Interview by Brad Friedman, guest hosting on the Mike Malloy Show
October 8, 2010
[Ed Note: For additional information on this interview, see this follow-up BRAD BLOG report.]
MP3 download, or listen online [appx 29 mins]…
BRAD FRIEDMAN: We've got some absolute unreported bombshell stuff coming. We talked a little bit about this recent hack of a Internet voting system in Washington, D.C. It was a system that was about to go live. We talked a little bit about it last night on the show and the hacker and his team who took over the entire server, changed all the ballots with write-in votes, got back door access --- set up back door access to the system --- what else did they do? Put in a script there so that it would change future votes. And oh, they revealed the identities of the people who voted and how they voted. All of this stuff unbelievable but you ain't heard the half of it. I've been listening to a hearing today that took place in D.C. about this hack. And remember, this was about to go live in just a couple days for the November elections. Military and overseas voters were prepared to use this system until these hero white hat hackers got in and did what they did.
Anyway, that stuff I just gave you has already been reported. It just broke a couple of days ago, I got it, you can bone up on it over at BradBlog.com. We'll talk about those details. But then we're going to add the bombshells on top of it that came out at this hearing today. That, well, it blew my mind. We'll see if it blows yours.
To that end we had hoped to actually have that hacker, which was J. Alex Halderman, Assistant Professor from University of Michigan, who did this hack with his team. And oh, they put their calling card on it. The Michigan, University of Michigan fight song would play after people voted. And yet they still didn't notice that he had hacked the system for about three or four days. Anyway, we were going to have him on today but he had to do this testimony in D.C. and so he's in transit, was not able to make it.
But believe me, the fellow we got comin' on is no sloppy seconds. Dr. David Jefferson from Livermore National Laboratories is going to talk to us about that D.C. voting hack, the new bombshells that came out today and one discovery that he made when he was able to test the system as well over the last couple of days. And Dr. Jefferson has been perhaps the loudest, longest voice on the dangers of Internet voting, going back a decade, trying to say, "Hey, people, are you crazy?" He also has worked for five consecutive Secretaries of State out here in California on electronic voting. This guy knows his stuff. He's going to join us and we will have those bombshells in this hour. You'll want to stay tuned.
BRAD FRIEDMAN: We're coming back with David Jefferson from Livermore Laboratories and we're going to talk about this unbelievable, well, D.C. --- they were planning to use this system in days and they had opened it up and they said, "Hey, hackers, you wanna come in and test this system? We'll give you a couple of days. Go!" Well, within 36 hours they took over the entire system. We know about what they did. We now know who did it but there's some information that you don't know that you haven't heard even if you have followed this story, and that's not easy unless you read BRAD BLOG, but there's some information that you don't have that ought to scare the hell out of you whether you're Democratic, Republican, independent. Pay attention. Please?
You're listening to Brad on the Mike Malloy Show. We'll be right back.
BF: All right. Welcome back to the Mike Malloy Show. Brad Friedman of BradBlog.com in for Mike. All right. I've been tellin' you about this, I've been tweetin' this all day, calling it "a bombshell". And I don't think I've been overstating it but you'll tell me. We're gonna tease this out to you as we go throughout this hour because there are a number of pieces, a number of bombshells.
Joining me, well, see, I already lost my, there we go. I already lost track of what I had, my notes here. Dr. David Jefferson is going to join us here. He is an internationally recognized expert on voting systems and election technology. He's been a pioneer in research at the intersection of computing, the Internet and elections for 15 years. Yeah, he's been paying attention to this stuff long before you and I have.
He's also been advisor to five successive Secretaries of State out here in California on technology-related issues. In 2004 he was co-author of the SERVE security report which detailed major security vulnerabilities in the Department of Defense's proposed Internet voting system in 2004, and that led, thankfully, to the cancellation of the program.
He has a resume here too long to list of people he has testified before, commissions, official commissions and so forth. But he is currently a member of the Board of Directors of California Voter Foundation and of Verified Voting. He is currently a computer scientist also at Lawrence Livermore National Laboratories, where he leads research in cyber security and simulation for national security applications.
This guy is the real deal. And I've known David for a number of years. Always wanted to get him on the radio to talk about some of this stuff. He has not been able to until now. And while we were hoping to have the actual hacker of the D.C. Internet voting system, instead he couldn't make it because he had to testify today. David has been kind enough to jump in and join us here to talk about what we knew so far, until today, about this hack and what is to come. We've only got now --- because I'm runnin' late, I know --- we only got one minute [before the break] so let me quickly welcome you. Dr. Jefferson, welcome to the Mike Malloy Show, Sir.
