the scientists who studied the ES&S voting machines used in that FL-13 election discovered that the ES&S touchscreen systems --- used in some 16 different states --- were also vulnerable to the same type of virus that Prinecton was able to insert into the Diebold machines. To this day, despite being told about it by the scientists who discovered the problem, the U.S. Elections Assistance Commission (EAC) refuses to warn jurisdictions that use the same machine model about its vulnerability, even though it was described as potentially even more serious than the one discovered in the Diebold systems.

Other than that, everything's fine. Nothing to see here. Move along, folks.



