We’ve discussed, many times over the years, the madness of Internet Voting schemes. Today we’ve got yet another piece of disturbing evidence that underscores why such a scheme for American democracy would be nothing short of insane. … Now, Kim Zetter at Wired’s “Threat Level” blog offers yet another reason why the Internet, as it currently exists, is simply unfit to serve as a means for secure online voting. Her recently published article, which doesn’t focus on voting, is alarmingly headlined “Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet”. And no, in this case, it’s not the NSA. At least as far as we know. Zetter details a “huge security hole” indeed, one which, as she documents, was found to have been used earlier this year to re-route “vast amounts” of U.S. Internet data all the way out to Belarus and Iceland, where it was intercepted in a classic “man-in-the-middle” fashion, before being sent on to its intended receiver. During the hijack attack, the senders and receivers of the Internet data were none the wiser, just as would likely be the case if the same gaping security hole in the Internet’s existing architecture was used to hijack votes cast over the Internet, change them, and then send them on to the server of the intended election official recipient.
… What makes this exploit particularly disturbing is that no one may ever even know that it occurred. In a blog post by Renesys cited by Zetter, the firm warns: “What makes a man-in-the-middle routing attack different from a simple route hijack? Simply put, the traffic keeps flowing and everything looks fine to the recipient…It’s possible to drag specific internet traffic halfway around the world, inspect it, modify it if desired, and send it on its way.”
… Such an attack is, obviously, a horrifying possibility for an Internet-based election, and there seems to be no way to block the ability for such an attack to be carried out, given the way the Internet itself is currently set up to operate. To affect an election, rerouting by such an attack would only one need to be run during hours that the polls are open, or even just a portion of that time. Since this exploit targets specific IP addresses, it could, theoretically, target only the computers used for voting at the polls, or in very specific areas.
Data from Internet votes cast at a precinct (or from a smart phone, or whatever other sort of scheme these Internet Voting loons seem to keep dreaming up) could be hijacked, modified, and then sent to the official election server without anybody ever knowing anything had happened. Since we have secret ballots in U.S. elections, it would be largely impossible to compare the original votes to the ones that were ultimately recorded.