According to election industry officials, electronic voting systems are absolutely secure, because they are protected by passwords and tamper proof audit logs. But the passwords can easily be bypassed, and in fact the audit logs can be altered. Worse, the votes can be changed without anyone knowing, even the County Election Supervisor who runs the election system.
Here’s How It’s Done
Diebold AccuVote systems use software called “GEMS” in 37 states. At least a dozen full installation versions of the GEMS program were available on the Diebold ftp site. The manual, also available on the ftp site, tells that the default password in a new installation is “GEMSUSER.” Anyone who downloaded and installed GEMS can bypass the passwords in elections. In this examination, we installed GEMS, clicked “new” and made a test election, then closed it and opened the same file in Microsoft Access.
One finds where they store the passwords by clicking the “Operator” table.
Anyone can copy an encrypted password from there, go to an election database, and paste it into that.
One can overwrite the “admin” password with another, copied from another GEMS installation. It will appear encrypted; no worries, just cut and paste. In this example, we saved the old “admin” password so we could replace it later and delete the evidence that we’d been there. An intruder can grant himself administrative privileges by putting zeros in the other boxes, following the example in “admin.”
To see the full text of this article visit: http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm