The image “” cannot be displayed, because it contains errors.


Diebold News
  • Diebold Reports 2016 First Quarter Financial Results

    A complete, full-text press release, along with other earnings release documents, are accessible by visiting the Investor Relations section of Diebold's website, located at the following link: , senior vice president and chief financial officer, will discuss the company's financial performance during a conference call today at . Both the presentation and access to the call are available at .

  • Diebold Inc (DBD) Scheduled to Post Quarterly Earnings on Thursday

    Diebold Inc is set to announce its Q116 earnings results on Thursday, April 28th. Analysts expect the company to announce earnings of $0.18 per share and revenue of $511.11 million for the quarter.

  • Diebold shows Inspur CEO Pishu Peter Sun its top ATMs

    Diebold Inc. on Monday welcomed a delegation from Inspur Group Co. Ltd. , an $8 billion Chinese cloud-computing and information technology company that wants to bring the latest ATMs and banking innovations to the world's most populous country.

  • Diebold Inc (NYSE:DBD) Receives Average Rating of "Buy" from Brokerages

    Diebold Inc has received an average rating of "Buy" from the seven analysts that are currently covering the firm, Marketbeat reports . Three analysts have rated the stock with a hold recommendation and four have given a buy recommendation to the company.

  • Diebold to pay second quarter dividend

    Thank you for visiting We noticed you are using an outdated browser that may not give you the best user experience.

  • Diebold Elects Board Members, Declares Cash Dividend

    Shareholders of Diebold, Incorporated today elected its board of directors at the company's annual meeting. In addition, the board declared the second-quarter cash dividend and shareholders voted to pass all other resolutions.

  • Liberty Mutual Group Asset Management Inc. Increases Stake in Diebold Inc

    Liberty Mutual Group Asset Management Inc. raised its position in shares of Diebold Inc by 51.5% during the fourth quarter, Holdings Channel reports. The institutional investor owned 41,850 shares of the company's stock after buying an additional 14,221 shares during the period.

  • Diebold Inc (DBD) Rating Increased to Hold at Zacks Investment Research

    According to Zacks, "Diebold Incorporated develops, manufactures, sells and services automated teller machines, electronic and physical security systems, various products used to equip bank facilities, software and integrated systems for global financial and commercial markets. Sales of systems and equipment are made directly to customers by the company's sales personnel and by manufacturer's representatives and distributors.

  • Diebold Inc (DBD) Stock Rating Upgraded by Zacks Investment Research

    According to Zacks, "Diebold Incorporated develops, manufactures, sells and services automated teller machines, electronic and physical security systems, various products used to equip bank facilities, software and integrated systems for global financial and commercial markets. Sales of systems and equipment are made directly to customers by the company's sales personnel and by manufacturer's representatives and distributors.

  • Diebold Inc to Post Q2 2016 Earnings of $0.36 Per Share, Imperial Capital Forecasts

    Equities researchers at Imperial Capital lowered their Q2 2016 earnings estimates for shares of Diebold in a research note issued to investors on Friday, Zacks Investment Research reports. Imperial Capital analyst J. Kessler now anticipates that the firm will post earnings per share of $0.36 for the quarter, down from their previous forecast of $0.42.

The nation's clearinghouse for election audit information!


Princeton University Researchers Demonstrate New Vulnerabilities in Diebold AccuVote-TS PDF  | Print |  Email
By Robert Kibrick, Legislative Analyst, Verified Voting Foundation   
September 18, 2006
Removable memory cards used by voting machines can be infected with a virus and used to spread corrupted software

On September 13, computer security researchers at Princeton University's Center for Information Technology Policy released a security analysis of the Diebold AccuVote-TS direct recording electronic (DRE) touch screen voting machine. That analysis identified extremely serious security vulnerabilities in the Diebold hardware and software. In laboratory tests using actual Diebold hardware and software, the researchers demonstrated that these vulnerabilities could be exploited by malicious individuals to corrupt the results of elections conducted on these machines and that such corruption would be nearly impossible to detect.


Nearly 33,000 AccuVote-TS touch screen voting machines are currently in use in the United States, and they are used statewide in both Maryland and Georgia. Given the extremely serious nature of these vulnerabilities and the widespread use of these machines, it is imperative that responsible public officials respond promptly to address the concerns raised by the Princeton study.


To promote informed discussion of these issues, this page provides links to the Princeton study itself, initial reactions to that study by computer security and voting systems experts, Diebold's response to the study, and rebuttals to that response. Several links to related news releases and articles are also provided.


The Princeton Study


Abstract plus links to full report and demonstration video

Full report in PDF-format


Initial Response from computer security and voting systems technology experts


Dr. David Dill, Professor of Computer Science, Stanford University, and founder of and The Verified Voting Foundation states: "The Princeton report is the most thorough analysis yet of security issues with the Diebold AccuVote-TS. The leader of the team authoring the report, Prof. Edward Felten, is a very well-known and highly respected computer security expert and the Director of Princeton's Center for Information Technology Policy. Their report is careful, authoritative, and devastating.


