Wired has the most complete article I’ve seen yet on the subject.

It was a basic error that students in Cryptography 101 learn never to make: Diebold’s programmers had written the key for unscrambling the system’s encryption directly into the code. This meant the key would never change, and anyone reading the source code (including anyone who downloaded it from the FTP site) would know it. The same key unlocked the data on every machine. It was the equivalent of a bank assigning the same PIN to every customer’s ATM card.

“Oh man, we thought, this is horrible,” said Kohno. “We realized that the system was written by novices and we weren’t really surprised then by anything else we found.”