OrlyTaitzEsq.com

TaitzReport.com

Defend Our Freedoms Foundation (DOFF)
29839 Santa Margarita Pkwy, Ste 100
Rancho Santa Margarita CA, 92688
Copyright 2014

Review of Politics, Economics, Constitution, Law and World Affairs by Attorney and Doctor Orly Taitz


If you love your country, please help me fight this creeping tyranny and corruption.
Donations no matter how small will help pay for airline and travel expenses.





The articles posted represent only the opinion of the writers and do not necessarily represent the opinion of Dr. Taitz, Esq., who has no means of checking the veracity of all the claims and allegations in the articles.
Mail donations to:
Defend Our Freedoms Foundation, c/o Dr. Orly Taitz
29839 Santa Margarita Pkwy, Ste 100
Rancho Santa Margarita, CA 92688.
Contact Dr. Taitz at
orly.taitz@gmail.com.
In case of emergency, call 949-683-5411.

When the people fear their government, there is tyranny.
When the government fears the people, there is liberty.

-- Thomas Jefferson

During times of universal deceit, telling the truth
becomes a revolutionary act.
 -- George Orwell

First they ignore you, then they ridicule you, then they
fight you, then you win.
 -- Mahatma Gandhi


More on voter fraud and reversing the results in blackbox voting. We have to de-certify all electronic voting and ballot counting machines. The voters have to get access to 100% of the voter registrations and ballots

Posted on | November 28, 2010 | 3 Comments

Washington bringing King County inefficiency to Kitsap

Oct 17 2008

Voters would be unwise to ratify Walt Washington’s temporary appointment as Kitsap County auditor. He is an export from King County’s notorious elections division, and since his appointment here he has already been personally cited with approximately a dozen public disclosure violations and other discrepancies operating our Kitsap County Auditor’s Office.

He was trained in the culture of Dean Logan, the King County elections director (himself a Kitsap County export in 2001), who presided over the Dino Rossi election debacle of 2004 and within months had negotiated and jumped ship to a safer location in the Democrat-controlled Los Angeles Elections Division.

Logan was cited by a May 2005 no-confidence resolution introduced into the King County Council and was facing a possible federal grand jury investigation for the many infractions for which he was responsible. (Documentation can be easily recovered by a Yahoo or Google search).

Logan had been earlier trained by Kitsap County’s recently retired auditor. What goes around comes around.

The illegalities she defended were serious enough to document with local law enforcement and the Washington Secretary of State, though no subsequent responses were taken. (Information available upon request.)

Appointing a successor official from the same political party shortly before a voter election is a well-recognized technique to promote the appearance of incumbency and, hopefully, gain uninformed voter support.

It would be a shame to fall for this and fail to elect Washington’s highly qualified opponent, John Clark.

The Democrat Party election machine has to go. It’s in Kitsap’s best interest to clean house now and to vote for John Clark, experienced in business, education and government service and who promises to “promote voter confidence by working diligently to ensure creditable, trustworthy, secure elections.

We need that.

KARL DUFF

Port Orchard

Hacking and Logan

http://www.51capitalmarch.com/51CapitalMarchBlackboxVoting.shtml

How to Hack the Vote: the Short Version

11/10/2004 rev. 11/20/2004

Chuck Herrin, CISSP, CISA, MCSE, CEH

Source: http://www.chuckherrin.com

Enron was a conspiracy theory, too. Were their whistleblowers Crackpots?
Were the people who lost their retirements to those corporate criminals just “sore losers”?
I’ve never been part of the “Tin Foil Hat” conspiracy theory crowd. I’m just a voter who happens to be a Professional IT Auditor.