It is not at all surprising that it is possible to write malicious vote-stealing code that is difficult to detect -- I said so in 2003, because it's obvious to anyone with the necessary technical expertise, even without knowing the details of the computer systems in question. Since 2003, hundreds of other computer scientists, including Prof. Ed Felten, signed the "Resolution on Electronic Voting" at because they agreed.


However, it seems that many people, including election officials and politicians, have been reluctant to accept these conclusions. The Princeton report, and especially the online video, should remove all doubt. They demonstrate several ways that malicious code can be written and installed, quickly and easily, on a widely-used electronic voting machine. The video demonstration will be especially valuable for convincing skeptics of the feasibility and potential terrible consequences of such an attack.


In addition to demonstrating frightening new attacks, such as a vote-changing virus that can gradually spread from machine-to-machine after being released, the report also confirms many previous findings, including those of the Johns Hopkins/Rice report in 2003, the RABA report in 2004, and the reports by Harri Hursti and Herbert Thompson of Black Box Voting in 2006."


Dr. Michael Fischer, Professor of Computer Science, Yale University, Vice Chair of the State of Connecticut's former Voting Technology Standards Board, and a founding member of TrueVoteCT states:


"Although I have been saying for some time how vulnerable all computerized voting systems are, the vulnerabilities in the Diebold TS DRE machine, and the ease with which the Princeton team was able to compromise those machines surprised even me. Here are the things I learned reading the paper that I didn't know or hadn't really thought through before.


• I had not thought of spreading malicious code via a memory-card virus, although in retrospect that should have been obvious. Computer viruses predated the Internet. They used to be spread from PC to PC via floppy disks. We used to be warned about booting our PC's with untrustworthy disks in the floppy drive, just as now we're warned against clicking on untrustworthy links on a web page. The more things change, the more they stay the same. Viruses can spread much faster now with the Internet, but spread they did, even in the old days. 


• The reason the virus attack is so pernicious is that it really can be used to infect large numbers of machines by a single person, without that person being an insider in a voting machine company or a poll worker. All it takes is somebody who has access to one memory card for a short period of time -- a shipping clerk, a town hall employee, almost anybody. It's enough to corrupt the memory card that will later be inserted into the voting machine. It isn't necessary to have direct access to the machine at all. This makes chain of custody for both memory cards and the machines themselves all the more important. It also makes it really crucial for election officials to have access to the contents of the memory cards so that they can verify that the cards do not contain malicious code before they are inserted into the voting machines. Such verification software would be easy, almost trivial, to write, especially with Diebold's cooperation as to data formats and such. Accordingly, Diebold should publicly disclose the data format of the memory cards so that the contents of those cards can be independently verified by elections officials.



• The fact that a virus can be spread by an innocent technician attempting to install legitimate software updates is yet another pernicious fact about viruses and the really bad security architecture of the Diebold machine. This means that really stringent update procedures need to be followed that include booting the machine off of a safe EPROM rather than booting the machine normally. I don't know how much control elections officials can exert over Diebold technicians, but it's absolutely essential that correct procedures be followed.


• Of course, this attack focuses attention again on the fact that the malicious code could originate anywhere along the chain from the Diebold-produced GEMS software to the vendor-produced memory cards all the way down to the individual precinct. If someone manages to infect the GEMS election management machine, then it could be made to copy the malicious code to each memory card it programs. Without a way to view what is actually on the memory card (and without procedures requiring that it be done), technicians or elections officials could be producing infected memory cards without any knowledge of what they were doing.


• I had always assumed that to alter votes, a malicious attacker would somehow get hold of the source code to the election software and then modify it. This left open the question of how they would obtain the source code. One can always reverse engineer the executable code, but that's a costly and time-consuming process. The Princeton team came up with a much simpler solution. They run the Diebold software unmodified, but they run their attack software in parallel with it. The attack software simply polls the memory card from time to time to see if any new votes have been recorded. If they have, it takes the opportunity to alter the votes as it sees fit. Since it changes both copies of the ballot and the audit log file, it leaves no trace of its actions. By operating this way, it doesn't really need to know how the election software works; it only needs to know how the votes are stored in memory.


• The Princeton report describes two attacks: a vote-altering attack and a Denial-of-Service (DoS) attack. I had never thought much about DoS attacks in conjunction with voting machines since such an attack leaves an obvious trail of its existence. Hence, I had assumed that nobody would be motivated to simply disable voting machines during an election. But now I can think of several possible motivations: (a) To bias the election outcome by attacking all machines in precincts with certain voting patterns. (b) To bias the election by selectively attacking any machine that shows a sufficiently strong vote for an opposing candidate. (c) To attack all machines indiscriminately in order to further erode the public trust in electronic voting machines, either out of a "white knight" belief that this is in the country's best interest or in order for a vendor of a different kind of technology to gain a competitive advantage. If a widespread DoS were to occur on election day, it would cause a major disruption in the functioning of our democracy and probably result in having to hold a new election without the use of high-tech machines.


