| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
- The incident involving serious security vulnerabilities in voting machines occurred with the WINVote touchscreen machines made by Advanced Voting Solutions (formerly Shoup Voting Solutions) [38902].
- The same machines were used in multiple counties in Virginia and were eventually decommissioned due to the security flaws [38902].
(b) The software failure incident having happened again at multiple_organization:
- The incident highlighted serious security vulnerabilities in voting machines used in the U.S., including the M650 scanner electronic system used in 23 states [76004].
- The report from the Def Con conference mentioned that the M650 system had a cybersecurity defect that was reported over a decade ago, indicating a recurring issue with the voting machine technology [76004].
- The AccuVote TSx system, used by 18 states, was also found to have vulnerabilities, such as the ability to easily disconnect the smart card reader and reprogram voting smart cards wirelessly [76004]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase:
- The WINVote touchscreen voting machines used in Virginia were found to have serious security vulnerabilities due to poor design choices, such as using a poorly secured Wi-Fi feature for tallying votes and using the notoriously insecure WEP wireless protocol [38902].
- The machines were running on a 2002 version of Windows XP that had not been patched since 2005, making them vulnerable to at least 18 known software vulnerabilities [38902].
- The administrative account on the machines had a hardcoded password "admin," providing full administrative access to the operating system [38902].
- The Microsoft Access database storing votes had a weak password "shoup," was not encrypted, and required no authentication to modify it, allowing attackers to easily manipulate vote tallies [38902].
(b) The software failure incident related to the operation phase:
- The M650 electronic scanner used in 23 states of the U.S. was found to have vulnerabilities that could allow remote attacks, potentially impacting the integrity of election results [76004].
- The AccuVote TSx system, used by 18 states, had a design flaw where the smart card reader could be easily disconnected to disrupt the voting process [76004].
- At the Def Con conference, hackers were able to reprogram voting smart cards wirelessly using mobile phones, highlighting operational vulnerabilities in the voting systems [76004]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident in Article 38902 involving the WINVote touchscreen voting machines in Virginia was primarily due to contributing factors that originated from within the system. The machines had severe security vulnerabilities such as using a poorly secured Wi-Fi feature for tallying votes, running on outdated and unpatched software (Windows XP from 2002), having hardcoded passwords like "admin" and "shoup," and using weak encryption protocols like WEP. These internal system flaws made the machines highly susceptible to hacking and manipulation of votes [38902].
(b) outside_system: The software failure incident in Article 76004 regarding the electronic voting machines used in the U.S. highlighted contributing factors that originated from outside the system. A group of hackers identified serious cybersecurity flaws in the voting machines, including a design flaw reported in 2007 and vulnerabilities that allowed remote attacks. The machines were found to be susceptible to being hacked remotely, potentially impacting election outcomes. The external nature of these vulnerabilities posed significant risks to the security of the electoral infrastructure and the national security of the U.S. [76004]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
- In Article 38902, the WINVote touchscreen voting machines used in Virginia elections were found to have serious security vulnerabilities, including a poorly secured Wi-Fi feature for tallying votes. The machines were running on a 2002 version of Windows XP that had not been patched since 2005, making them vulnerable to known software vulnerabilities. The encryption key used for wireless communication was easily cracked, and the machines had a hardcoded administrative account password. These non-human factors contributed to the failure of the voting machines' security [38902].
(b) The software failure incident occurring due to human actions:
- In Article 76004, a group of hackers identified serious security flaws in voting machines used in the U.S. The vulnerabilities found in the machines, such as the M650 and AccuVote TSx, were due to design flaws and outdated security measures. The creators of the M650, Election Systems & Software (ES&S), dismissed the findings of the hackers, indicating a lack of response to human actions that could have addressed the identified vulnerabilities. Additionally, the ease with which the smart card reader in the AccuVote TSx could be disconnected to disrupt the voting process highlights a human-related vulnerability [76004]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident occurring due to hardware:
- In Article 76004, a group of hackers found serious vulnerabilities in voting machines used in the U.S., including a machine called M650 used in 23 states. The vulnerabilities allowed remote attacks on the M650, potentially impacting election results. The hardware design flaw in the M650 was reported in 2007, indicating a long-standing issue originating in the hardware [76004].
(b) The software failure incident occurring due to software:
- In Article 38902, the WINVote touchscreen voting machines used in Virginia were found to have severe security problems originating in the software. The machines were running on outdated software, Windows XP from 2002, with unpatched vulnerabilities that could be exploited by attackers. Additionally, the machines had a poorly secured Wi-Fi feature for tallying votes, allowing potential remote access for hackers to modify votes recorded by the machines. The software vulnerabilities in the WINVote machines were significant and trivial to exploit, indicating a failure originating in the software [38902]. |
| Objective (Malicious/Non-malicious) |
malicious, non-malicious |
(a) The software failure incident described in Article 38902 was malicious in nature. The incident involved serious security vulnerabilities in the WINVote touchscreen voting machines used in Virginia elections, which were so severe that they were at serious risk of being compromised by hackers. The machines had poorly secured Wi-Fi features, outdated and unpatched software, weak encryption protocols, hardcoded passwords, and other critical security flaws that could allow malicious third parties to modify votes recorded by the machines. The incident highlighted deliberate security weaknesses that could potentially be exploited by attackers to manipulate election outcomes [38902].
