by Brad Friedman on 3/21/2009 10:37PM
Diebold Failure: Not Just for E-Voting Anymore
Info-stealing malware discovered on their Windows-based ATM systems
Experts suspect insider attack...
From bit-tech.net:

According to anti-virus provider Sophos – via ITWire – code has been discovered for a piece of malware that targets automated teller machines from US manufacturer Diebold, better known for its range of voting machines.

The code for the software uses undocumented features to create a virtual 'skimmer' which is capable of recording card details and personal identification numbers without the user's knowledge, which suggests that the creator had access to the source code for the ATM. While this doesn't directly point to an inside job, the possibility certainly can't be ruled out.

Sophos believes that the code was intended to be pre-installed by an insider at the factory...

ITWire explains: "It appears to be an inside job, as it uses undocumented functions of the ATM software and appears to use the printer. This suggests the people behind the malware have access to the Diebold software".

"Undocumented functions" just like those found on Diebold voting machines, naturally. And "access to the Diebold software" such as that gained by either a company insider, or someone who happened to find the source-code for Diebold's voting machine software just left by the company, available for download by anyone, on an unprotected Internet site...


A follow-up from SC Magazine offers more details and Diebold has confirmed --- in a letter issued along with a security update sent to "Dear Valued Customer" --- that a "physical break-in...affected a number of Diebold automated teller machines (ATMs) in Russia". Those machines were their "Windows®-based ATMs". Not unlike their "Windows-based" voting machines.

In the letter, Diebold also writes, presumably with a straight face :"This latest offense against Diebold ATMs is another example of the growing level of sophistication and aggression involving ATM-related crime. Security is one of Diebold's absolute priorities and our engineers are working constantly to address emerging ATM security threats."

Seriously, can't somebody finally put this horrible company out of America's (and the world's) misery?!

Most electronic voting systems can be hacked, CIA expert says
John Byrne
Published: Wednesday March 25, 2009


CIA expert told panel he wouldn't divulge CIA's interest in voting systems in a unclassified setting
A top CIA cybersecurity expert told the US Election Assistance Commission last month that most electronic voting systems are insecure, according to transcripts obtained by McClatchy Newspapers.

The comments, by CIA expert Steve Stigall, are sure to fuel a new wave of anxiety over electronic voting. Stigall said any voting machine connected to the Internet could be easily hacked, and that while numerous US states have banned voting machines from having wireless capability, some machines can have the cards installed without officials being aware.

"You heard the old adage 'follow the money,' " Stigall said, according to the transcript. "I follow the vote. And wherever the vote becomes an electron and touches a computer, that's an opportunity for a malicious actor potentially to . . . make bad things happen."

"Computerized electoral systems can be manipulated at five stages, from altering voter registration lists to posting results," a summary of his remarks said.

Moreover, Stigall said that the CIA believes Venezuelan President Hugo Chavez may have fixed a recent recount in his favor using such tactics. Chavez, he said, controlled most of the voting machines used and may have provided the program that was used to "randomly" select machines for audit during a recount.

The voting machines Venezuela used were made by Smartmatic, a company that partnered with Chavez's government which was owned by US-based Sequoia systems until 2007. Sequoia also provides voting machines for the District of Columbia and 16 US states.

The CIA expert was speaking before the US Election Asssitance Commission, a "tiny" agency created by Congress to modernize voting practices, during a field hearing last month in Orlando.

"While Stigall said that he wasn't speaking for the CIA and wouldn't address U.S. voting systems, his presentation appeared to undercut calls by some U.S. politicians to shift to Internet balloting, at least for military personnel and other American citizens living overseas," McClatchy's Greg Gordon wrote. "Stigall said that most Web-based ballot systems had proved to be insecure."

"The CIA got interested in electronic systems a few years ago, Stigall said, after concluding that foreigners might try to hack U.S. election systems," Gordon added. "He said he couldn't elaborate 'in an open, unclassified forum,' but that any concerns would be relayed to U.S. election officials."

Paper receipts aren't a guarantor of electronic voting security, the CIA expert added, because the votes can be changed when or after they are transmitted to a master computer tabulating the votes or when they're posted online.