 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / September 2006Need urgent help checking voting machines for Java code - today!
Folks, I'm an elections observer in Pima County AZ credentialled by both the Pima County Democratic and Libertarian parties. I need to be able to check the Diebold Election Systems central tabulator for illicit Java programs that might alter the central vote tally database. In case you're not aware, Diebold's central vote tabulator stores it's data in MS-Access. Yeah. Which means it can be "back doored" all too easily. The box runs Windows 2000. I already have a method for doing this for Visual Basic scripts from the command line: C:\>findstr /l /s /i /m /c:"select case" /c:"elseif" /c:"end sub" *.* > c:\vblog.txt The "findstr" command (built into Win2k and XP) will report back all files that contain any of those three strings which are common stuff in VB. I can then pull up the log file created and manually look at each one for potential cheatin' stuff. I need an equivelent for Java, as a separate second command line to write to a "jslog.txt" file. But I don't know enough about Java to create such a critter. Any ideas? This is for a test this evening as today is the AZ primaries. (Note: yeah, I know they might compile it and screw us. Nothing I can do about that except hope that any cheater is a pretty low-grade geek... Jim March / jmarch -at- prodigy.net Member of the Board of Directors, Black Box Voting Inc. www.blackboxvoting.org > Folks, > [quoted text clipped - 28 lines] > do about that except hope that any cheater is a pretty low-grade > geek... I believe the pseudo-equivalents to VB's "select case", "elseif" and "end sub" are "switch", "else"[*] and "}" respectively. However, for the number of matches you're likely to get with "}", you might as well just read the entire Java source code. I don't see how finding these constructs, either in VB or Java, will help you detect "illicit programs" in any way (unless this is one of those "going through the motions to give the illusion of security" kind of things), so maybe I completely misunderstood your question. Are you trying to make sure there aren't any Java programs installed at all? Well, as an easy first step, I'd go into the control panel and uninstall any Java Virtual Machines I could find. That'll probably stop most low-grade cheaters. If you're looking for keywords that almost always appear in Java programs, you can try stuff like "public static void main(String", "public class", "package", "import". As for your "they might compile it and screw us", I have to say they will definitely compile it. Java, traditionally, is compiled, not interpreted. Which means if they're low grade, they probably compiled it. If they manage to get a Java program running without compilation, that's probably evidence of a high-grade cheater. So you should look for files with the .class file extension. If the first 4 bytes are 0xCA 0xFE 0xBA 0xBE, then it's a Java file. These 4 bytes are not whithin ASCII, so I'm not sure if you can use findstr to detect them. - Oliver *: "else if" might be a better match, but then you'd have to deal with whitespace issues like "else if". > I believe the pseudo-equivalents to VB's "select case", "elseif" and > "end sub" are "switch", "else"[*] and "}" respectively. However, for the [quoted text clipped - 26 lines] > *: "else if" might be a better match, but then you'd have to deal with > whitespace issues like "else if". First off, I appreciate the feedback. I didn't realize Java is usually compiled. Visual Basic usually isn't and I was thinking the two were broadly similar. My bad. The goal isn't to treat any Java (or VB) stuff as bad, but rather look for database accesses. This system is pretty locked down, it's not a general purpose station and there's only one live .MDB (Microsoft DataBase) file on there. If anything is accessing it other than the Diebold utilities provided, that's trouble and that's what we're looking for. It sounds like this sort of check isn't really possible with Java. Sigh. Well, VB is a more obvious choice so...we'll at least check for that. Is this all "make work"? Honestly, we realize that anybody really good can tamper to hell and gone and we'd never spot it. What we're hoping is that since nobody is looking at this stuff or has been in previous years, they've gotten sloppy enough to catch. It seems worth trying anyways. In another county we've documented use of a USB keychain device with encryption on one of these tabulators. We don't know what they were slipping in or out of the box but we know they were doing something. I can't be too clear because it's an ongoing issue. Jim March > Honestly, we realize that anybody really good > can tamper to hell and gone and we'd never spot it. What we're hoping > is that since nobody is looking at this stuff or has been in previous > years, they've gotten sloppy enough to catch. It seems worth trying > anyways. Who are the potential cheaters, though? If you have time to run this "pre-vote testing" phase, why not just completely wipe the harddrive, and reinstall whatever software is needed from scratch right before voting starts? Then the only possibility of cheating at this point is either you (or whoever the technician doing this is) cheating, or Diebold themselves cheating. In either cases, there's nothing you can really do to prevent those. If you have problems with voters stick USB keys into the machine, how about physically locking down the machine so that only approved input devices are accessible? IF you had an LCD touch screen, you could hide everything except the screen, so all the user can do is touch on points on the screen. - Oliver > Who are the potential cheaters, though? If you have time to run this > "pre-vote testing" phase, Hi, Oliver. I believe he's indicating that he's an observer only, and does so at the central computer which receives vote numbers from out in the field, from the individual precincts or wards. > why not just completely wipe the harddrive, and > reinstall whatever software is needed from scratch right before voting > starts? almost inevitably, some (or even most) of the machines wouldn't be ready on time. Don't forget that a crony or relative of some politician will likely be in charge overall. >Then the only possibility of cheating at this point is either you > (or whoever the technician doing this is) cheating, or Diebold themselves > cheating. If the results are coming in from precincts to the central tabulator over the internet, that's another avenue >In either cases, there's nothing you can really do to prevent > those. except he's not trying to prevent so much as to "catch", as he says. Of course, he might catch his own side doing something, you never know. That being the case, it might be a better strategy to use whatever Win2K has that parallels Task Manager. But if the idea is that some malicious software is already installed, but needs to be started from the console (or perhaps a CRON equivalent, if one exists in Win2K) at the critical time - then I can see how the search for software comes into play. After all of that, just think what a nightmare will exist when some supposedly "enlightened" government initiates actual voting via the internet. > If you have problems with voters stick USB keys into the machine, how > about physically locking down the machine so that only approved input [quoted text clipped - 3 lines] > > - Oliver > > why not just completely wipe the harddrive, and > > reinstall whatever software is needed from scratch right before voting [quoted text clipped - 3 lines] > ready on time. Don't forget that a crony or relative of some politician > will likely be in charge overall. though maybe something like vmware would allow Oliver's astute observation to be practical in the actual situation > If you have problems with voters stick USB keys into the machine, how > about physically locking down the machine so that only approved input [quoted text clipped - 3 lines] > > - Oliver No, this is the central tabulator station, the one PC at county elections HQ that takes in the votes from the whole county. Voters don't have access. It's the county elections officials and Diebold on-site staff that are the threats and yes, trying to block those guys is a hell of a fight. If we do enough scrutiny we might scare them into not cheating in the first place, which is fine. If they DO cheat I want to catch them. Not impossible depending on how sloppy they are. Somebody mentioned that I might find "my side" cheating. If so, y'all have my promise I'll bust 'em as fast as anybody. I just moved to Arizona today and will be registering Libertarian. In California I was registered Republican but a member of the Republican Liberty Caucus, which means "GOP but with major libertarian leanings". I've done election checkouts for both Republican and Democratic candidates. My concern is about the process, not who wins. I believe there are corrupt elements of both major parties and even a little in the minors, although not as much because without serious power they don't attract those types. Jim March > So you should look for files with > the .class file extension. why not *.jar? I don't see any reason, though, why any malware would not be there as an *.exe. But this does bring up a kind of amusing irony to WORA :) > So you should look for files with > the .class file extension. why not *.jar? I don't see any reason, though, why any malware would not be there as an *.exe. But this does bring up a kind of amusing irony to WORA :) Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.