Need the help of a Beowulf rig for a political problem...
jmarch at prodigy.net
Thu Sep 18 02:57:22 EDT 2003
Folks, I realize this will probably be about the weirdest thing to hit
this mailing list.
Short form: we have a real-life encyption problem with serious
implications on our hands. We need to break a ZIP password that we
suspect has up to 15 characters in the password, and only one file.
More or less a worst-case scenario. There is a ZIP password breaker
http://zipcracker.bengburken.net/ - with versions compatible with
The password-protected ZIP file in question is at:
We *think* it was zipped and encrypted with WinRAR:
Right, so what's going on here?
This file was one of 40,000 pulled off of an open FTP site mis-managed
by incompetents at Diebold Elections Systems. DES sells the computers
and software to run elections; among their customers are the entire
state of Georgia, at least 12 counties in California and scads of
The software is proprietary, the source code is held as tightly as MS
holds their stuff, and in the case of their new "touchscreen" product,
there's no paper trail at all. All of the security measures are
electronic. Only one company, a testing lab chosen by the Federal
Elections Commission ("Metamor", now known as "Ciber Inc") got access
to the source code; state and county-level elections officials and
Secretaries of State were supposed to approve voting products while
able to see how compiled and running systems work, but with no access
to the source code themselves.
The president of Diebold corporation is a Republican party activist
and fundraiser who has been quoted as saying he's "going to deliver
Ohio to George Bush", while at the same time submitting bids on voting
systems in that state.
Any alarms going off yet?
It gets worse. WAY worse.
http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm - this is the
results of testing of the actual Diebold compiled Windows code. This
sucker is rigged for vote fraud six ways from Sunday. Guys, they used
MS-Access as a database engine, THEN deliberately crippled the
security in at least two different ways. It's utter madness.
Wanna test it for yourself? Here's your kit - download the
executables and live voting data which Diebold conveniently left up on
their site back in January:
Since we (a pretty "diverse" bunch of activists) started showing
people how the Deibold code works, Diebold insiders have been leaking
internal memos and manuals. Y'all literally won't believe some of
this stuff - they KNEW exactly what they were doing the whole time:
http://workersrighttovote.org/bbv/diebold-memos-1.htm - we have a HUGE
archive of Diebold Elections division EMail traffic - this file is a
"best of" selection of that. Horrifying stuff, including deception of
the Federally-approved testing lab ("Metamor", now called "Ciber,
http://www.scoop.co.nz/mason/stories/HL0309/S00150.htm - New Zealand
mirror to the above...
http://www.equalccw.com/smokinggun.pdf - if you want to see what the
most damning of these internal EMails looked like as they originally
appeared on Diebold's internal system...
http://www.scoop.co.nz/mason/stories/HL0309/S00157.htm - Full copy
plus the comical highlights of a Diebold internal manual on how to run
elections-day procedures, written for the hapless Diebold (Canadian)
tech staff. This material was NEVER intended for the public, and in
places is drop-dead funny.
http://www.equalccw.com/ElectionSupportGuide.pdf - same internal
manual in it's original, unmodified form complete with corporate
logos, fancy formatting and such. If you're going to show a copy to
reporters/politicians/etc, use this one as it's clearly genuine.
OK, so what's with the ATL-TSRepair.zip file?
It's a Microsoft Access database (.MDB internally) dated just four
days AFTER the November of 2002 general elections - elections in which
a huge number of Republican "surprise victories" broke out.
We don't know what the hell is on it, but it's fishy as hell - "ATL"
probably refers to Atlanta. Why would they even have a small voting
data file created after the election, unless it was to hide something
Another problem: the filename is a lie. "TS" means "TouchScreen", the
voting terminals. But those systems don't USE .MDB files - data is
transmitted to the central box running GEMS ("Global Elections
Management Software") right after the polls close, but not in Access
format. So no possible "TouchScreen Repair File" could involve
MS-Access data. Prior to the elections, a huge number of
poorly-tested patches for the touchscreen terminals (running Windows
CE!) were being passed around - it appears this file was designed to
mimic those, but with ZIP encryption, you can still load the file
enough to see the full filename and original date inside the
compressed ZIP file.
We want to know what's in there.
If you have a beefy BeoWulf cluster PVM 3.4.2 or greater, and this
project is of interest, drop me a line. VIA PGP :) unless you like
getting Diebold cease'n'desist orders :). My real name is Jim March,
email is jmarch at prodigy.net and my public key is registered at the
default PGP keyserver at ldap://certserver.pgp.com - if you see two
entries, use the SECOND (or later-date one, they're a week apart, only
the 2nd one works).
Sorry for the intrusion and this'll be my last posting to your list.
But y'all gotta admit, it's one hell of a cool real-world encryption
I'm BCCing a small number of activists involved in this, including Bev
Harris, the lady who did the original documentation on the matter and
is basically the leader (as much as we have one...).
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
More information about the Beowulf