Author’s Note – Did our votes count? More importantly, will they count next time? We in Information Security have been protesting the use of the poorly designed voting machines from Diebold and others, and as a result of their poor implementation and widespread use, our election remains in question and our country remains bitterly divided. Many people feel that their votes didn’t count, and for good reason. THESE SYSTEMS ARE NOT WORTHY OF OUR TRUST! In an effort to bring this to your attention, I have put together this shortened document that will show you exactly how easy it would be to break into Diebold’s GEMS software, which is the software used to tabulate regional voting results. This software runs on regular Windows machines and counts the votes from multiple precincts that may have used touch screens (which have their own problems) or optically scanned punch cards, including absentee ballots. It is responsible for the accurate reporting of tens of millions of votes cast using these different types of ballots.

That’s right – even if you used the older systems like punch cards, your vote can still be Hacked when the numbers all come together. Wanna see how easy it is?

I am going to show you, step by step and with screenshots, how an attack against our election system could very easily steal a Statewide or even a National election without leaving a trace. This attack would be easy to carry out, difficult to detect, and exert enormous influence on the results, leaving the humble voter coldly left out of the decision-making process.

Here We Go… Oh wait – let me do some CYA stuff first:

**Important** – I would like to stress that this demonstration was performed locally on a system totally under my control, and no unauthorized access to any computer system occurred. The voting database used was the sample obtained from www.blackboxvoting.org, and this election does not reflect data for any election currently taking place. I want to be very clear that this is only a proof-of-concept demonstration, and at no time was actual voter fraud committed in order to prove a point. THIS IS A DEMONSTRATION ONLY, very similar to the well-documented demonstration Bev Harris performed for Governor Howard Dean recently on National television. Also, GEMS software is a trademark of Diebold, and Windows and Access are both copyrights of Microsoft, Inc.**

REQUIREMENTS:

Windows-based PC with 150megs free disk space and 128megs RAM (minimum)

A copy of MS Access. (“The Windows interface also means you can use your familiar office programs in conjunction with GEMS. For example, you can type and spell-check propositions or measures, in word-processing programs such as Microsoft Word® or WordPerfect®, then paste the text directly into the GEMS ballot layout screen”– http://www2.diebold.com/dieboldes/GEMS.htm ).

The GEMS software is one place to get it:
http://freespeech.metacolo.com/GEMSIS-1-18-17.zip
There are plenty other places on the web.

A Sample Election Database – http://www.blackboxvoting.org/coloradospringscityelection.mdb is one from Colorado Springs, CO. Again, there are several out there.

With all that out of the way – OK! Let’s get started!

Step One: The Before Picture

This is the summary report run based on our sample election from Colorado Springs, CO. This is what the actual, official results looked like before I decided to cast “my vote”.

To get the results, we open GEMS, (username “admin”, password “password”)

Figure 1 – The opening GEMS screen Go to GEMS > Election Summary Report,

Figure 2: Choose the Election Summary Report for our Before Pictures

And here we go! The official Election Summary Report, as of right now. Note the timestamp at 23:59:07 – we’ll come back to that in the Audit Log section.


Figure 3: Election summary report – before

Pay attention to District 3. Here we have Sallie Clark in District 3 winning by a 2/3 majority. But let’s say that for this scenario, Sallie’s daughter is my ex, or she supports gay marriage, or maybe she’s against deficit spending. Whatever – let’s say maybe she’s a Pinko Commie and must be stopped, so let’s have some fun…..

*Note – I do not actually know Sallie Clark or any of these election participants, and therefore cannot speak to her character. Again, this is just a demonstration.*

OK – now we know how the election was supposed to turn out. I do not need the GEMS software to see the results – I could use a software package called JResult (included with the GEMS software) to poll it, or as we’ll see below, just go straight to the backend database and view the numbers from there. Having a copy of the GEMS software is not required to Hack the votes. It does show us what the Election Workers can see and what the ultimate vote counts will be.

