European e-voting machines cracked by Dutch group
11 October, 2006
»
(Dieser Artikel ist auch in deutscher Sprache verfügbar)
The voting computers used to cast 90% of the votes in Netherlands were cracked by a Dutch Group called "Wij vertrouwen stemcomputers niet" (We do not trust voting computers).
In a live public show on 4 October 2006 on the Dutch television channel Nederland 1, the group proved how the control program of such a voting machine - called Nedap/Groenendaal ES3B - could be replaced by exchanging 2 EPROMS on the board. The entire demonstration lasted less than 5 minutes.
The demonstration was followed by a public report released on 6 October that explains how the program works, how the software was created and how they can gain complete control over the election results. It is almost impossible for election monitors or voters to detect any change. Moreover, it also shows how the group discovered that radio emanations from an unmodified ES3B can be received at several meters distance and be used to tell who votes what.
The report comes at a delicate moment, with just one month and a half before the Parliamentary elections in Netherlands where the e-voting machines should be extensively used. The same computer voting is also being used in parts of Germany and France, with minor modifications.
Use of this machine in Ireland is now on hold after significant doubts were raised. Colm MacCarthaigh from Irish Citizens for Trustworthy E-voting, after looking at the compromised Nedap machines, said that : "The attack presented by the Dutch group would not need significant modification to run on the Irish systems".
Maurice Wessling, of Wij vertrouwen stemcomputers niet, underlined: "Compromising the system requires replacing only a single component, roughly the size of a stamp, and is impossible to detect just by looking at the machine".
After the Irish reaction, the German NGO Computer Chaos Club has also asked for a ban on this e-voting machine, considering that it does not meet the basic standard of the German law.
The Dutch report showed flaws similar to those discovered in Diebold Election Systems Inc.'s touch-screen voting machine, by Edward Felten, director of Princeton University's Center for Information Technology Policy. The flaws were presented in a public report released in September 2006 - Security Analysis of the Diebold AccuVote-TS Voting Machine.
"We do not trust voting computers" Foundation
http://www.wijvertrouwenstemcomputersniet.nl/Nedap-en
Nedap/Groenendaal ES3B - voting computer a security analysis (6.10.2006)
http://www.wijvertrouwenstemcomputersniet.nl/images/9/91/Es3b-en.pdf
Dutch citizens group cracks Nedap's voting computer (7.10.2006)
http://www.webwereld.nl/articles/43217/flaws-found-in-european-voting-...
E-voting machines successfully hacked (5.10.2006)
http://www.siliconrepublic.com/news/news.nv?storyid=single7158
Dutch citizens group cracks Nedap's voting computer (6.10.2006)
http://www.heise.de/english/newsticker/news/79106
Computer Chaos Club demands prohibition of voting computers in Germany
(5.10.2006)
http://www.ccc.de/updates/2006/wahlcomputer
Security Analysis of the Diebold AccuVote-TS Voting Machine(13.09.2006)
http://itpolicy.princeton.edu/voting/
Video that demonstrates the tempest attack (10.09.2006)
http://www.youtube.com/watch?v=B05wPomCjEY
