They could have been caught much sooner if the machines had been using a paper trail. My local machines print out each selection as it is made. Then if at the ballot review screen I change a vote, then it prints that on the paper trail. So if even 10% of the paper trails from a single precinct shows significant and consistent changes at the review screen, that's a huge red flag!
If the machine had a paper trail, the 2002 election could have been the only one that was affected. And the 2004 and 2006 elections would have been unaffected. As it is, it took over three election cycles to catch these guys, ***BECAUSE THERE WAS NO PAPER TRAIL***.
As for the question of how did they catch these guys, there are any number of methods, including, the wrong person talking; or an actually smart and observant voter who was waiting in line and noticed that they were given incorrect instructions and the poll workers seemed to be spending a lot of time in the booths after each voter; or a candidate being asked for bribe money; or a poll worker being approached to join the scam; etc, etc, etc, ad nauseam . . .
So the people who say that the voting machines will always reflect the will of the voter are idiots. I don't think that the machines need to be fully open source, but they need to be certifiably as secure as possible and part of that includes independent penetration testing and a paper trail ***AND PAPER TRAILS SHOULD BE REQUIRED BY FEDERAL LAW***