DR. DAVID JEFFERSON: Thanks very much, Brad. Pleasure to be here.
BF: Okay. Great to have ya. Now, because I'm already running behind, we'll have to get, dig into the details after the break. But I wanted to find out from you first off, when I have been describing these findings as "a bombshell", and I thought what we already knew was a bombshell, am I overstating this in calling it an absolute bombshell?
DJ: I don't think so. These were stunning revelations today and they were really surprising. They've also been kept quiet for most of the last week. They were just revealed today.
BF: Those stunning revelations are coming up straight ahead after this break. Brad Friedman in for Mike Malloy, speaking with Dr. David Jefferson from Livermore Labs about the D.C. Internet vote hack. More straight ahead.
[BREAK. Returning song lyrics include, "…Cast your vote down the memory hole. Little black box where your little vote goes. Down and down the memory hole. Oh where, oh where did your little vote go? Nobody knows ..."]
BF: No, they don't. They don't know. Brad Friedman in for Mike Malloy. And one person who knows we don't know is Dr. David Jefferson from Livermore National Laboratories, joining us here tonight to talk about these --- and also from VerifiedVoting.org --- to talk about this D.C. Internet vote scheme that was hacked, that was set to go live in the November elections where you were going to have live voters using this. Military and overseas voters using this.
To their credit, the D.C. elections board opened this up and said, "Hey, let's test this! (Just days before we do it.) Anybody can hack it? Come on! Show us. We think it's secure." And what do you know, within days the test server, when people went to vote, they started hearing the University of Michigan fight song playing at the end of their test voting process. And thankfully what has happened has killed the entire plan for the Internet voting scheme out there in D.C. And we're going to get into the details of what we have already learned this week and then some new bombshells with Dr. Jefferson.
All right, David, one of the, well, let me just read what Alex Halderman, he was the assistant professor at University of Michigan who led a team of students to hack this system, essentially. He writes: "Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software including the ability to change votes and reveal voters' secret ballots." They did this in a day's time. Would you like, can you first, before we get to the unreported bombshells, expand on what he said he did here?
DJ: Well, so he did a couple of things. He initially was able to exploit the fact that the network, as it was being set up, had not been properly configured and one of the passwords for a major switch in the system had been left at the manufacturer's default, and they just figured that out. And that allowed them to watch all of the subsequent traffic that the officials and their IT staff were doing for …
BF: And that was just a four …
DJ: …for an extended period.
BF: And that was just a four letter, four number or four letter password, the default password …
DJ: It was. That's right. It was a four-letter password. It was also printed in the manual.
BF: Okay. So he was able to, they were able to get in in short order and what did they do first once they were in?
DJ: Well, the second thing they did after getting control of that switch was to get control of the web server and the back end database that stores ballots. And that allowed them to look around, find out what files were there, examine the ballots. They were able to find the public key, one of the two keys involved in the cryptography for storing ballots and so on. They were able to find that key. That allowed them to manufacture phony ballots. So they actually replaced all of the real ballots that had been cast by test voters before they had succeeded in the break-in, they replaced them with phony ballots of their own creation.
BF: They just changed, they changed them and they actually put in whoever they wanted as a write-in …
BF: … vote, right?
DJ: That's correct. And in fact, they wrote in the names of, I think, famous movie robots or something like that.
BF: Yes, science fiction robots. But they had changed all, ALL, of the cast ballots to anything they want, as I understand it.
DJ: They did that and they, further, they left some code around so that all subsequent ballots that were cast by test voters would also get changed to this same ballot of their creation. So no legitimate ballots that were cast remained in the test.
BF: And so this means even without them hangin' around personally and doing it, if future voters came in, those ballots would also be changed.
DJ: That's correct. Exactly.
BF: They were able to, and you had mentioned the cryptography key. And that's something that I hear a lot of times from folks who do support the idea of computerized voting, whether it's on touchscreen systems or Internet voting as we're insanely talking about here and looking at in America's immediate future. You hear people talk about cryptography, "As long as there's cryptography on there, there's nothing to worry about. It's military grade cryptography. Everything's fine." Not so?
DJ: No. Not even close to so. Not even remotely so. There are a few things that you can do with cryptography that are important for security and where it's done and it solves pieces, I mean, if the general security problem for election might be characterized as having a hundred parts, cryptography can strongly solve three or four of them. But there are the other 96 parts for which cryptography doesn't do anything.
DJ: And those, and that's where you attack.
BF: And additionally, now. They finally, they left a calling card. They left the University of Michigan fight song playing, after you completed your vote there would be like a 15-second delay and the fight song would play. And yet the folks who were monitoring this test, the election officials, how many days did it take them to notice that their system had been thoroughly hacked?
