Grad students hacked an electronic voting system and elected a fictional character to prove e-voting really isn’t a good idea.
Everyone’s favorite drunken robot can now add “Head of Washington DC’s School Board” to his resume, as a team of hackers from the University of Michigan successfully elected Futurama’s Bender during a test of Washington DC’s electronic voting system.
In a detailed report published this past February, Professor Alex Halderman from the University of Michigan detailed how, back in 2010, the Washington DC election board announced it was going to use an e-voting system to count up absentee ballots in an upcoming election. To test the security of the system, the election board invited members of the security community and general public alike to try and hack their way into the voting system before it was to be used in the actual election.
“It was too good an opportunity to pass up,” Halderman explained. “How often do you get the chance to hack a government network without the possibility of going to jail?”
Within hours of getting their hands on the e-voting software, Halderman and his team of grad students took it apart and found a vulnerable spot in the code that allowed them to write information directly to the voting system’s server. From there, they were able to guess the user name and password details for the server used by the voting system, which, pathetically, were both “admin”.
Furthermore, the team found that the cameras stationed to watch the voting systems were also unprotected, letting them view the facility housing the voting server to figure out the shifts and schedules of every one of its employees. In a disturbing twist of events, the team also found a PDF file containing info on every Washington DC voter involved in the upcoming election.
So with full control over the system, Halderman and his team locked out any other would-be hackers attempting to break the system, rigged all of the electronic ballots in the system to count votes towards fictional candidates (such as The Terminator’s Skynet), and then set up the final sign-off screen to play the University of Michigan’s football fight song.
Adding further insult to injury, it then took two days before anyone overseeing the voting system realized they had been had, and that was only after a tester checking out the system for security problems complained about the music on the sign-off screen being “annoying.”
Humor aside, the Halderman’s work exposes several of the issues plaguing e-voting systems, which unfortunately are active in 33 states. Security experts have regularly expressed concerns that most aren’t nearly as secure as advertised and that an election stolen electronically isn’t as easy to detect as someone hacking a bank. Although hopefully, future voting systems will be harder much harder to crack and hackers won’t be able to rig anything just by guessing “admin”.
Source: The Register via Geekologie
Published: Mar 6, 2012 09:00 pm