Ron Paul Won Early Primaries, Mathematicians Find. Election Judge Threatened.

[CPUd]

They supposedly have control mechanisms similar to slot machines and ATMs, where the installations are monitored, and someone can inspect random machines in the field. I've seen them do it on an ATM before; the guy physically pulls out the drive and hooks it up to a machine he carries around with him. Their source code is likely tracked in a CVS. For the voting machines, I don't think all the states have the same procedures (or any at all). But yeah, at least an ATM give us a receipt.

 

[tangent4ronpaul]

For a programmer to create something "undetectable," like the guy had testified in the film Hacking Democracy, he already knows there is no such thing. Whatever he does will definitely not be in the source code that they make available for inspection. So what he would do is look to the compiler; you can add something to the source code of a compiler that would, before compiling, modify the source code for the voting machine software. Then you compile the compiler. If someone wants to look at the source code for the compiler, you could modify a 2nd compiler's source code that injects the code into the 1st compiler before compiling. This can be done to infinity, and no one is going to try to look that high up the source chain.

You must be familiar with "Reflections on Trusting Trust" by Ken Thompson
Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763

http://cm.bell-labs.com/who/ken/trust.html

Again, in the C compiler, Figure 5 represents the high-level control of the C compiler where the routine "compile" is called to compile the next line of source. Figure 6 shows a simple modification to the compiler that will deliberately miscompile source whenever a particular pattern is matched. If this were not deliberate, it would be called a compiler "bug." Since it is deliberate, it should be called a "Trojan horse."

The actual bug I planted in the compiler would match code in the UNIX "login" command. The replacement code would miscompile the login command so that it would accept either the intended encrypted password or a particular known password. Thus if this code were installed in binary and the binary were used to compile the login command, I could log into that system as any user.

Such blatant code would not go undetected for long. Even the most casual perusal of the source of the C compiler would raise suspicions.

The final step is represented in Figure 7. This simply adds a second Trojan horse to the one that already exists. The second pattern is aimed at the C compiler. The replacement code is a Stage I self-reproducing program that inserts both Trojan horses into the compiler. This requires a learning phase as in the Stage II example. First we compile the modified source with the normal C compiler to produce a bugged binary. We install this binary as the official C. We can now remove the bugs from the source of the compiler and the new binary will reinsert the bugs whenever it is compiled. Of course, the login command will remain bugged with no trace in source anywhere.
Moral

The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect.

If the vendor is forced to use a specific compiler that can be verified by a checksum, then it gets interesting. It is still possible to inject some code, but you must now know a great deal about the hashing algorithm that creates the checksum. This knowledge will allow you to make small changes in the source code, but only in specific places, using a limited set of characters. Imagine trying to write some code that implements the flipping algo, in about 20 characters, and you can only use half the keys on your keyboard. This is because hashing algorithms aren't perfect- it is possible (although on good hash algos, highly improbable) for 2 files that are not identical to produce the same checksum (AKA collision).

You're not going to be able to just bring in someone off the street to do this, either. You'd need a real programmer- someone that is not going to tell you it can't be done.

I looked into this some time ago and found nothing and didn't get far trying to figure out how to do it myself. Do you have any refs on checksum/hash "collisions"?

Another way to do it would be through the hardware. If they're using their own machines with proprietary hardware components, they could embed an IC in there that has the flipping algo 'hardwired'. Then, all you'd have to do is write a driver that interacts with that component, and the flipping would be done transparently without any modification of the source code. The only thing you'd need is a way to tell it who to flip. This may require no interaction at all, if it were to flip 2 candidates who held 2 specific rankings. Or it could be something more elaborate- there was once a guy who did something like this to a slot machine in Vegas- it was programmed to pay out after a certain sequence of coins were dropped in. For instance, you had the option to put 1,2,3 or 4 coins in- he programmed it to pay out when it was played with a sequence of 2,3,1,2,4,2,3....3,2,1 coins.

If it is done this way, it wouldn't be too hard to find it, if you had full access to all the hardware; but if it is proprietary, they will never let that happen.

I remember reading something On Bev Harris's site (and I'm really surprised her name has only been brought up once in this thread) about swapping out a module in a particular voting machine, and I was of the impression that she was talking about a e-prom...

Interesting thread!

-t

 

[tangent4ronpaul]

They supposedly have control mechanisms similar to slot machines and ATMs, where the installations are monitored, and someone can inspect random machines in the field. I've seen them do it on an ATM before; the guy physically pulls out the drive and hooks it up to a machine he carries around with him. Their source code is likely tracked in a CVS. For the voting machines, I don't think all the states have the same procedures (or any at all). But yeah, at least an ATM give us a receipt.

I've only seen 2 variations for voting machines:

Either the local election board owns the machines and are technically inept, relying on a "voting machine operation for dummies" type guide,
or
A vendor like DieBold will come in and set up the machines and have a handful of tech people that will come around and try to get the machines breathing again when they crash. I ran into and talked to one such tech briefly and security was not part of their job description.

-t

 

[CPUd]

I had a security course where we were all given the same source code to produce different executables; it took me many hours with a hex calculator.

After suffering through that, we were allowed to use fancy tools.

Here's some tools to find and exploit MD5 collisions:
http://www.mscs.dal.ca/~selinger/md5collision/

he demonstrates there are 2 programs with the same MD5 checksum that do drastically different things.

 

[tangent4ronpaul]

I had a security course where we were all given the same source code to produce different executables; it took me many hours with a hex calculator.

After suffering through that, we were allowed to use fancy tools.

Here's some tools to find and exploit MD5 collisions:
http://www.mscs.dal.ca/~selinger/md5collision/

he demonstrates there are 2 programs with the same MD5 checksum that do drastically different things.

Thank you!