DJ: Well, there's a little confusion about this because they haven't been quite very forthcoming about that. They claim to have noticed it, they claim to have known that they were attacked the next day after it started. But it isn't clear what they knew. It isn't clear whether they had noticed the fight song. It isn't clear whether they had estimated the full dimensions of the attack. However, they did not take the system down actually until Friday afternoon, about three days later.
BF: [laughs] And this was, and I love they said, "We're taking it down for usability reasons." Okay, so this we now know, it came out this week, it helped to stop this plan, this insane plan, to actually use this system to have troops, overseas troops and overseas voters use this system. But you discovered, before we get to the new bombshells that Alex Halderman testified to today in a committee room, by the way, in D.C., the D.C. elections, well …
DJ: City Council.
BF: City Council. Which, by the way, there was one person I think questioning him. There was nobody in the audience. I couldn't believe that nobody seemed to give a damn about this. All right. Very quickly, before we get to the new bombshells we learned today, you also tested this system yourself …
BF: … and you discovered what, David Jefferson?
DJ: Well, I discovered a serious flaw in the test system. If you, the way it was supposed to work is that you would, you would connect to their website, a .pdf file would be displayed to you which displays your blank ballot, you were supposed to mark it with your mouse, you were supposed to save that file with your vote marks in it, and then the last step was to upload it, that is to say send it back to Washington, D.C. officials.
BF: So you have filled out, the voter would fill out their ballot in their browser …
BF: …and save the file and send it along, I guess email it as an attachment, right?
DJ: It wasn't email, no. Though that would not have mattered. No. But it was back through the browser.
DJ: So I did all of that, as directed, because I was learning how to use the system.
DJ: After submitting the vote back, the ballot was still on my desktop as a file so I opened it. And I discovered that all the votes had disappeared. They had been, I had a blank ballot. Which means that I had sent a blank ballot back to the District of Columbia, not the choices that I had made. And I investigated further and discovered that, that anyone who used certain combinations of browsers and what we call .pdf plug-ins would have the same problem. In fact, unless you used a particular .pdf plug-in, Adobe Reader, which many people are familiar with and many people use but many don't …
DJ: Unless you used that, you were pretty much guaranteed that your votes would be erased the moment you saved them and they would, and you would be disenfranchised.
BF: And you would send, and we would end up with thousands of blank votes and they would tell us afterwards when we complained about this, they would say, "Oh, well, the voters didn't follow the instructions." Or "They didn't want to vote." Or "The voters are so angry this year that they're making a statement by sending in blank ballots. And anybody who says otherwise is a conspiracy theorist." And the election would have stood.
DJ: Well, I don't want to go, I don't know what they would have done. But it was a very serious problem because I actually did follow directions. I did not do anything wrong, and many voters would have had this same problem. Not thousands, 'cuz honestly they only expected at most a thousand votes total …
BF: In this test, right.
DJ: In this, in the real election.
BF: Real election. Right.
DJ: Yeah, because that's how many overseas and military voters the District has registered. Even so, a large proportion of them would have cast, unknowingly cast, blank ballots. And once you do that there's no recovery because you can't vote twice and the election officials are not supposed to be able to find your ballot and fix it, so.
BF: And listen, they, you might not want to say what would have happened, but I've seen it in election after election after election, from New Mexico 2004, Sarasota 2006, all of these ballots come up on touchscreen systems, not even Internet systems, and they say, "Oh, the voter just didn't follow directions." All right. I gotta move on because we're coming up on a break and I want to get to, well, let's get to, we got about three bombshells that came out today. Let's play this first one. Now remember, David Jefferson is from Livermore National Laboratories and Verified Voting, has said that the hackers in this D.C. Internet voting test were able to take over the passwords and wreak all sorts of havoc. But here is what else they found out. Here is Alex Halderman testifying today in D.C.
ALEX HALDERMAN: We weren't the only ones, though, who were trying to attack the BoEE network infrastructure. While we were in control of these systems we observed other attack attempts originating from computers in Iran and China. These attackers were attempting to guess the same master password that we did. And since it was only four letters long, they would likely have succeeded. So we decided to defend the network by blocking them out, by adding rules to the firewall, and by changing the password to a more secure one.
COUNCILWOMAN CHEH: You changed the password of the BoEE system?
AH: Of the pilot system, yes.
CHEH: You changed it?
AH: We did, yeah, to something so that the Chinese and Iranian attackers wouldn't get it.
BF: Uh …
DJ: Amazing, isn't it?
BF: Yeah. China and Iranian hackers were also trying to access this system. And Alex Halderman, God love him, a white hat hacker here, if I understand it, he actually changed the password to keep the other hackers from getting into the system. Right?
