HART Voting Machines in PWC, VA

Discovered today that my county PWC, VA uses the HART voting machine systems and I have been doing a little research. Right now I’m just seeing what I can find and verify and collecting them on this page.

Biggest Find:

I found a very recent paper (2019) discussing and demonstrating methods by which to hack all of the major brand voting machines that use ballot images. It’s effective enough to be able to defeat any ballot image recounts as well. It’s a fairly simple man-in-the-middle attack vector, which needs to only install a wrapper around the windows scanner driver for the scanning systems. … and given all of these systems are using unencrypted(!) USB sticks(!!), thats pretty easy to do!!!

The wrapped adversarial payload can use some standard “textbook” (… no really … I own multiple textbooks that reference them) image processing tricks to selectively switch where the voter has marked the ballot in the image as its scanned, keeping the voters handwriting and style intact. The user sees their vote recorded, but the ballot image is altered before its recorded or counted. And auditing, or recounting from ballot images just recounts the swapped image. With a well designed and deterministic coding of this attack, re-running the same ballots through the scanner to perform a recount just re-applies the same deterministic conversion to the stored ballot images, and hence the recount stays the same. It’s a pretty devilishly elegant attack vector.

Bernhard M., Kandula K., Wink J., Halderman J.A. (2019) UnclearBallot: Automated Ballot Image Manipulation. In: Krimmer R. et al. (eds) Electronic Voting. E-Vote-ID 2019. Lecture Notes in Computer Science, vol 11759. Springer, Cham. https://doi.org/10.1007/978-3-030-30625-0_2
alt link: https://mbernhard.com/papers/unclearballot.pdf

Now I’m not saying that that took place in the election, but it is a direct example of a pretty scary scenario and a working example.

Other Finds:

Article on VA audit process, and why it can’t possibly affect the 2020 results. https://www.wusa9.com/article/news/politics/elections/virginia-election-audit-happens-after-results-are-certified-a-state-law-renders-the-election-check-powerless-to-fix-mistakes/65-cbfa162c-63fb-49c3-b298-cf84af01fc9d

HART Verity Systems Administrator Guide: https://sos.idaho.gov/elect/clerk/Hart/Verity2/6641-011%20A_Verity_2.X_Administrators%20Guide_Central.pdf

Feb 5 2016 PWC Elections Board Meeting Agenda discussing Acquisition of HART systems: https://sos.idaho.gov/elect/clerk/Hart/Verity2/6641-011%20A_Verity_2.X_Administrators%20Guide_Central.pdf

Romney Financial Ties to HART (from 2012): https://www.forbes.com/sites/rickungar/2012/10/20/romney-family-investment-ties-to-voting-machine-company-that-could-decide-the-election-causes-concern/?sh=5cba429e1afa

Another follow-the-money story from 2019: https://federalnewsnetwork.com/government-news/2019/07/whos-behind-voting-machine-makers-money-of-unclear-origins/

NBC Jan 2020 Story on Voting Machine makers testifying before congress: https://www.nbcnews.com/tech/security/voting-machine-makers-face-questions-house-lawmakers-more-remain-n1113181

2018 Story on Vulnerabilities of multiple Voting Machines: https://www.forbes.com/sites/rickungar/2012/10/20/romney-family-investment-ties-to-voting-machine-company-that-could-decide-the-election-causes-concern/?sh=5cba429e1afa

Whistleblower detailing HART shady business practices (2008): https://www.wired.com/2008/03/whistleblower-v/

HART Systems Security Issues (2006): https://hovav.net/ucsd/papers/ttbr-hart.html