The sh*t has hit the fan!
 
We came out in the open about research we conducted on a couple of
Nedap ES3B voting computers we got our hand on. Behind the scenes we
have been working hard for the last five weeks to reverse engineer and
hack these devices. It was quite a project, but since of yesterday the
world knows about it. A whitepaper is available online for you to read
our conclusions. And besides that we also decided to trow all Nedap
software, rom dumps and internal documentation online. Just for the
public to see what it is they are voting on….
The juicy part: about the keys …. If you read Dutch law about the
requirements concerning voting they mention several times the
importance of the voting computers key. The head of the ticket office
must carry this key with him at all times, and when the elections
close it has to be stored in a sealed envelope. When Nedap learned we
where after their device they send out an emergency letter to each
municipality to store the keys to these voting computers in a safe.
I was heavily disappointed when I finally got my hands on these keys.
Just a very, very, simple four lever key and no use of anti-manipulation
or anti-copy technology. It was no problem to have the key copied in
the first lock shop I entered. Anyone with five minutes of instruction
(or less) could learn how to pick or bypass this lock.
All three Nedap voting computers we examined came with a sets of
identical keys. So all keys where the same, and one of these keys could
operate all these computers. We can safely assume one key can operate
all 8.000 Nedap voting computers in use in the Netherlands. Other
proof of this claim is that the keys are nickled over, meaning they
were mass-produced with the cuts already made. Something you only do
when you make large batches.
Getting your hands on that key is simple. Order yours online now ….
For just one euro you can order the key from multiple different online
sources. All you have to do is google for ‘C&K’ and key number ‘A126’.
Looking at the datasheet of this key you can learn its part number is
115140126. We ordered 100 and gave each and every journalist a
personal Nedap voting computer key at the press conference we held
this morning. As if you needed keys for locks like this…
ÂÂ
We all worked real hard on this project and I will post some more of
our findings in greater detail during the days to come. Stay tuned …
That is some amazing investigative work. Well done.
Haha netjes kijken hoe ze zich hier weer uit gaan praten.
Wel toevallig ik heb zo’n slotje met sleuteltjes liggen.
Ooit eens uit een oude compaq server gesloopt.
Congratulations, you made Slashdot!
http://it.slashdot.org/it/06/10/05/1310235.shtml
Also, that key looked kind of familiar. As it turns out, I have one of those keys on my keychain! I got it with an old argon-laser power supply; it turns the laser on and off.
Congratulations, you did a great job! 🙂
But please watch out that the debate isn’t going to shift over from “is computerized voting bad?” to “are Nedap machines insecure?” to “we should change the locks on Nedap voting machines!”. Don’t loose the big picture in a wood of details now that you’ve made it that far.
Good luck 🙂
Nicely done, Barry!
Glad to see you guys fighting the good fight over there. I keep tabs on our own American situation, as I’ve told you, and the similarities are shocking.
Be well, see you in Sneek!
That’s a pretty neat piece of reverse-engineering! My compliments!
It’s just making me sad to see how poorly those voting machines are protected. I hope they are going to do something about it.
As they would say it in Dutch: Petje af!!
Erik
http://arstechnica.com/news.ars/post/20061006-7924.html
Great article on the current Diebold crisis. Basically: Diebold has solved most of their technical problems by telling voters not to touch the touchscreens.
Lordy…