(b) The software failure incident described in Article 76004 also involved non-malicious factors contributing to the failure of electronic voting machines. The vulnerabilities found in the M650 and AccuVote TSx machines used in the U.S. elections were not intentional but were due to design flaws and outdated security measures. The machines had long-standing cybersecurity issues that had been reported over a decade ago but had not been adequately addressed. The vulnerabilities discovered during the Def Con conference's Voting Village event were described as "impressive" in number and severity, posing serious risks to the electoral infrastructure and national security. These non-malicious factors included design flaws, unpatched vulnerabilities, and inadequate security measures that left the voting machines susceptible to remote attacks and manipulation [76004]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident was poor_decisions.
The incident involving the WINVote touchscreen voting machines in Virginia was primarily due to poor decisions made by election officials and the board of elections. Despite repeated warnings and concerns raised by experts like Jeremy Epstein over the years, the state continued to ignore the security problems with the machines. The decision to decommission the machines only came after Governor Terry McAuliffe experienced problems with them firsthand during the state's general elections. Additionally, the machines were certified in 2003 and were not updated to address the evolving security threats, making them less secure over time [38902].
Similarly, in the incident involving the M650 electronic voting machine used in 23 states of the US, the vulnerabilities and security flaws found were a result of poor decisions made in the design and implementation of the system. The machine had a known cybersecurity defect reported over a decade ago that had not been addressed. The organizers of the Def Con conference described the problems found in the machines as "impressive" and highlighted that they posed serious risks to the national security infrastructure due to the poor security measures in place [76004]. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident occurring due to development incompetence:
- Article 38902 reports on a software failure incident related to the WINVote touchscreen voting machines used in Virginia elections. The machines had severe security vulnerabilities, including using a poorly secured Wi-Fi feature for tallying votes, running on outdated software (Windows XP from 2002), having unpatched vulnerabilities, and using weak security controls. These issues were a result of development incompetence and lack of professional competence by the vendor, as highlighted by the hardcoded passwords, lack of encryption, and outdated software [38902].
(b) The software failure incident occurring accidentally:
- Article 76004 discusses a group of hackers finding serious vulnerabilities in voting machines used in the U.S., particularly the M650 machine used in 23 states. The vulnerabilities included a design flaw reported in 2007 and the potential for remote attacks on the machines. These vulnerabilities were not introduced accidentally but were inherent in the design and implementation of the voting machines, indicating a failure due to development incompetence rather than accidental factors [76004]. |
| Duration |
permanent |
(a) The software failure incident described in the articles is considered permanent. The incidents involving the voting machines in Virginia and the electronic voting machines used in the U.S. were due to serious security vulnerabilities and design flaws that were present for an extended period of time without being adequately addressed. In the case of the WINVote touchscreen voting machines in Virginia, the vulnerabilities were present from the time they were first used in 2003 until they were decommissioned in 2015 [38902]. Similarly, the electronic voting machines used in 23 states in the U.S. were found to have serious security risks that were reported more than a decade ago and were still present during the hacking event in 2018 [76004].
These incidents highlight that the software failures were not temporary issues caused by specific circumstances but rather permanent failures resulting from inherent flaws in the systems that persisted over an extended period of time. |
| Behaviour |
crash, omission, value, other |
(a) crash: The software failure incident described in Article 38902 involved a crash scenario where the voting machines experienced issues such as power problems, embedded errors, and wireless communication issues during the state's general elections. In one instance, all the machines in a precinct crashed individually in succession and simultaneously, leading to a complete breakdown of the voting process [38902].
(b) omission: The software failure incident also involved instances of omission where the voting machines omitted to perform their intended functions correctly. For example, in a race for the Fairfax School Board, the machines inexplicably subtracted one vote for every 100 votes cast in favor of a candidate, resulting in a reduction in votes for that candidate. This omission led to discrepancies in the vote tallies and potentially affected election outcomes [38902].
(c) timing: The software failure incident did not specifically involve timing-related failures where the system performed its intended functions either too late or too early.
(d) value: The software failure incident in Article 38902 included failures related to the system performing its intended functions incorrectly. For instance, the machines had vulnerabilities that could allow malicious third parties to modify the votes recorded by the devices, potentially altering election results. Additionally, the machines had a hardcoded administrative account with a weak password, making it easy for unauthorized access and manipulation of vote data [38902].
(e) byzantine: The software failure incident did not exhibit behaviors related to byzantine failures where the system behaves erroneously with inconsistent responses and interactions.
(f) other: The software failure incident also involved other behaviors such as the system having severe security flaws, using outdated and vulnerable software, having weak encryption protocols, and lacking proper security controls. These issues contributed to the overall failure of the voting machines to ensure the integrity and security of the voting process [38902]. |