Step 2: Getting in – The “Hard” Part

The biggest part of step two is getting into the Windows PC in question, either locally or over a network. This is the hardest part, but if anybody thinks that hacking into a Windows PC is hard, you should not be online right now. As anyone confronted with the continuing barrage of viruses, worm, and Hackers can attest, this part is not really a problem. In fact, let’s run through a few sample ways in, just off the top of my head:

If the GEMS machine is networked – (For remote facilities, the votes are transmitted to the central tabulation facility via a closed “Intranet”, the Internet or modem.
http://eff.org/Activism/E-voting/20040818_diebold_accuvote-ts_v0.8.pdf )

1) Wander into the building, and quietly put a wireless access point on the same network segment as the Tabulation PC, maybe behind a copier somewhere, and then casually come in from across the street using a laptop and wireless card.

We know they’re connected by modems, so:

2) Find the telephone number of the office the PC is located in, and use a “war-dialing” program such as ToneLoc to dial all of the numbers in that exchange looking for a hanging modem. This technique was made famous by the 1983 movie “Wargames” and it still works today. These machines typically have hanging modems installed, so this should be a fairly easy way in.

3) Come in through the Internet. It is reported that many of these machines are connected to the Internet to enable results to be queried using Jresult to pull data from the central PCs. Windows PCs on the Internet are inherently vulnerable, particularly if they’re not behind a firewall. Since a firewall would prevent the legitimate Jresult queries from being made, these machines are likely NOT firewalled and therefore at extreme risk for being compromised through their Internet connection. (“GEMS’ standard Internet and reporting capabilities allow the election administrator to quickly report results” — http://www2.diebold.com/dieboldes/faq.htm )

Then there are the REALLY easy ways….

4) If you’re an insider, you already have the phone numbers and any usernames and passwords you may need. Dial into the machine, authenticate normally, and then manipulate the data as explained below.

5) Again, if you’re an insider – walk up to the machine and use the keyboard and mouse. (Bev Harris and Herbert Thompson recently demonstrated for the state of CA how a 5-line(!) VB Script could change votes and then delete itself – http://www.wired.com/news/evote/

Most poll workers, despite being good, caring people, tend to be political enough to motivate them to volunteer. It’s just human nature to use the tools at your disposal to your advantage, and people have a remarkable knack for justifying even the worst acts if they can convince themselves that the cause is worthwhile.

Then again, some poll workers, like in Gaston County, NC are actual Diebold Employees! (Worst quote: The county pays a technician from Diebold to operate its systems on Election Day. That person was in charge of transferring early votes from electronic storage to the counting computer.).
http://www.charlotte.com/mld/observer/news/local/10192340.htm

For more on physical access and ways in, check out Jim March’s excellent review at: http://www.equalccw.com/dieboldtestnotes.html#appendixB

With a little time and creativity, other ways in are possible. You have probably already thought of a couple more, haven’t you?

Diebold’s best defense to this point, as pointed out by following the link above, is the physical security – if you can’t get to them, you can’t hack them. But we KNOW that election workers, poll volunteers, and Diebold staff all have access and CAN get in. It would be very easy to write a little script to call into the GEMS machines or have the GEMS machines call back out and modify the results at any time. As Mr. March also points out, the IP address listed in the memo referenced on his site is part of a known block of addresses that would have bridged that machine to the Internet when it connected. Let’s face it, a lot can go on when a machine is connected to a big bank of modems and a lot of people have the numbers, usernames, and passwords.

Also, there is home video of voting machines being taken home and stored by election volunteers. Watch the video at www.votergate.tv. No physical security in that case.

Side note for non-technical folks – Did you know that in Windows, C: drives are shared out by default? No? Well, they are. But there’s a super-secret Hacker trick to connect to them. You have to call it C$ instead of just C. The $ means it’s a “hidden” drive, but it is still accessible via the network! Pick any Class C (classes are how network addresses are broken up) range of network addresses on the Internet and I’ll guarantee that you can simply “map” someone else’s C: drive over the Internet and browse their hard drives without their knowledge.

Think this couldn’t happen? Are you kidding? This happens every minute of every single day. American companies spend Billions of dollars a year trying to protect corporate computer systems from attack – would they do that for no reason?