• The technical report showed how much valuable information the researchers were able to gain by having access to an actual AccuVote-TS machine. Previous studies that had disclosed many of the vulnerabilities upon which the Princeton work was based relied on much more limited access to the hardware and software. We'll never have secure machines if the vendors succeed in keeping the inner workings of their machines secret from the security experts. Fortunately, history shows that that is nearly impossible for them to do so, despite their best efforts. Similarly, it is nearly impossible to keep such things secret from the bad guys, which is why secrecy is not the road to security."

Diebold's Response to Princeton Study


Press release format




Rebuttal's to Diebold's Response to the Princeton Study


Dr. David Dill, Professor of Computer Science, Stanford University, and founder of and The Verified Voting Foundation states:



"As in previous cases, Diebold has fired up its disinformation machinery to try to discredit the Princeton report. Among other points, it dusts off the argument, used since 2003, that the researchers examined out-of-date software. In past instances, it was shown later that newer versions of the program had many of the same security flaws. Furthermore, the Princeton report, like the Johns Hopkins/Rice report before it, observes that many of the problems cannot be fixed without a complete re-engineering of the system, which has obviously not happened.


However, we must not lose sight of the really important questions. 'Why should we trust a company and regulatory system that allowed these machines to be used in previous elections?' and 'Why should we trust anything that Diebold says?'"

Dr. Douglas Jones, Associate Professor of Computer Science at the University of Iowa, former chair of the State of Iowa's Board of Examiners for Voting Machines and Electronic Voting Systems, and a member of the advisory board of VerifiedVoting states:


"Diebold says:

A virus was introduced to a machine that is never attached to a network.

This response dodges the question, expressing a complete misunderstanding of the nature of viruses by implying that viruses are irrelevant if there is no network. First, viruses originally emerged as a threat in the era of the Apple II personal computer, where they were spread on floppy disks that were hand carried between machines. What matters, clearly, is the presence of communication, not wires. Communication by hand carried disks, or PCMCIA cards, creates an environment in which the possibility of viruses is worthy of investigation.

The current generation AccuVote-TS software - software that is used today on AccuVote-TS units in the United States - has the most advanced security features, including Advanced Encryption Standard 128 bit data encryption, Digitally Signed memory card data, Secure Socket Layer (SSL) data encryption for transmitted results, dynamic passwords, and more.

Diebold has not released to the public sufficient information to allow an assessment of the competence with which these measures were applied. As a result, we cannot determine whether these are applied in an effective way, or whether they are as ineffective as the use of DES was back in 1997.

In addition to this extensive security, the report all but ignores physical security and election procedures. Every local jurisdiction secures its voting machines - every voting machine, not just electronic machines. Electronic machines are secured with security tape and numbered security seals that would reveal any sign of tampering.

See Avi Rubin's report. See the report from Cleveland [PDF] on the frequency with which these measures were used effectively. See Ed Felten's comments on the denial of service attack that security seals offer. I commented on the same with regard to the ES&S iVotronic in my comments on the pre-election tests in Miami in 2004.

If you take seals seriously, you must inventory seal numbers at the time applied and insist on recording the seal numbers at the time they are broken. Auditors must routinely check that these records are properly maintained, and any seal found broken should disqualify the machine it is attached to. Jurisdictions don't do this, and the seals being used are so flimsy that if they did, someone could shut down a polling place by careful use of their thumbnail. In sum, the use of seals, as it is being done now, is about cosmetics, not about security.

Secure voting equipment, proper procedures and adequate testing assure an accurate voting process that has been confirmed through numerous, stringent accuracy tests and third party security analysis.

Diebold owes the public a list of the third party security analyses that have found their system to be secure. None of the analyses I'm aware of drew positive conclusions. Certainly the redacted SAIC study, [ed note: The redacted SAIC report was originally posted here on Maryland's website, but has since been removed.] the Compuware study [PDF], and the Raba study [PDF] all found major flaws. I've spoken with authors of the Raba study who were livid about the way Diebold lobbied them during the writing of their report to soften the wording, and then misrepresented the results in their public relations campaign that followed. The SAIC study is still not available in unredacted form. Does this mean that it still documents weaknesses that have yet to be corrected?

Every voter in every local jurisdiction that uses the AccuVote-TS should feel secure knowing that their vote will count on Election Day.

Indeed. I agree completely. They should feel secure. Or at least, that is what we owe them. I wish we could follow through on that promise."

Comment on This Article
You must login to leave comments...
Other Visitors Comments
You must login to see comments...
< Prev   Next >
Diebold Resources
Company Links
California 05
North Carolina
: mosShowVIMenu( $params ); break; } ?>
Vendor Pages
Voting Equipment Vendors
Advanced Voting Solutions
Danaher Corporation (Guardian Voing Systems)
Election Systems and Software (ES&S)
Hart Intercivic
Liberty/NEDAP Powervote
VoteHere (Dategrity)
Voter Database Vendors
VoTing Technologies International
: mosShowVIMenu( $params ); break; } ?>