DJ: And, and the firewall. Yeah, so let me give you a little background on this. Many of us have been arguing that election security is a matter of U.S. national security. Oftentimes the difference between one or another candidate for United States Senator, say, you know, is only a few hundred votes. So it's really important that it not be possible for foreign governments or crazy self-aggrandizing hackers in other countries (or in our own) to be able to modify votes and get away with it. So, but usually this warning that I have given many times that this is a national security issue goes, well, people are somewhat skeptical about it. It goes underappreciated. So here we have a case where not even a real election, just a test election, but announced as open to all comers to try to hack, Alex Halderman finds that not one but two teams from national rivals of the United States, Iran and China, are already trying to probe around inside it.
BF: And that was, and I gotta get to a break, we're speaking with Dr. David Jefferson of Livermore National Laboratories about this D.C. Internet vote hack. It was a test system but it was to be a live election that was to start within days …
BF: … for the November election. And to your credit, sir, you were the first one to bring it to my attention many years ago that this is indeed a national security issue. It's not about Republicans, it's not about Democrats, independents, anybody else, it's about national security. We're back with more bombshells still to come. David Jefferson of Livermore National Labs on the D.C. Internet vote hack right after this.
[COMMERCIAL BREAK. Show returns with song including the lyrics, "This is my democracy, you won't go telling me my vote don't matter anymore, and it's not worth fighting for …"]
BF: Fighting for your vote, be you Republican, Democratic party, independent. I don't care. I think your vote ought to be counted and counted accurately and transparently so that we know that it is. We are speaking about this, frankly, stunning hack of the D.C. Internet voting system that was planned to go live before hackers, as it turns out good-guy white hat hackers, took the entire system over, changed all the ballots, put in write-in entries, put a password so the ballots could be changed in the future. They were able to see how specific people voted, so the secret ballot was lost. And, as we have just heard, he wasn't the only one, the team from the University of Michigan wasn't the only one hacking this system. Also hackers from Iran and China. And our good-guy hacker, Alex Halderman, changed the password so the Iranians and Chinese couldn't get in.
David Jefferson…but we got more bombshells comin' up now on this that we're just now learning. Quick question from the chat room from Emily for David Jefferson who is my guest here, cyber security expert, computer scientist from Livermore Labs and VerifiedVoting.org, Emily wants to know why did they shut out the Iranian and Chinese hackers. David?
DJ: Well, I think it's very important that they did so. For one thing, it might have been that the Iranian or Chinese hackers, if they'd had a chance, would have shut them out. And the consequences could have been much more serious. But secondly, I think they felt that it was an important duty that they had. They know about this and they had to protect this experiment and this voting system. I think they did the right thing.
BF: And there was, okay, two other major pieces we learned today. One, that the hackers here were also, this is just, I don't know if it's funny, scary, I don't know, David Jefferson, but were able to take over the cameras, the security cameras, right?
DJ: That's right. The security cameras, the digital cameras, they were on the same switch as all the other equipment in the data center. And they were able to watch from Michigan the D.C. personnel walk around and do things at the keyboard in the data center. I don't think there are any important consequences of this right now but if they, if they were trying to burglarize the place it would be nice to know when somebody was there and what it was.
BF: Well, Halderman actually testified today that they were able to see the password being typed in by employees there. All right. We only have two minutes here so we're going to have to, can we fit this in in two minutes? This last big terrifying chunk, David Jefferson?
DJ: Go for it. Go for it.
BF: All right. We'll set it up. He discovered that the elections officials were doing tests of their own before the testing started, and apparently they were testing it out by sending incorrect files, files that were too large or too small to actually be ballots, I'm understanding this correct …
BF: … and they found a specific file that was used for the testing that was still on the system that they were able to get to and he actually pulled it out dramatically today during the hearing. What was that file that he got access to and, hell, we don't know if China or Iran got to it or not?
DJ: Yeah, this was stunning. This was a file which contained over 900 letters to, addressed to voters who were to vote in the real general election, telling them what their voter ID and their PIN was that the were to use when they voted in the real election. And this file is in a sense the holy grail of voter security in the general election if this system were to be used in the general election. Of course, it's now not going to be. But had an adversary had a copy of that file, they would have been able to cast votes for the legitimate voters, and if they'd cast them ahead, their votes would be accepted as legitimate and the actual legitimate voters, when they tried to vote, would be denied because of course you can't vote twice.
BF: Dr. David Jefferson from Livermore National Laboratories and Verified Voting, thank you, Sir. Lizz Winstead ahead and more on this right after this.
Transcribed by Emily Levy