In any case, once we have access we simply browse the C: drive of the server and go to the C:program filesGEMSlocalDB directory. Here we will find an Access database for each election named <NameOfElection>.mdb. With a copy of Microsoft Access, we open it and find that no, it is not even password protected. The directory it’s in isn’t protected or restricted in any way. The data is not encrypted or even encoded. It is as open as an email message, and this is where all of our voting data is stored. From here, you could add candidates, drop them from the ballots, or delete entire precincts, but all of that is too obvious. A very simple trick would be to switch candidate IDs (see Figure 5 to see what candidate IDs look like), which would cause the vote tallies to simply reverse. In fact, this looks like what may have happened in some Florida counties, where the vote totals were fine, but the party affiliations were almost exactly the reverse of the vote counts. This type attack would be unlikely to raise much suspicion, since the total number of votes cast and turnout numbers would not change. And since Hacking rule #1 is to not get caught, rather than add Homer Simpson to the race and have him win, we’ll be more “subtle” and just change the results.


Figure 4: The c:program filesGEMSlocalDB folder where all of our valuable data is stored

This is the Access database that is the back end for the entire system. Potentially hundreds of thousands of votes could be stored here on a central computer with no access control, no passwords, etc. When we open the database and view the Candidate table inside, we see:


Figure 5: The Candidate table

Ah ha! Look at the first and second columns – Sallie’s opponent, Linda Barley, was assigned 550 as a candidate number, and Sallie is candidate number 551.

From the CandV Table in the same database, we see that the Race ID is 221, and that their Key IDs are 541(Linda) and 542 (Sallie). The Key IDs are what we need to change the vote counts for. Remember that the original vote results were 4209 to 8291, Linda to Sallie. Let’s change that from a 2/3s victory to a shutout victory for the candidate who should have lost.

Step 3: Changing the Votes

I located the Linda’s ID, #541, in the CandidateCounter table and simply by clicking on the cell and typing with my number keys, I gave Linda 111 votes for every reporting unit. This isn’t really hacking – this is changing values in a table. Anybody who’s ever used an Excel spreadsheet has done this before.

There were 71 reporting units, so she should have 7881 votes now, an increase of over 3600 votes. I finally found a way to make my vote count! We’ll come back and check the math later to make sure there are no surprises. When you’re stealing an election, you want to make sure it comes out the right way!


Figure 6: Changing the votes inside the CandidateCounter table

This is repeated in the CandidateSummary table, since some records are cross-linked, and I want to know exactly how many votes I’m changing. **Note – since I’ve tried this, I have found that you can change the totals simply by changing the SumCandidateCounter table, but the results are less predictable due to the sloppy cross-linking and “Dirty” field in the Access DB.**

Once I was done adding 3672 votes to Linda’s tally, I decide to just wipe out all of Sallie’s votes, making her total 0. Pay attention – I just added 3672 votes to one candidate’s results and deleted 8291 votes from another in about 45 seconds! Just click the cell, type 0, click the cell, type 0; I’m wiping out votes by the hundreds. Sallie now has 0 votes – hopefully she was so over-confident that she didn’t bother to vote for herself ;-). A real attacker would likely be more subtle to avoid suspicion, but again, this is a demonstration. Unfortunately, since many of the new machines do not produce a paper ballot, a manual recount would be very difficult, if not altogether impossible. This is a clear violation of many state election laws, but elections officials put them in place anyway. I wouldn’t withdraw $20 from an ATM without a receipt, but I guess my vote isn’t worth that much trouble.

Anyway, now that our results are changed, we save the database, and viola!

Step 4: Run the new summary report and declare my candidate the winner!


Figure 7: The new summary report with the results the way I wanted them

Note the final numbers for District 3 – 7881 to 0. Just as I expected, I was able to override the wishes of 11,963 voters and replace their ballots with my own. How hard was that?

My candidate wins in a landslide, although the voters actually voted 2-to-1 for her opponent. This took me about 5 minutes and a moderate exercise of skill. There were no passwords to crack, and all I had to do was figure out the way things were stored in an unprotected, clear text Access database, which fortunately, has been available on the web for quite some time for Hacker-types to practice on. In fact, with the widespread availability of the GEMS software, you can go in and create your own elections to practice on before ever venturing out to touch the real thing.

