Printer-friendly version
Update: Chinese and Iraqi hackers also attempted to hack this election, a startling report today reveals.
By Miriam Raftery
October 11, 2010 (San Diego's East County) -- The U.S. military has cancelled Internet voting for U.S. troops after hackers infiltrated an online election in Washington D.C., playing the University of Michigan “Fight” song on the voting system--and accessing the ability to change votes.
“Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters’ secret ballots,” said J. Alex Halderman, assistant professor of electronic engineering and computer science at the university. Haldeman and a team of students were invited to try and hack the system to prove that it was impenetrable. Instead, they exposed serious flaws, as Brad Friedman, a journalist specializing in election integrity issues, reported last week.
“The specific vulnerability that we exploited is simple to fix, but it will be vastly more difficult to make the system secure,:” Haldeman told Friedman, who exposed the story on his website, www.BradBlog.com. We’ve found a number of other problems in the system, and everything we’ve found suggests that the design is brittle: one small mistake can compromise its security.”
Friedman revealed further chilling facts: Halderman and his team said that “all cast ballots on the system were modified and overwritten with write-in votes, all passwords taken—including the encryption key, which e-voting supporters constantly suggest will keep such systems safe.” The team installed a backdoor software entry that later enabled them to view votes cast, names of voters and who they voted for in the election.
The specific system compromised in the test was developed with the Open Source Digital Voting Foundation. Open source has been touted by its advocates as a solution to worries about secret software controlled by voting machine companies. However the successful hack clearly demonstrated that open source does not mean “secure.”
As Friedman and others (including this reporter) have revealed in the past, electronic voting has been subject to a long string of hacks and vulnerabilities.
One of the Diebold systems used in San Diego was successfully hacked in Florida after a registrar of voters in Florida invited hackers to test the security. Both touchscreen and optical scanners have shown vulnerability to hacks. Halderman was also behind hacking Pac-Man onto a Sequoia touch-screen voting machine last August and served on a Princeton team that hacked Diebold’s touch-screen system with a vote-flipping virus back in 2006.
East County Magazine contacted Friedman for clarification on how U.S. soldiers, particularly those stationed overseas, will be voting now. “They just cancelled the ability for them to use the Internet to send back their ballots,” he said. “They can still either fax or snail-mail.” He added that the hack scotched the Military’s plans to use the Internet for voting “even as provisions for pilot programs such as this one for military and overseas voters were included in the MOVE Act.”
Miriam Raftery won the national "Arlene Award" from the American Society of Journalists & Authors for her reporting on electronic voting concerns in San Diego and national elections.
Recent comments