Need urgent help checking voting machines for Java code - today!

Discussion in 'Java' started by jmarch@prodigy.net, Sep 12, 2006.

  1. Guest

    Folks,

    I'm an elections observer in Pima County AZ credentialled by both the
    Pima County Democratic and Libertarian parties. I need to be able to
    check the Diebold Election Systems central tabulator for illicit Java
    programs that might alter the central vote tally database.

    In case you're not aware, Diebold's central vote tabulator stores it's
    data in MS-Access. Yeah. Which means it can be "back doored" all too
    easily. The box runs Windows 2000.

    I already have a method for doing this for Visual Basic scripts from
    the command line:

    C:\>findstr /l /s /i /m /c:"select case" /c:"elseif" /c:"end sub" *.* >
    c:\vblog.txt

    The "findstr" command (built into Win2k and XP) will report back all
    files that contain any of those three strings which are common stuff in
    VB. I can then pull up the log file created and manually look at each
    one for potential cheatin' stuff.

    I need an equivelent for Java, as a separate second command line to
    write to a "jslog.txt" file. But I don't know enough about Java to
    create such a critter.

    Any ideas? This is for a test this evening as today is the AZ
    primaries.

    (Note: yeah, I know they might compile it and screw us. Nothing I can
    do about that except hope that any cheater is a pretty low-grade
    geek...

    Jim March / jmarch -at- prodigy.net
    Member of the Board of Directors,
    Black Box Voting Inc.
    www.blackboxvoting.org
     
    , Sep 12, 2006
    #1
    1. Advertising

  2. Oliver Wong Guest

    <> wrote in message
    news:...
    > Folks,
    >
    > I'm an elections observer in Pima County AZ credentialled by both the
    > Pima County Democratic and Libertarian parties. I need to be able to
    > check the Diebold Election Systems central tabulator for illicit Java
    > programs that might alter the central vote tally database.
    >
    > In case you're not aware, Diebold's central vote tabulator stores it's
    > data in MS-Access. Yeah. Which means it can be "back doored" all too
    > easily. The box runs Windows 2000.
    >
    > I already have a method for doing this for Visual Basic scripts from
    > the command line:
    >
    > C:\>findstr /l /s /i /m /c:"select case" /c:"elseif" /c:"end sub" *.* >
    > c:\vblog.txt
    >
    > The "findstr" command (built into Win2k and XP) will report back all
    > files that contain any of those three strings which are common stuff in
    > VB. I can then pull up the log file created and manually look at each
    > one for potential cheatin' stuff.
    >
    > I need an equivelent for Java, as a separate second command line to
    > write to a "jslog.txt" file. But I don't know enough about Java to
    > create such a critter.
    >
    > Any ideas? This is for a test this evening as today is the AZ
    > primaries.
    >
    > (Note: yeah, I know they might compile it and screw us. Nothing I can
    > do about that except hope that any cheater is a pretty low-grade
    > geek...


    I believe the pseudo-equivalents to VB's "select case", "elseif" and
    "end sub" are "switch", "else"[*] and "}" respectively. However, for the
    number of matches you're likely to get with "}", you might as well just read
    the entire Java source code.

    I don't see how finding these constructs, either in VB or Java, will
    help you detect "illicit programs" in any way (unless this is one of those
    "going through the motions to give the illusion of security" kind of
    things), so maybe I completely misunderstood your question.

    Are you trying to make sure there aren't any Java programs installed at
    all? Well, as an easy first step, I'd go into the control panel and
    uninstall any Java Virtual Machines I could find. That'll probably stop most
    low-grade cheaters. If you're looking for keywords that almost always appear
    in Java programs, you can try stuff like "public static void main(String",
    "public class", "package", "import".

    As for your "they might compile it and screw us", I have to say they
    will definitely compile it. Java, traditionally, is compiled, not
    interpreted. Which means if they're low grade, they probably compiled it. If
    they manage to get a Java program running without compilation, that's
    probably evidence of a high-grade cheater. So you should look for files with
    the .class file extension. If the first 4 bytes are 0xCA 0xFE 0xBA 0xBE,
    then it's a Java file. These 4 bytes are not whithin ASCII, so I'm not sure
    if you can use findstr to detect them.

    - Oliver

    *: "else if" might be a better match, but then you'd have to deal with
    whitespace issues like "else if".
     
