US e-voting system cracked in less than 48 hours

smartguy911

smartguy911

Member
Joined
Dec 12, 2007
Messages
2,992
http://www.h-online.com/security/ne...em-cracked-in-less-than-48-hours-1463881.html
Researchers at the University of Michigan have reported that it took them only a short time to break through the security functions of a pilot project for online voting in Washington, D.C. "Within 48 hours of the system going live, we had gained near complete control of the election server", the researchers wrote in a paperPDF that has now been released. "We successfully changed every vote and revealed almost every secret ballot." The hack was only discovered after about two business days – and most likely only because the intruders left a visible trail on purpose.
Click to expand...
 
You mean to say, the government can't run a system as good as the private market? *mind blown*
 
They also praise the system's transparency as exemplary but point out that its architecture has fundamental security weaknesses and was not able to withstand a shell injection and other common hacker techniques.

The security experts investigated common vulnerable points such as login fields, the virtual ballots' content and filenames, and session cookies – and found several exploitable weaknesses. Even the Linux kernel used in the project proved to have a well known vulnerability. They were also able to use the PDFs generated by the system to trick the encryption mechanism, while unsecured surveillance cameras provided additional insights into the infrastructure. While the open source nature of the code made their work somewhat easier, they believe that attackers would have been able to make quick headway even if the system had been proprietary.
Click to expand...

Sounds like the system was designed by some real amateurs or pro's that were told to make it hackable.
 
It simply should not be, open source or not. I'm a programmer, and in my opinion there is no reasonable way to implement e-voting that can be secure, both to outside hackers, and corrupt insiders.
 
I'm sure it's broken as shit, but it doesn't matter how "secure" the system or software is when you have secret ballots.
 
arsenius said:
It simply should not be, open source or not. I'm a programmer, and in my opinion there is no reasonable way to implement e-voting that can be secure, both to outside hackers, and corrupt insiders.
Click to expand...

You may be able to accomplish this with a decentralized voting system similar to bitcoin. The tricky part is you'd need to come up with a system that ensures that only real people can vote.

I'm thinking when you register to vote you'd have to go somewhere in person to create your secret key. You'd need two key components:

1) A process that ensures only the voter knows the secret key, and this value is not stored in their databases anywhere
2) Witnesses with their own private keys used to sign the secret key to certify that a person did in fact come in to register their account and did not already have an account

It'd be complicated
 
arsenius said:
It simply should not be, open source or not. I'm a programmer, and in my opinion there is no reasonable way to implement e-voting that can be secure, both to outside hackers, and corrupt insiders.
Click to expand...

You can never have a vote that is secure against corrupt insiders. It can never happen, period. But of course that is why we have the bill of rights, right? To defend ourselves?
 
I don't understand why they don't issue a receipt with a random number on it, showing your vote and everyone elses, then post all of them online, so you can then go look up how your vote has been counted. That would seem verifiable at least, if not hack proof. At least they couldn't flip real voters votes. Now I guess they could add fake entries.
 
RonPaulIsGreat said:
I don't understand why they don't issue a receipt with a random number on it, showing your vote and everyone elses, then post all of them online, so you can then go look up how your vote has been counted. That would seem verifiable at least, if not hack proof. At least they couldn't flip real voters votes. Now I guess they could add fake entries.
Click to expand...

Random was the wrong word. With random, you could have 1million people with the same number. You meant unique identifier, which of course you'll get the argument against because votes are supposed to be anonymous. But I agree, it is certainly doable. Of course at this point, I almost want to make voting harder, not easier.
 
arsenius said:
It simply should not be, open source or not. I'm a programmer, and in my opinion there is no reasonable way to implement e-voting that can be secure, both to outside hackers, and corrupt insiders.
Click to expand...

An e-voting system can be auditable. The question isn't whether you can make it "secure" as it is how easy is it to catch the fraud after the fact. One thing I've learned from this process is that even a caucus can be misreported. (I call that fraud, but some aren't willing to go that far).
 
So criminals can use this software to affect the outcomes of elections? I wonder if any one will even notice a difference in current methods vs. the E voting system?

The central counterfeiters had to get out of paper and into 1's and 0's for the same reason: easier to rip people off.
 
Last edited:
You must log in or register to reply here.

Similar threads

Occam's Banana
It’s Good to Be Skeptical of Elections
Replies
4
Views
3K
Occam's Banana
Occam's Banana
Snowball
U.S. State Dept.: Russia will invade Ukraine in 24-48 hours.
Replies
14
Views
2K
acptulsa
acptulsa
PAF
The WHO: Building a Permanent Pandemic Market
Replies
6
Views
1K
Invisible Man
I
PAF
Technocracy Rising: Why It’s Crucial to Understand the End Game
Replies
1
Views
1K
FineSpeech
FineSpeech
C
Working on the Railroad: A Ticket to Freedom
Replies
2
Views
869
CCTelander
C
Back
Top