, 30 tweets, 12 min read Read on Twitter
Ms. Hennessey,

I would like you to show me how vote switching is impossible.
Show me on the Voting machines that have zero paper record. The following states use Direct Recording Electronic voting machines only (no paper output on what vote was recorded).
LA, DE, GA, SC, NJ.
W/O any feedback, how can you guarantee that the vote that was placed is the one recorded on the hard drive?
I say 'prove it'
Should be simple right?
Not so fast, the DRE machines w/o a paper trail have no way to perform a vote audit
Prove to me the vote was tallied correctly
Furthermore, many of the states wipe the hard drives of those machines too soon, those states don't even allow for an audit of what was on the machine's hard drive. How are audits supposed to occur if the data have been erased?

#UnHackTheVote
There are plenty of states that have a mix of machines, some without paper trails. IN, FL, KY, PN, TN, TX, VA
Some counties still use DRE machines without a paper trail. See above Tweet for the problems, just at a county level.
These are just a few of the problems with DRE machines
But, there are plenty of other problems along the line
For instance the Diebold polling machines that hold the information about a voter & if they are allowed to vote.
What would happen if one of these machines were hacked?
#DEFCON26 Voting Village showed that the ExpressPoll-5000 is easily hacked
Their report showed that the "master" user password is stored in clear text on the machine
Anyone with access to the OS can switch to this user & login to the operating system ...
defcon.org/images/defcon-…
... issue SQL commands & alter voter records. The unencrypted password for the "master user" & admin password on the ExpressPoll-5000 show that the National Institute of Standards & Technology (NIST) are not implemented on the software of this machine.
What about change control in the database? A before & after picture of the record that was changed with a date & a "footprint" of who changed that record? Nope.
Remember, these records have your registered party, your name, address etc.
So what, you say?...
... What happens if your ID address doesn't match the identification you show? Will you be able to vote?
What happens if your record "disappears" entirely? You're no longer in the registered voter database? I am pretty sure you won't be allowed to vote.
Wait! There's more. This year's DEFCON conference had a voting village for kids & they gave them the opportunity to hack into voter websites.
Why? "These websites are so easy to hack we couldn’t give them to adult hackers — they’d be laughed off the stage," - Jake Braun
....
... they're so easy in fact that an 11 year old hacked into a Florida replicate website in under 10 minutes.

This is a website that would have voter registration information. FL isn't the only one who's security is weak.
pbs.org/newshour/natio…
Next stop on the tour: AccuVote TSx an electronic voting machine used by AK, AZ, CA, CO, FL, GA, IL, IN, KS, MS, MO, OH, PN, TN, TX, UT, WI & WY
This machine was highlighted in a mock election @ DEFCON
No tools & admin access in < 2 mins
The mock election using the AccuVote TSx did not use software programmed by the manufacturer. That means that 💥ANY💥 election can be programmed in these machines.

Let me repeat that 💥ANY💥 election can be programmed in these voting machines.
Without a paper trail, this machine is extremely vulnerable.

I think that this tweet says it all
Next stop on our #VotingVillage tour is the ES&S 650 Scanner.
I posted a thread in August of last year that featured a video from @LuluFriesdat featuring how easy it was to break into an ES&S 650 scanner (vote counting machine).

All a hacker needs is access to one machine to spread malware to others because the machines are networked at the clerk's office. Malware can hijack other machines inside the network, change the systems of other vote counting machines, the options are endless.
Many voting machines use smartcards to interface with the voting machine. The smartcard runs in partnership with the voting machine, but is clearly the "master". These smart cards are usually held in place with a non-secure plastic clip (like in the AccuVote TSx)...
... and can easily be removed.

The Voter Village research team was able to flash a new program into the smartcard. The new program was allowed on because there is no security which forces authentication, only a prompt to install new software...
...the smartcards have a default password that is effectively "hard coded". Having control of the voting machine also allows the hacker to manipulate the machine by voting more than once, voting in different county elections & the ability to control the machine remotely.
cards can be purchased that allow both a physical interface as well as a wireless one. Once the new card is in place, it can be programmed wirelessly, the hacker never has to have physical access again.
Possibly the worst part of all this? The fact that these vulnerabilities have been reported to the manufactures and they have done NOTHING about them. The issues with the ES&S M650 were reported in 2007. Almost 12 years later and they have done nothing to fix them ...
... the vote tallying machine isn't the only one, all of these vulnerabilities (and more) have been identified & the manufacturer does nothing to fix the issues, while the states keep using these machines while the powers that be keep telling us that we're being alarmists.
We know that attacks are taking place. The #MuellerInvestigation indicted 13 Russian nationals in February 2018 for hacking and interfering in the US 2016 elections. We've heard reports of voter databases being scanned and hacked. The attacks are real!

cnn.com/2018/02/16/pol…
The DEFCON Voter Village showed us that many voting machines take less time to hack than it does to cast a ballot (in some cases, less than 2 minutes). These machines require no tools to break into them & access physical components that allow a user to take control of the machine
The way that voting machines travel through the supply chain is a big concern. This is from my thread a year ago. It is disturbing to say the least that there are no security controls on these machines as they are being made, tested and distributed.
All of this is disheartening, but there is something you can do.
Call your Representative and Senators.
Our nation's security is the responsibility of the Federal government.
Tell them to implement Security standards for voting machines & hosting services are a great start.
Funding election security should be of the highest priority!
Hand marked paper ballots need to be implemented.

Your vote in our nation's elections should be sacrosanct, instead, its treated like a choice of who moves on to next week's talent show.
Remember this is only one way to change votes. Changing votes can include disenfranchisement, gerrymandering, voter roll purges, photo IDs, requiring a voter to have a physical address ... these are just some of the dirty tricks that are used, but these are for a later thread.
I've heard this more times than I care to mention. "There's no proof that votes were changed."

My response: "Prove to me that votes *weren't* changed".

If they say "I can't do that", then tell them that they better figure out a way.

#UnhackTheVote
Then there's this ... How come we never heard this? Oh wait, because the administration has utilized zero of the funding for securing our elections.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Porpentina (Tina)
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!