+rep

-t

 

[kathy88]

Sounds like you guys are getting further and further into this. Awesome to see. Thank you all for your hard work.

 

[parocks]

You continually misrepresent what I say. What I said about the Alabama thread is that when I was on that thread, that wasn't discussed by me. I don't read and try to understand each and every chart that people crank out.

In Alabama I was trying to understand how Paul and Gingrich could get more votes for their delegates than they got themselves.

By the way - that's the Alabama story. Something was clearly fucked up in Alabama. It is IMPOSSIBLE for delegate vote to exceed candidate vote unless there's a huge problem of some sort. What was Alabama's explanation?

Because there clearly was a major problem in Alabama, any explanation of what happened in Alabama should include a recognition of that major problem. What did Alabama say about delegate votes exceeding candidate votes?

Wow. I only asked for you to RESPECT the positions of others on this site regarding vote stealing and you imply this? RESPECTING does NOT mean you can't argue with someone- just don't attack personally. Throw in the Religion card?!? WTF!! I have tried to look past the troll allegations Parocks, but EVERY time solid evidence is posted, you deflect attention from the subject matter.
Just so you know, I would definitely be considered a "country club Republican". Many, if not most, of my friends would be considered that as well. I have presented evidence that makes ZERO assumptions while you keep repetitvely spewing the MSM creationes of "Mitt does better here... RP doesn't do as well here,,, blah blah blah." Honestly, you are a joke.
BTW, I have derived the linear equations which PROVE that Romney's gains are false in Alabama. But honestly, you don't GET the simple graphs I have laid out in this thread (you claim they were never posted in the Alabam thread, which is FALSE) so you will NEVER understand what I lay out in a higher level mathematical exercise.

 

[rb3b3]

You guys are still going at this??????? Have we got anywhere with it? Proven? Not proven? Still up in the air? I still remember staying up until 4:30 am reading the very first thread about it lol.. I read through all the pages all night long from front to end.. The next morning at work was pretty tough

 

[NowCured]

I don't read and try to understand each and every chart that people crank out.

...

 

[parocks]

...

Hooray, post #5! It's 3 dots. Hooray!

 

[parocks]

You guys are still going at this??????? Have we got anywhere with it? Proven? Not proven? Still up in the air? I still remember staying up until 4:30 am reading the very first thread about it lol.. I read through all the pages all night long from front to end.. The next morning at work was pretty tough

I think that's the purpose, to waste time. Basically, the same people believe the same stuff. The people who were not conviced remain not convinced and those defending the theory now were defending it then.

 

[The Man]

You continually misrepresent what I say. What I said about the Alabama thread is that when I was on that thread, that wasn't discussed by me. I don't read and try to understand each and every chart that people crank out.

In Alabama I was trying to understand how Paul and Gingrich could get more votes for their delegates than they got themselves.

By the way - that's the Alabama story. Something was clearly fucked up in Alabama. It is IMPOSSIBLE for delegate vote to exceed candidate vote unless there's a huge problem of some sort. What was Alabama's explanation?

Because there clearly was a major problem in Alabama, any explanation of what happened in Alabama should include a recognition of that major problem. What did Alabama say about delegate votes exceeding candidate votes?

The "official story" from the Alabama elections commission is "there was nothing different in 2012 than 2008". Now, it's not clear to me how they could even begin to make that claim, but this is what I was told. The elephant in the room is that EVERY "voting machine error" ALWAYS benefits Romney's vote count. Parocks, EVERY graph that has shown ANY anomaly benefits ONE candidate-Mitt Romney- every single one. Again, the probability of this happening once is 1/4, twice- 1/16, three times- 1/64, and so on. I have seen literally hundreds of anomalies that all benefit Romney's vote total.

 

[The Man]

I think that's the purpose, to waste time. Basically, the same people believe the same stuff. The people who were not conviced remain not convinced and those defending the theory now were defending it then.

Parocks IF you really think it's a waste of time I have the obvious question for you... Why do you spend your time in this forum thread? IF you truly believe it's a waste of time, it makes NO sense at all why you spend ANY time on this. What's the point? Geez.

 

[parocks]

The first look at Alabama is that 2 candidates had more delegate votes than candidate votes. But this is supposed to be impossible. And it didn't happen in 2008.

That's the first look.

The first argument to make would be "what happened to the candidate votes" for Paul and Gingrich. How can there be more delegate votes than candidate votes for Gingrich and Paul? That should be impossible, but it's right there.

Alabama shouldn't be able to argue that away without admitting some sort of error.

The "official story" from the Alabama elections commission is "there was nothing different in 2012 than 2008". Now, it's not clear to me how they could even begin to make that claim, but this is what I was told. The elephant in the room is that EVERY "voting machine error" ALWAYS benefits Romney's vote count. Parocks, EVERY graph that has shown ANY anomaly benefits ONE candidate-Mitt Romney- every single one. Again, the probability of this happening once is 1/4, twice- 1/16, three times- 1/64, and so on. I have seen literally hundreds of anomalies that all benefit Romney's vote total.

 

[parocks]

Parocks IF you really think it's a waste of time I have the obvious question for you... Why do you spend your time in this forum thread? IF you truly believe it's a waste of time, it makes NO sense at all why you spend ANY time on this. What's the point? Geez.

1) Time is available to waste.
2) Makes Ron Paul supporters look crazy, and I typically argue against those things.
3) Others might not have that time available to waste.

 

[freedomordeath]

Parocks IF you really think it's a waste of time I have the obvious question for you... Why do you spend your time in this forum thread? IF you truly believe it's a waste of time, it makes NO sense at all why you spend ANY time on this. What's the point? Geez.

The Man.. the revolution marches on and waits fot no one, this dude will not be convinced. You are a patriot and the work you do is amazing, keep going.