OH voting was routed to firm that handled Bush email accounts
Newly obtained computer schematics provide further detail of how electronic voting data was routed during the 2004 election from Ohio’s Secretary of State’s office through a partisan Tennessee web hosting company.
A network security expert with high-level US government clearances, who is also a former McCain delegate, says the documents – server schematics which trace the architecture created for Ohio’s then-Republican Secretary of State and state election chief Kenneth Blackwell – raise troubling questions about the security of electronic voting and the integrity of the 2004 presidential election results.
The flow chart shows how voting information was transferred from Ohio to SmarTech Inc., a Chattanooga Tennessee IT company known for its close association with the Republican Party, before the 2004 election results were displayed online.
Information technology expert Stephen Spoonamore believes this architecture could have made possible a KingPin or "Man in the Middle" (MIM) attack -- a well-defined criminal methodology in which a computer is inserted into the network of a bank or credit card processor to intercept and modify transactions before they reach a central computer.
In an affidavit filed in September, Spoonamore asserted that "any time all information is directed to a single computer for consolidation, it is possible… that single computer will exploit the information for some purpose. ... In the case of Ohio 2004, the only purpose I can conceive for sending all county vote tabulations to a GOP managed Man-in-the-Middle site in Chattanooga before sending the results onward to the Sec. of State, would be to hack the vote at the MIM."
Not everyone agrees. RAW STORY also sent the schematics to computer science professor David L. Dill, a longtime critic of electronic voting machines. In an email message, Dill said he’s skeptical that an attack of the sort described by Spoonamore could have been carried out undetected.
"It seems that the major concern is whether routing election results through a third-party server would allow that third party to change the reported election results,” Dill wrote. “These diagrams haven't answered my basic question about that idea. The individual counties know the counts that they transmitted to the state. If those results were altered by the state or a middleman, I would think that many people in many counties would know the actual numbers and would raise an alarm."
Spoonamore has now filed a fresh affidavit (pdf), in regard to a case involving alleged Ohio vote tampering, which asserts that the schematics support a "Man in the Middle" attack having been implemented in Ohio in 2004. Ohio provided the crucial Electoral College votes to secure President George W. Bush's reelection.
"The computer system at SmartTech had the correct placement, connectivity, and computer experts necessary to change the election in any manner desired by the controllers of the SmartTech computers," Spoonamore wrote in the affadavit.
"Overall, my analysis of the two Architectures provided is the following,” he added. "They are very simple systems. They are designed for ease of use during the one of two times a year they are needed for an election. They are not designed with any security or monitoring systems for negative actions including MIM or KingPin attacks. These systems as designed would not be sufficient for any banking function, credit card function, or even or many corporate email systems needing a high degree of confidence. They are systems which will work easily, but are based on a belief all users and the system itself will be trusted not to be hacked."
He continued, "There are obviously many parties willing, with motivation, and able to hack an election for a desired outcome
