The keys to democracy …

The sh*t has hit the fan!

 a126

We came out in the open about research we conducted on a couple of
Nedap ES3B voting computers we got our hand on. Behind the scenes we
have been working hard for the last five weeks to reverse engineer and
hack these devices. It was quite a project, but since of yesterday the
world knows about it. A whitepaper is available online for you to read
our conclusions. And besides that we also decided to trow all Nedap
software, rom dumps and internal documentation online
. Just for the
public to see what it is they are voting on….

The juicy part: about the keys …. If you read Dutch law about the
requirements concerning voting they mention several times the
importance of the voting computers key. The head of the ticket office
must carry this key with him at all times, and when the elections
close it has to be stored in a sealed envelope. When Nedap learned we
where after their device they send out an emergency letter to each
municipality to store the keys to these voting computers in a safe.

I was heavily disappointed when I finally got my hands on these keys.

Just a very, very, simple four lever key and no use of anti-manipulation
or anti-copy technology. It was no problem to have the key copied in
the first lock shop I entered. Anyone with five minutes of instruction
(or less) could learn how to pick or bypass this lock.

nedap A126 C&K key

All three Nedap voting computers we examined came with a sets of
identical keys. So all keys where the same, and one of these keys could
operate all these computers. We can safely assume one key can operate
all 8.000 Nedap voting computers in use in the Netherlands. Other
proof of this claim is that the keys are nickled over, meaning they
were mass-produced with the cuts already made. Something you only do
when you make large batches.

Getting your hands on that key is simple. Order yours online now ….
For just one euro you can order the key from multiple different online
sources. All you have to do is google for ‘C&K’ and key number ‘A126’.
Looking at the datasheet of this key you can learn its part number is
115140126. We ordered 100 and gave each and every journalist a
personal Nedap voting computer key at the press conference we held
this morning. As if you needed keys for locks like this…

technical drawing of key

 

We all worked real hard on this project and I will post some more of
our findings in greater detail during the days to come. Stay tuned …

7 Responses to “The keys to democracy …”

  1. Milan says:

    That is some amazing investigative work. Well done.

  2. Mikeymike says:

    Haha netjes kijken hoe ze zich hier weer uit gaan praten.
    Wel toevallig ik heb zo’n slotje met sleuteltjes liggen.
    Ooit eens uit een oude compaq server gesloopt.

  3. Congratulations, you made Slashdot!
    http://it.slashdot.org/it/06/10/05/1310235.shtml

    Also, that key looked kind of familiar. As it turns out, I have one of those keys on my keychain! I got it with an old argon-laser power supply; it turns the laser on and off.

  4. Rainbow says:

    Congratulations, you did a great job! 🙂

    But please watch out that the debate isn’t going to shift over from “is computerized voting bad?” to “are Nedap machines insecure?” to “we should change the locks on Nedap voting machines!”. Don’t loose the big picture in a wood of details now that you’ve made it that far.

    Good luck 🙂

  5. Schuyler says:

    Nicely done, Barry!

    Glad to see you guys fighting the good fight over there. I keep tabs on our own American situation, as I’ve told you, and the similarities are shocking.

    Be well, see you in Sneek!

  6. ErikDH says:

    That’s a pretty neat piece of reverse-engineering! My compliments!
    It’s just making me sad to see how poorly those voting machines are protected. I hope they are going to do something about it.

    As they would say it in Dutch: Petje af!!

    Erik

  7. Schuyler says:

    http://arstechnica.com/news.ars/post/20061006-7924.html

    Great article on the current Diebold crisis. Basically: Diebold has solved most of their technical problems by telling voters not to touch the touchscreens.

    Lordy…