The world is moving online and so too now is politics. But as online, electronic voting (e-voting) increasingly becomes a reality, are we opening ourselves up to vote rigging by power-hungry politicians or fame-seeking hackers? Voting has traditionally been a pen and paper exercise; a slip filled-in and placed into a sealed ballot, with results counted and recorded by independent volunteers. Of course, this doesn’t mean that the result can’t be swayed, unintentionally or otherwise. There have been some notorious examples of foul play – Slobodan Milošević was accused of rigging elections in 1996 and 2000 in Yugoslavia – while errors can also occur, as best illustrated by the 2000 US presidential election, when a fault with Florida’s ballot paper led some people to vote for the wrong candidate. … These risks are only magnified when voting systems are pushed online. Brazil, Belgium and Estonia are just a few examples of the countries to have taken to e-voting, and while they have seen the benefits from the improved speed, accessibility and legibility (no more illegible ticks or crosses), they are arguably more open to attack.
For instance, data sent over the internet on any one of these machines could be targeted by man-in-the-middle attacks in the browser used, while hackers could also look to compromise users by sending fake registration confirmation emails. In addition, brute force attacks could be launched against passwords, while ‘hacktivists’ may look to carry out a DDoS attack, flooding the web server with traffic and knocking the voting system offline altogether.
These issues are not just hearsay – there have been recent examples too; The ‘iVote’ internet system used by the New South Wales state election in Australia was last month found to be vulnerable to an array of flaws, including the FREAK SSL vulnerability.
Meanwhile, in Virginia, US, AVS WinVote touchscreen voting machines were similarly vulnerable, and had been using simple passwords like ‘abcde’ and ‘admin’ from 2002 to 2014 – making it relatively easy for hackers to create and execute malicious code. “[The] bottom line is that if no Virginia elections were ever hacked (and we have no way of knowing if it happened), it’s because no one with even a modicum of skill tried,” wrote Jeremy Epstein, of non-profit SRI International, in a blog post. He worked on Virginia state legislative commission investigating the voting machines in 2008 and has been trying to get them decertified ever since.
Full Article: Is online voting a security risk?.