Step 5: Those Pesky Audit Trails

But what if someone notices? Now that my work fixing the election is done, all that remains is clearing up the audit trail.

From within the GEMS software, let’s look at the audit log:


Figure 8: GEMS > Audit Log


Figure 9: Looking for evidence of tampering. See anything?

Above, we see at 23:59 where I viewed the summary report (Figure 3), then closed the GEMS software at 00:00:16. The next entry is at 00:44:56, when I logged back into GEMS and ran another summary report (Figure 7) at 00:45:08 showing the Hacked results. Note the timestamps on the 2 Summary reports earlier in this document – they correspond exactly to the Election Summary Reports that show our candidate winning, and then losing in a shutout. Do you see any evidence AT ALL in the Audit Logs that the votes were tampered with? We know they were – I just showed you step by step that it was done.

Nope! No evidence – so feel free to ridicule anyone who complains as a conspiracy theorist or whining sore loser!

Now, Diebold officially insists that this cannot be done, but as with this example, this has repeatedly been shown to be false. Diebold’s staff knows it – in fact, in a memo by Diebold principal engineer Ken Clark in 2001, he says “Being able to end-run the database has admittedly got people out of a bind though. Jane (I think it was Jane) did some fancy footwork on the .mdb file in Gaston recently. I know our dealers do it. King County is famous for it. That’s why we’ve never put a password on the file before.” (http://www.blackboxvoting.org/Oct2001msg00122.html and for more detail, http://www.blackboxvoting.org/bbv_chapter-13.pdf )

In a particularly humorous and distressing response to Diebold’s assertion that “Generated entries on the audit log cannot be terminated or interfered with by program control or by human intervention”, the folks at www.blackboxvoting.org actually trained a chimpanzee to delete the audit logs from an election database. You read that right – a chimp. Well, since it wasn’t a human or computer, I guess they’re technically correct. Here’s a link. http://blackboxvoting.org/baxter/baxterVPR.mov

Another audit log incident occurred during the Washington State primary just six weeks ago. Two interesting events took place here:

1) all entries are absent from the audit log between 9:52 pm and 1:31 am. This includes records of summary reports being printed during that time frame, which is something that is always logged by the system, and shows up when they are printed before and after that block of time. Here is the audit log: http://www.blackboxvoting.org/auditlog.PDF

2) Here are copies of the 5 sets of summary reports printed off during that missing time period, complete with timestamps showing that they were printed during that block of time and signed by the elections chief, Dean Logan.

http://www.blackboxvoting.org/resultspages.PDF

Can anybody guess what it means when you are missing audit logs for a specific block of time, and known events took place that should be reflected in the logs?

Look at our results again. It means you were Hacked!

Conclusions

Would you trust your bank account balance if their systems were this easy to hack? As a result of my hands on testing, I have absolutely no faith that my vote was counted or will be in future elections where this software is used. It is simply too easy to change! Any motivated insider or Hacker of moderate skill can change hundreds of thousands of votes with very little effort and almost no chance of being caught.

The best part is that if anyone tries to question the results, you can ridicule them and call them sore losers! Conspiracy theorists! But won’t this be caught in a recount? Check this out – with the new machines, YOU CAN’T DO A RECOUNT! There’s no paper trail. It’s the perfect crime.

This is the democracy we’re exporting to the rest of the world.

“Time is not irrelevant. Election manipulation has a large component of running out the clock, and you know as well as I do that the interim information may or may not be retained, and that the public may or may not (usually NOT) be able to see it until the clock has run out. In Florida in 2004, all of the largest counties decided to delay production of information until after the election was certified.

Again, you are confusing one thing with another. Yes, precinct results are available. No, that’s not the same thing as grabbing slices every 15 minutes of the precinct results as they come in.