    Oliver Wong, Sep 12, 2006
    #2
    1. Advertising

  3. Guest

    Oliver Wong wrote:

    > I believe the pseudo-equivalents to VB's "select case", "elseif" and
    > "end sub" are "switch", "else"[*] and "}" respectively. However, for the
    > number of matches you're likely to get with "}", you might as well just read
    > the entire Java source code.
    >
    > I don't see how finding these constructs, either in VB or Java, will
    > help you detect "illicit programs" in any way (unless this is one of those
    > "going through the motions to give the illusion of security" kind of
    > things), so maybe I completely misunderstood your question.
    >
    > Are you trying to make sure there aren't any Java programs installed at
    > all? Well, as an easy first step, I'd go into the control panel and
    > uninstall any Java Virtual Machines I could find. That'll probably stop most
    > low-grade cheaters. If you're looking for keywords that almost always appear
    > in Java programs, you can try stuff like "public static void main(String",
    > "public class", "package", "import".
    >
    > As for your "they might compile it and screw us", I have to say they
    > will definitely compile it. Java, traditionally, is compiled, not
    > interpreted. Which means if they're low grade, they probably compiled it. If
    > they manage to get a Java program running without compilation, that's
    > probably evidence of a high-grade cheater. So you should look for files with
    > the .class file extension. If the first 4 bytes are 0xCA 0xFE 0xBA 0xBE,
    > then it's a Java file. These 4 bytes are not whithin ASCII, so I'm not sure
    > if you can use findstr to detect them.
    >
    > - Oliver
    >
    > *: "else if" might be a better match, but then you'd have to deal with
    > whitespace issues like "else if".


    First off, I appreciate the feedback. I didn't realize Java is usually
    compiled. Visual Basic usually isn't and I was thinking the two were
    broadly similar. My bad.

    The goal isn't to treat any Java (or VB) stuff as bad, but rather look
    for database accesses. This system is pretty locked down, it's not a
    general purpose station and there's only one live .MDB (Microsoft
    DataBase) file on there. If anything is accessing it other than the
    Diebold utilities provided, that's trouble and that's what we're
    looking for.

    It sounds like this sort of check isn't really possible with Java.
    Sigh. Well, VB is a more obvious choice so...we'll at least check for
    that.

    Is this all "make work"? Honestly, we realize that anybody really good
    can tamper to hell and gone and we'd never spot it. What we're hoping
    is that since nobody is looking at this stuff or has been in previous
    years, they've gotten sloppy enough to catch. It seems worth trying
    anyways.

    In another county we've documented use of a USB keychain device with
    encryption on one of these tabulators. We don't know what they were
    slipping in or out of the box but we know they were doing something. I
    can't be too clear because it's an ongoing issue.

    Jim March
     
    , Sep 12, 2006
    #3
  4. bikemh Guest

    Oliver Wong wrote:
    > So you should look for files with
    > the .class file extension.


    why not *.jar?

    I don't see any reason, though, why any malware would not be there as
    an *.exe. But this does bring up a kind of amusing irony to WORA :)
     
    bikemh, Sep 12, 2006
    #4
  5. bikemh Guest

    Oliver Wong wrote:
    > So you should look for files with
    > the .class file extension.


    why not *.jar?

    I don't see any reason, though, why any malware would not be there as
    an *.exe. But this does bring up a kind of amusing irony to WORA :)
     
    bikemh, Sep 12, 2006
    #5
  6. Oliver Wong Guest

    <> wrote in message
    news:...
    >
    > Honestly, we realize that anybody really good
    > can tamper to hell and gone and we'd never spot it. What we're hoping
    > is that since nobody is looking at this stuff or has been in previous
    > years, they've gotten sloppy enough to catch. It seems worth trying
    > anyways.


    Who are the potential cheaters, though? If you have time to run this
    "pre-vote testing" phase, why not just completely wipe the harddrive, and
    reinstall whatever software is needed from scratch right before voting
    starts? Then the only possibility of cheating at this point is either you
    (or whoever the technician doing this is) cheating, or Diebold themselves
    cheating. In either cases, there's nothing you can really do to prevent
    those.

    If you have problems with voters stick USB keys into the machine, how
    about physically locking down the machine so that only approved input
    devices are accessible? IF you had an LCD touch screen, you could hide
    everything except the screen, so all the user can do is touch on points on
    the screen.

