Thursday, October 07, 2010

Electronic Election Machinery Hacked Again. When are (honest) election officials ever going to learn?

Hackers Inject Univ. of Michigan 'Fight Song' Onto System During D.C. Internet Voting Scheme Tests

By Brad Friedman on 10/4/2010 12:27pm

Latest incident in long, growing list of e-vote hack events...
[UPDATED: Hacker fesses up, took total control of system]


Last week we told you about D.C.'s intention of running an insane live experiment on live voters in a live election with an untested, wholly unverifiable, easily-manipulated Internet Voting scheme this November, and about just some of the computer security and election experts who have been desperately trying to warn them against it.

And now we find out that the very short planned pre-election test phase, in which hackers were invited to try to manipulate the system, has been abruptly aborted in the wake of a, um, disturbing (if not wholly unpredictable) development.

The failed system in D.C. was developed with the Open Source Digital Voting Foundation, an outfit that is working with election officials around the country to push Internet Voting everywhere, along with other computerized voting schemes. Simply because a system is "open source" does not mean it's secure, particularly when it relies on concealed vote counting, as all of their e-vote schemes do.

Below, along with our quick list of other recent known e-voting hack events, computer scientist Jeremy Epstein in "The Risks Digest," which describes itself as a "Forum on Risks to the Public in Computers and Related Systems," offers the quick timeline of recent developments in the District of Columbia's plan "against advice from many computer scientists, pursuing a trial of a prototype system for the November election."
The result, as seen below, in this latest assault on citizen-overseeable democracy is, of course, a stunning surprise to absolutely nobody other than perhaps the D.C. election officials interested in this horrific scheme and the profiteers who must have tricked them into believing that it was a secure and/or good idea [emphasis added]...
    A brief timeline:
  • Summer 2010: DC announces the pilot, with the open testing period to be in August
  • Sep 20: DC releases a network map and requirements document; test server to be available Sep 24-30 [1]
  • Sep 24: Common Cause and Verified Voting write to Mary Cheh, chair of the DC Council oversight committee on elections, suggesting that Internet voting appears to violate DC law due to lack of voter-verifiable ballots [2]
  • Sep 24: 13 prominent computer scientists and lawyers write to Mary Cheh, pointing out numerous difficulties with the test program [3]
  • Sep 24: Test server availability delayed for an undefined time
  • Sep 28: Test server available, source code availability announced publicly; test period to run through Oct 06 at 5pm
  • Sep 30 morning: After casting a "vote" on the test server, the browser plays the Univ of Michigan fight song
  • Oct 01 afternoon: DC takes the test server down, citing "usability issues"
  • It's unclear when the test period will resume, if it all. It's also not clear at this point the extent of the compromise of the system. While it's true that the DC BoEE can fix whatever problems allowed introduction of the "fight song," it's also clear that this is the tip of the iceberg - we know from 30 years of experience that the "penetrate and patch" method doesn't produce secure systems. The RISK? Ignoring the advice of computer scientists and charging full steam ahead on a technology project doesn't work!
While we don't have the time today to detail all of the hacks of electronic voting systems used across the country today --- which are already easily manipulated even without relying on the Internet to make matters worse --- here are a few of note from recent years, including one as recently as this past August when "white hat" hackers were able to hack Pac-Man onto a touch-screen voting system without disturbing its supposedly "tamper-evident" seals. (For the record, one of scientists involved with the Pac-Man hack, and a number of others listed below, is J. Alex Halderman, who is now an assistant professor of electric engineering and computer science at Michigan University.)
[Hat-tip to Joyce McCloy's indispensable Voting News!]

* * *
UPDATE, 2:24pm PT: Washington Post's Mike DeBonis reports on the hack, says D.C. officials will nix their ill-considered plan for allowing votes to be cast on the Internet --- for now --- and quotes computer scientist Jeremy Epstein (whose coverage we noted above) stating what should be the obvious in regard to the hackers exploiting a security hole in the Internet voting scheme to play the Michigan fight song: "In order to do that, they had to be able to change anything they wanted on the Web site."

Anything. They. Want.

Other than that, let's keep working towards Internet Voting! It's a great idea! Local e-voting has worked out so great, what could possibly go wrong by extending it onto the Internet?!

* * *
UPDATE 10/5/10: As we posited above, University of MI's J. Alex Halderman was, indeed, behind the attack. He fesses up, saying: "Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters’ secret ballots." Full details now here...

No comments: