U of M team publishes paper on hacking DC e-voting system
Some of you may remember this forum post from 2010 about a University of Michigan research team that successfully hacked a Washington, D.C. e-voting trial after D.C.'s Board of Elections and Ethics opened it for testing. That team, led by professor J. Alex Halderman, has now published a paper on the attack, and it's much more impressive/funny/frightening than initially reported.
The news articles at the time reported that they had hacked the system to play "The Victors" after a vote was cast - but that was only the first sign of infiltration. They also managed to add an "OWNED" picture to the logout page, discover the authentication codes for every DC voter, and modify every ballot to be write-ins for fictional computers and robots. (Bender beat Skynet for head of the school board.)
Full article on The Register here:
http://www.theregister.co.uk/2012/03/01/electronic_voting_hacked_bender/
According to the chart in the MGoBoard FAQs:
ONTOPIC
- Anything Michigan sports related
- Anything related to other Big Ten teams or upcoming opponents
- Stuff about the blog itself
- University of Michigan topics that don't relate to sports
Sounds like an on topic winner to me.
Your use of the phrase 'handy dandy' tricks my mind into hearing your whole post in Charlie's voice...
I read it in Dora the Explorer's voice.
... but didn't think it would be the first post. Thanks for the quick defense, jhender85.
You would think that being the govenment would mean they would actually have a sufficient system. They get owned a lot but most of the times people don't notice, like when a secret Chinese intelligence team exploited the United States Department of Commerce for about 6 months. They got so far inside they could tell the temperature on the thermostat, but no one asked questions like "Why do the printers randomly spit out pages in Chinese?"
But AFAIK it's kind of like trying to build a perfect bulletproof vest. If the stakes are high enough (bank robberies, elections, espionage), people are going to find ways to exploit the system, no matter how good it was when it was designed.
There is no such thing as an impenetrable network, but at the same time when you have a full time staff doing network monitoring protocol 24 hours a day, how does it take you 6 months to find out that they're inside your system?
ineptitude.
Not quite the same thing, but HBO had a documentary called Hacking Democracy a few years back, and it was excellent. I had to watch it for a class, and I bet that professor would love reading this paper.
This has quickly become a huge public policy issue over the past decade or so, and leads to a ton of interesting questions in basically every class I've had that deals with elections. What level of security is enough? Is the heightened security risk offset by the greater ease and access of voting? Is it in the public interest to attempt to make voting easier than it is now? What would be the outcome of a system that garners much larger participation numbers? Do incumbents benefit from the previous question, or do they suffer? Are most people that don't vote better off not voting (as in, there's a huge segment of society that is stupid)? You could go on for days posing relevent questions to electronic voting.
Really, the best they could come up with was admin admin.
Amateur hour right there.
I live in DC and this does not surprise me even a little bit. The people in charge of decision making in this city are a legit GONGSHOW that the CCHA can't even imagine.
Yup. I live north in Maryland, where elected officials get warnings from driving over 100 MPH in county-owned cars. Local government here stinks.
I had to laugh out loud when I saw that too. I mean come on, you almost have to do that intentionally just to see if the hackers are competent.
There is no safe system. If someone wants to get your data, with enough manpower and time to plan....nothing is safe. Unless it's off the grid.
I just logged in to a random wireless router with that the other day. I don't see the problem
I love that they hacked the video cameras to watch the employees. So incredibly like a Hollywood hacking movie.
-Trillions of dollars transacted over web, via ecommerce.
-Companies have terabytes of sensitive data accessible via email, etc.
--Petabytes of data contained safely from hacking by private enterprise.
-Yet......the gov't can get e-fucking-voting straight.
Here's a clue.
-Use a Web site. It accessible via a browser.
-Encrypt it with 128-bit security, like PGP.
Not-fucking-hard.
My head now asplode.
The Nintendo hack (among others)
I guess that Amazon.com, American Airlines, etc, et al, ad nauseum, trillions of ecommerce conducted safely over the web doesn't matter?
Well, didn't they talk about the differences?
I didn't read that part too closely; my main takeaway was that it's easier to catch unauthorized financial transactions because it goofs up accounts. In voting, nothing has to tie back to anything.
ETA: I didn't see Gitback's response (a more thorough response on this same issue) because of threading. sorry.
Yet another example of Bill Simmons ruining our country.
I say "Bill Simmons" in the same tone of voice I use for "Adolf Hitler" and "Walt Disney"
It would also help boost every socioeconomic statistic of voters in Ohio, bar none.
"Election hacked, drunken robot elected to school board" - that was a very funny headline, and it complements the story well. Very entertaining and yet telling.
It is more than a little disconcerting that fraud could be that simple (not to mention pervasive and difficult to trace) in an e-voting system such as the one highlighted, but then again, it would be awesome to live in a district where 140% of the people felt obligated to vote and where Bender could gain a foothold in public office. High voter participation and dysfunctional yet hilarious robots make for a better democracy for us all.
Don't be a turd...
Read the article... better yet, read the published report from the UM team.
The Election WAS web based and used far more sophisticated protections then just 128-bit encryption, and it was still a piece of cake for these guys. It didn't work... not because "the gomment" is a bunch of morons, it didn't work because it really CAN'T work. That's the message.
They make the point that while it is easy to detect money and other e-commerce issues quickly and effectively respond to them, it's a much different story with a one time event, like an election where ballots are simply cast and tabulated. There is no "trail" of currency moving through accounts to track and no effective manner of monitoring unusual occurrances to trace. That's the problem. e-commerce to e-voting is apples and oranges.
These are clearly very skilled engineers and their whole POINT was that it IS nearly impossible to do secure electronic voting. It doesn't matter if it's "the fucking government" who is running it or not; according to these people secure e-voting is DECADES away, if it's ever truly possible.
Pretty much everything you are saying is spot-on. It's easy to say "Oh well if it's the government doing it, it's going to be a mess," never mind the fact that some of you are clearly confusing a local city government and the federal government. This stuff is incredibly difficult to authenticate and securely guarantee every time. Which is what voters demand.
Uhhhhh, I don't know what article you read, but maybe my link was different.
Please explain how Fortune 500 companies can keep secrets, the defense department, etc.
The article uses the example of money leaving a system and is therefore noticable, but so would a breech of nuclear technology.
It seems pretty clear to me that these guys are trying to build something from scratch, instead of using existing solutions. Or am I in an Inception time warp and the reality is that all the world's secrets are stolen?
Gimme a break.
It's the gov't fucking things up.
This is not only not decades away, the technology exists today and isn't being applied.
The DoD has a completely separate network for classified information. None of the cords from the regular net run into the system. I suppose DC could set up a single use network to use for one day every other year.
By the way, all of the world's secrets aren't really secrets. The DoD has lost shocking amounts of classified data in very embarrassing ways over the past couple of years.
The thing about movement of money is that it's easy to notice. An account balance will be wrong or strange charges will appear. There are interested parties with an easy method to see if money is missing. If nuclear secrets are stolen, no one is going to know because nothing happens. That's why identity theft can be so challenging to deal with. If someone opens a new account that you don't know about, you won't discover it until you've got an enormous bill to deal with.
I understand what you are saying about the movement of money.
Why can't we simulate that during the voting process.
For instance, assign an account, with a site key, with a certain amount of e-currency, etc.
This IS a solvable problem, with today's technology.
I work in tech....
For one, money still gets stolen online all the time, it's just less of a huge problem because it is traceable.
Even ignoring that, we still can't simulate money. For one, if I'm rigging an election, I don't need to make your vote disappear, just change into a vote for the other candidate. If you make it possible to track votes to prevent that, you--tada--make votes traceable, and that's not acceptable, either.
There is no existing solution. The problem is so bad that a large open source online voting project that was shut down because they realized that the problem was, as yet, unsolvable.
The Michigan Difference.
but only if fry was his VP, leela was his Sec Def, hermes was his Sec State, the professor was his Press Sec, nibles was his Sec of Energy, amy was his "intern," dr. zoidberg was his commerce sec
but i would never vote for MOM.