    - Oliver
     
    Oliver Wong, Sep 12, 2006
    #6
  7. bikemh Guest

    Oliver Wong wrote:

    >
    > Who are the potential cheaters, though? If you have time to run this
    > "pre-vote testing" phase,


    Hi, Oliver. I believe he's indicating that he's an observer only, and
    does so at the central computer which receives vote numbers from out in
    the field, from the individual precincts or wards.

    > why not just completely wipe the harddrive, and
    > reinstall whatever software is needed from scratch right before voting
    > starts?


    almost inevitably, some (or even most) of the machines wouldn't be
    ready on time. Don't forget that a crony or relative of some politician
    will likely be in charge overall.

    >Then the only possibility of cheating at this point is either you
    > (or whoever the technician doing this is) cheating, or Diebold themselves
    > cheating.


    If the results are coming in from precincts to the central tabulator
    over the internet, that's another avenue

    >In either cases, there's nothing you can really do to prevent
    > those.


    except he's not trying to prevent so much as to "catch", as he says. Of
    course, he might catch his own side doing something, you never know.

    That being the case, it might be a better strategy to use whatever
    Win2K has that parallels Task Manager.

    But if the idea is that some malicious software is already installed,
    but needs to be started from the console (or perhaps a CRON equivalent,
    if one exists in Win2K) at the critical time - then I can see how the
    search for software comes into play.

    After all of that, just think what a nightmare will exist when some
    supposedly "enlightened" government initiates actual voting via the
    internet.

    >
    > If you have problems with voters stick USB keys into the machine, how
    > about physically locking down the machine so that only approved input
    > devices are accessible? IF you had an LCD touch screen, you could hide
    > everything except the screen, so all the user can do is touch on points on
    > the screen.
    >
    > - Oliver
     
    bikemh, Sep 12, 2006
    #7
  8. bikemh Guest

    bikemh wrote:
    > Oliver Wong wrote:


    >
    > > why not just completely wipe the harddrive, and
    > > reinstall whatever software is needed from scratch right before voting
    > > starts?

    >
    > almost inevitably, some (or even most) of the machines wouldn't be
    > ready on time. Don't forget that a crony or relative of some politician
    > will likely be in charge overall.


    though maybe something like vmware would allow Oliver's astute
    observation to be practical in the actual situation
     
    bikemh, Sep 12, 2006
    #8
  9. Guest

    Oliver Wong wrote:

    > If you have problems with voters stick USB keys into the machine, how
    > about physically locking down the machine so that only approved input
    > devices are accessible? IF you had an LCD touch screen, you could hide
    > everything except the screen, so all the user can do is touch on points on
    > the screen.
    >
    > - Oliver


    No, this is the central tabulator station, the one PC at county
    elections HQ that takes in the votes from the whole county. Voters
    don't have access.

    It's the county elections officials and Diebold on-site staff that are
    the threats and yes, trying to block those guys is a hell of a fight.
    If we do enough scrutiny we might scare them into not cheating in the
    first place, which is fine. If they DO cheat I want to catch them.

    Not impossible depending on how sloppy they are.

    Somebody mentioned that I might find "my side" cheating. If so, y'all
    have my promise I'll bust 'em as fast as anybody. I just moved to
    Arizona today and will be registering Libertarian. In California I was
    registered Republican but a member of the Republican Liberty Caucus,
    which means "GOP but with major libertarian leanings". I've done
    election checkouts for both Republican and Democratic candidates. My
    concern is about the process, not who wins.

    I believe there are corrupt elements of both major parties and even a
    little in the minors, although not as much because without serious
    power they don't attract those types.

    Jim March
     
    , Sep 12, 2006
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Pravin Shetty
    Replies:
    2
    Views:
    367
    Major_Small
    Jan 28, 2005
  2. Replies:
    4
    Views:
    397
    John W. Kennedy
    Jul 2, 2007
  3. Replies:
    2
    Views:
    304
  4. Jenny
    Replies:
    1
    Views:
    216
    Grant Wagner
    May 14, 2004
  5. Dave Roberts
    Replies:
    24
    Views:
    291
    Walter Roberson
    Jan 23, 2004
Loading...

Share This Page