In 2007, the Estonian government came under a massive denial-of-service attack that crippled the country’s banking, government and law enforcement infrastructure. Nobody took responsibility for the flood of bogus Internet traffic, but some suspected Russia was the culprit. Given what we know about Russia’s aggressive border policies, it’s a plausible theory. The Kremlin, after all, had a motive: Estonia had recently taken down a Soviet-era statue, and ethnic Russians were up in arms about it. If Moscow wanted to take the opportunity to meddle in Estonia’s affairs, according to research by an international team of security experts, it could do so cleanly and silently without anyone being the wiser. The attack could come via Estonia’s online voting system. Estonia’s is one of the only such ballot systems in the world, which makes it a fascinating test case for other countries or governments weighing the costs and benefits of e-voting. Unfortunately, the researchers discovered, this system is vulnerable to hacking in ways that could change the outcome of entire elections.
Alex Halderman, a member of the research group and an associate professor of computer science at the University of Michigan, helped lead the study. Halderman and other researchers set up an exact replica of the Estonian e-voting infrastructure on a set of dummy machines and then probed them for weaknesses. Turns out the game can be rigged both by hacking voters’ computers, as well as by loading malware onto the servers that log and count the votes.
“This reveals a tremendously worrying lack of operational security and professionalism on the part of the election administration,” Halderman told reporters Monday in a news conference. “It creates multiple opportunities for an attack to try to compromise the system without either being detectable or being stopped by the [security] procedures that are in place.”
Full Article: How Russia could easily hack its neighbors’ elections.