In exclusive stunning admissions to The BRAD BLOG some 11 months after the 2004 Presidential Election, a "Diebold Insider" is now finally speaking out for the first time about the alarming security flaws within Diebold, Inc's electronic voting systems, software and machinery. The source is acknowledging that the company's "upper management" --- as well as "top government officials" --- were keenly aware of the "undocumented backdoor" in Diebold's main "GEM Central Tabulator" software well prior to the 2004 election. A branch of the Federal Government even posted a security warning on the Internet.
Pointing to a little-noticed "Cyber Security Alert" issued by the United States Computer Emergency Readiness Team (US-CERT), a division of the U.S. Department of Homeland Security, the source inside Diebold --- who "for the time being" is requesting anonymity due to a continuing sensitive relationship with the company --- is charging that Diebold's technicians, including at least one of its lead programmers, knew about the security flaw and that the company instructed them to keep quiet about it.
"Diebold threatened violators with immediate dismissal," the insider, who we'll call DIEB-THROAT, explained recently to The BRAD BLOG via email. "In 2005, after one newly hired member of Diebold's technical staff pointed out the security flaw, he was criticized and isolated."
In phone interviews, DIEB-THROAT confirmed that the matters were well known within the company, but that a "culture of fear" had been developed to assure that employees, including technicians, vendors and programmers kept those issues to themselves.
The "Cyber Security Alert" from US-CERT was issued in late August of 2004 and is still available online via the US-CERT website. The alert warns that "A vulnerability exists due to an undocumented backdoor account, which could [sic: allow] a local or remote authenticated malicious user [sic: to] modify votes."
The alert, assessed to be of "MEDIUM" risk on the US-CERT security bulletin, goes on to add that there is "No workaround or patch available at time of publishing."
"Diebold's upper management was aware of access to the voter file defect before the 2004 election - but did nothing to correct it," the source explained.
A "MEDIUM" risk vulnerability cyber alert is described on the US-CERT site as: "one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file."
DIEB-THROAT claims that, though the Federal Government knew about this documented flaw, originally discovered and reported by BlackBoxVoting.org in August of 2004, they did nothing about it.
"I believe that top Government officials had an understanding with top Diebold officials to look the other way," the source explained, "because Diebold was their ace in the hole."...