[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Excellent, Mr. Paul Tiger
Rockwell was the chip maker for many modems of that era. Signetics had a
license to produce similar chips from Rockwell, but they weren't used that
much. National Semiconductor had similar functionality, but didn't sell
well.
The last time that I played with any modems in a lab setting was in 1997. I
have no clue what is going on these days.
I once listened to a lecture on telecom security at NIST from a NSA engineer
who stated that the only secure computer was one that was set in a block of
concrete at the bottom of the ocean. At the time I was amused. No longer.
SG
-----Original Message-----
From: Ralph Shnelvar [mailto:ralphs@xxxxxxxxx]
Sent: Friday, March 31, 2006 4:04 AM
To: cvv-discuss@xxxxxxxxxxxxxxxxx
Subject: Excellent, Mr. Paul Tiger
On Wed, 29 Mar 2006 04:57:08 -0700, you wrote:
>More like old hack. Back in 03 when some of us were invited to work on the
>committee to advise which vendor to buy DRE from, few if any of the
>committee went looking for systems that were under command and control via
>wired or wireless. And believe me, we had vendors telling us that this was
a
>feature of their systems, and therefore being sold as a benefit. But we
>weren't interested. It wasn't just the dozen members of that committee, but
>pretty much the entire country. The reports in the press and on the net
>lambasted vendors for even thinking about networking elections computers.
>However, there were a few vendors that had centralized brain boxes for
>collecting votes from nearby (polling place) DRE and then having the poll
>judges dump the memory modules over the wire (modem) to the central office.
>As this was just the transfer of data one-way, we were more amenable to
that
>scenario. But not everyone.
>Modem communications is not one-way, even when doing an upload. Modems do
>something called handshaking. The modems talk to each other, ostensibly to
>correct bad data by demanding it be resent. In these handshakes there's a
>lot more that can be transacted than just data.
[snip]
>In short order, one of the engineers wrote a war dialer that inspected the
>answering modem to find out if we could enter via the various back doors
>that we knew to exist. We ran this from the Cyber and not a soul knew
>because we hacked in. After we collected a list of vulnerable computers in
>the Boulder and Gaithersburg area, we spent about week hacking into
numerous
>governmental computers using the Cyber at NOAA as a jump off point. We
>waited to see if there were alarms, or if someone would notice. No one did.
>
>One of the reasons that no one noted the hacking was that no one was really
>looking.
In the case of DREs and other forms of electronic voting, we are attempting
to look but are being prevented from doing so by the vendors and the
governmental agencies that are supposed to be looking for us.
>If a call came from another governmental system, or that the remote
>caller even knew which number to call - all must be well. Security by
>obscurity.
In our case it is insecurity by obstruction.
>But even if anyone bothered to monitor the traffic between modems they
>wouldn't have seen anything out of the ordinary, because they were looking
>at only the data flow and not what the computers were doing with the data.
>Furthermore, the telecommunications standard of RS-232 affords the ability
>for two devices to speak duplex to each other. Very few people know that
>even now. Standard RS-232 monitors (test equip) had no ability to monitor
>RTS/CTS or x-on/x-off. So even if you suspected something fishy, you'd have
>to build the test suite to look for the out-of-band signals.
During the early 80's I was trying to sell to the NSA (at the NSA's request)
hardware/software to do voice scrambling. My product, Cylencer, did exactly
that. It digitized voice and then used proprietary encryption to scramble
the signal.
We used datascopes to analyze our full duplex signals. But I'll tell you
this, we probably would not have noticed anything out-of-the-ordinary if
someone was messing with RTS/CTS.
>
>Not only could I simply make a modem fall back to a slower speed, but I
>could do much more complex stuff like mount off-line disks, open up other
>modems and get them to dial out, etc. Essentially, our engineering team
>could effectively have a complete command and control session going on with
>the remote host while normal data transfers took place over the same line.
Is that back door still in all of those modems?
[snip]
>At one of the last hearings of the 03 committee someone here in this group
>asked a rep from ES&S about data security. The ES&S guy said that they were
>using CRC (Cyclical Redundancy Checks). I had the idea that he just didn't
>know what he was talking about. He was asked (I think by Al) if they were
>using CRC32, but just CRC was confirmed. When asked about encryption like
>DES or PGP, he stated that it wasn't needed and was too slow.
>Again - only a handful of us knew what this meant and the impact had to be
>explained to others, who mostly didn't get it. One person who didn't get it
>was Linda Salas, but she really wasn't trying to get it.
One wonders what motivation she has to deliberately not get it.
[snip]
>
>What's the point of all of this: It takes a lot of skill and savvy to hack
>in from the outside with little to no knowledge of the internals of the
>target of your hacking.
Except that then vendors and/or the vendors' engineers have a great deal of
knowledge of the internals of their system while the monitors (us) have
almost none.
[snip]
>
>In short, computers should not be used in elections. It doesn't matter how
>secure they are, because they are not.
Excellent, Mr. Paul Tiger. Excellent.
Let me add that Open Source code will not fix any of these problems. One
could pour over the code line-by-line but if the computer uses a chip that
contains some of this back-door modem code then the machine can be hacked.
It might be difficult to do but given that elections sometimes control a few
billion dollars, difficulty is not an obstacle.
>
>SG
>
>-----Original Message-----
>From: Delta [mailto:delta@xxxxxxxxxxxxx]
>Sent: Wednesday, March 29, 2006 12:44 AM
>To: Evan Daniel Ravitz; cvv-discuss@xxxxxxxxxxxxxxxxx
>Subject: RE: More reasons to avoid electronic voting!
>
>The concern over the first story is ridiculous.
>go read about X-10.
>Info tx along power lines is old technology. Been around for decades.
>It will not open up computers to hacking anymore than they are exposed to
it
>on Broadband or DSL.
>and, those machines under consideration around *here* have no internet
>access capability anyway, regardless of how you intend to transmit it.
>
>The second story is nothing new either.....
>silicon Valley Geeks have been making back doors and spyware ever since
>software was invented.
>how are *they* stopped from putting trapdoors into software meant for
>electronic voting???
>
>Mountains out of molehills......
>
>> -----Original Message-----
>> From: Evan Daniel Ravitz [mailto:evan@xxxxxxxx]
>> Sent: Tuesday, March 28, 2006 10:22 PM
>> To: cvv-discuss@xxxxxxxxxxxxxxxxx
>> Subject: More reasons to avoid electronic voting!
>>
>>
>>
>> Folks,
>>
>> Here are 2 more reasons electronic machines (except "dumb" ones like
>> in the Swiss system) shouldn't be counting votes:
>>
>> Hi-speed internet via power lines means ANY computer could be
>> connected to the outside world (and thus subject to outside control or
>> hacking) even if no phone line, modem, wireless or network connection
>> is evident:
>>
>> http://www.cbsnews.com/stories/2003/02/10/tech/main540094.shtml
>>
>> AND, computers could come brand-new (to Hart, for example) with
>> spyware or "backdoors" built in:
>>
>> http://news.bbc.co.uk/2/hi/business/4849742.stm
>>
>> Evan
>>
>> "If you believe in things that you don't understand, then you suffer."
>> -Stevie Wonder's "Superstition"
>>
>> "Nobody understands everything in commercial US electronic voting
>> systems." -me
>>
>>
>>
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.3.4/299 - Release Date: 03/31/2006