Among those who advocate for the “modernization” of our voting systems, internet-based electronic voting and registration platforms are often offered as an ideal solution to the problems inherent in our current registration and voting processes. A newly published paper describes the ease with which a small group of researchers was able to hack a Washington D.C. based internet voting pilot project, demonstrating that these new systems are not ready for take-off. In 2010, the Washington D.C. Board of Elections and Ethics announced that it would offer a “Digital Vote-by-Mail Service” that would have allowed overseas voters registered in the District to cast their votes over the internet. The federally-funded project ran a mock election allowing for public testing of its functionality and security ahead of the November election. A research team from the University of Michigan at Ann Arbor reports that it was able to gain “near complete control of the election server” in under two days time. Even more disturbingly, the hackers state that elections officials were effectively incapable of discerning that their system had been compromised.
“We successfully changed every vote and revealed almost every secret ballot. Election officials did not detect our intrusion for nearly two business days – and might have remained unaware for far longer had we not deliberately left a prominent clue,” wrote Scott Wolchok, Eric Wustrow, Dawn Isabel and J. Alex Halderman. The paper, entitled “Attacking the Washington D.C. Internet Voting System,” was published in the Proceedings of the 16th Conference on Financial Cryptography and Data Security last month. The flaws revealed by the security breach resulted in the discontinuation of the internet-based voting service by the D.C. Board of Elections and Ethics.
Within hours, the research team was able to discover serious vulnerabilities that allowed them to compromise the system’s server. Among other things, they were able to retrieve the key code used for encrypting individual ballots, which allowed them to change every single vote to reflect a “forged ballot of our choosing,” as well as ensure that all ballots processed from then on would reflect the election outcome they desired. The hackers opted to have all ballots indicate a vote cast for Bender, the robot character from the television show Futurama. The team decided to “hide their tracks” and reportedly did so with moderate success, but they also left a calling card. “We uploaded a recording of “The Victors” (the University of Michagan fight song) and modified the confirmation page to play this recording,” reads the paper.
Full Article: Hacking the Polls – Independent Voter Network.