You are protesting so vehemently against gathering data as it comes in that it doesn’t make sense, Kurt. If you believe it is of no value, don’t collect it. Those who do collect it will learn that it is or is not of value. I’ve seen enough to know that it IS of value.

Let me give you another example. Because I was on site, I got time slice data (interim data) in a King County, Washington election in September 2004. Later, I found that three hours was missing from an audit log for the GEMS tabulator during that time. The reason stated by Dean Logan is that the machine was inactive during the missing three hours (or more specificaly, “nothing was happening” in the machine). I had ascertained that the same machine producing the interim totals was the machine that produced the audit log missing three hours. The existence of the interim totals — and the TIME STAMPS on those interim totals — proved that the machine was NOT inactive during the missing three hours. They altered the audit log to delete three hours. The time slice information proved that it had been ALTERED, and that it was not merely inactive.

I think a reasonable rationale has been described for collecting time slices.

Comments

3 Responses to “More on voter fraud and reversing the results in blackbox voting. We have to de-certify all electronic voting and ballot counting machines. The voters have to get access to 100% of the voter registrations and ballots”

  1. bob strauss
    November 28th, 2010 @ 10:41 am

    Go to YouTubePlay video
    Insist on paper ballots in your voting area. Thanks to those who have provided important links in the comments. I’ve posted them here to make it more convenient. Lawsuit to stop the use of e-voting…
    00:02:31
    Added on 12/17/07
    3,808 views

  2. dr_taitz@yahoo.com
    November 28th, 2010 @ 3:20 pm

    there is no link attached

  3. Spaulding
    November 29th, 2010 @ 12:52 am

    Please don’t give up attempting to get the attention of the public concerning voter fraud. Exposing and explaining it is very difficult. That is why most don’t pay attention. How we could be, and most likley were, disenfranchised does not fit into sound bites. That is a major reason for the success of election control. Hardly any citizen knows how his or her vote is delivered securely. In fact, there is very little security, and no audit trail, that on top of illegal registrations and the abolition of voter ID requirements. Our legislators have guaranteed our right to cheat, but it really matters little because the counts are not verifiable.

    The details of how numbers are inserted into records no one could track anyway are like explaining how the card you swipe at the gas pump generates a decrement from your checking account. The reason we aren’t cheated more there is that each individual may have kept his receipt, or may challenge it. With voting there are no receipts and no individual can check his/her balance.

    Today, paper ballots and precinct counts are our only mechanism to assure that we are governed by those we intended. There are sophisticated solutions but they need lots of scrutiny. We are not a representative republic today because we don’t really elect our representatives. California is not a pure blue state as elections imply. California simply has mobsters in control of the voting process. We have an oligarchy. There is no reason to have two parties in California when only one controls voting.

    Keep it up Dr. Taitz. You are reviled because you know the truth. Running for Secretary of State was brilliant because the SOS controls elections, the reason George Soros initiated his Secretary of State project. As businesses move out of the oligarchy which California has become, the federal government will have to let it fail. Then there will be the opportunity to restructure. Meanwhile, the initiative process is the closest thing California has to representative democracy, and corrupt judges will not survive to overturn every initiative when other states refuse to provide credit. Some claim not to understand how initiatives seem so at odd with the “Progressives” in San Fran and Los Angeles. How could black voters have voted for Proposition 8? How could voters have required that we educate only legal citizens? How could the fools have limited the increases in property taxes with Prop. 13? Our elections have probably been a fraud for decades. Now we must fix them, or leave the state for public unions to rape for their rich guaranteed retirment programs while businesses move, as they must, to where productivity counts.

    Again, voting is the most peaceful answer. Verifiable voting must be simple. Computer technicians should not be legislators. Get rid of the computers for just this process. Later, let the public decide whether to trust opaque technology to transmit our legislative preferences. We decide nothing now, and the press, as usual, is a tool of tyrants. They must be expected to protect the Ruling Class, as they have protected the eligibility of the White House resident whose father was not a citizen of the U.S., and thus not a natural born citizen.

Leave a Reply





*