DC Internet Voting Trial Attacked 2 Different Ways 123
mtrachtenberg writes "University of Michigan Professor J. Alex Halderman and his team actually had two completely separate successful attacks on Washington, DC's internet voting experiment. The second path in was revealed by Halderman during testimony before the District of Columbia's Board of Elections and Ethics on Friday. Apparently, a router's master password had been left at the default setting, enabling Halderman to access the system by a completely different method than SQL injection. He presented photographs of a video stream from the voting offices. In addition, he found a file that had apparently been left on the test system contained the PINs of the 900+ voters who would have used the system in November. Others on the panel joined Halderman in pointing out that it was not just this specific implementation of internet voting that was insecure, but the entire concept of using today's internet for voting at all. When a DC official asked why internet voting could not be made secure when top government secrets were secure on the internet, Halderman responded that a big part of keeping government secrets secret was not allowing them to be stored on internet-connected computers. When a DC official asked the panel whether public key infrastructure couldn't allow secure internet voting, a panel member pointed out that the inventor of public key cryptography, MIT professor Ronald Rivest, was a signatory to the letter that had been sent to DC, urging officials there not to proceed with internet voting. Clips from the testimony are available on YouTube." Update: 10/09 19:24 GMT by T : Reader Cwix points out two newspaper stories noting these hearings: one in the Washington Post, the other at the Chicago Tribune. Thanks!
Re:Facts don't matter (Score:5, Interesting)
What I've never understood;
Many of the companies famous for building voting machines also built their reputations building ATMs and such.
ATMs are, to the best of my knowledge, tremendously secure, even when you have physical access to the machine. Basically, when people money is on the line, they do not fuck around at all.
Why then are they making voting machines less secure than ATMs? The expertise clearly exists to do it properly, the only explanation I can see is intentional sabotage of the voting process.
Color Me Paranoid (Score:3, Interesting)
It seems like the entire ordeal was designed to fail.
These were all fairly common attack vectors and not nearly as lavish as the PS3 stack smash. (Seriously, who thinks of that attack vector). Even basic precautions and awareness of current threat models would have enabled them to harden their system from these things. To add insult to injury the left over data on the host and default passwords to expose it.
I wholly agree that internet voting is fucking scary, but it seems like this test setup was created just to make the idea shine.
Re:Facts don't matter (Score:4, Interesting)
IMO, things that work in the ATM's favour:
1. There's strict accounting of whose account is being accessed.
2. If you're going to hack an ATM, you have to have physical access to it.
3. If you manage to steal money from an ATM, it'll be obvious. They just have to compare the amount of money there was inside with how much there should have been.
This doesn't hold with voting machines. The voter doesn't have an account, so detecting something was manipulated is much harder. Also, the money is at the physical ATM. If you're hacking it remotely, then you're not where the money is, and if you're hacking it in person then you can be quite certain you were filmed by a camera. Also there's a lot of money in it, so the bank has a lot of incentives to try to catch you if you manage to steal some.
Re:Color Me Paranoid (Score:3, Interesting)
Sufficiently advanced incompetence is indistinguishable from malice.
And really, why does it matter which one it was? In either case these people shouldn't be in the positions they are.
Re:Votes simply don't matter... (Score:4, Interesting)
1) The vast majority of the public is too stupid to make any kind of sound decision about many issues
the people do not deserve to be told they are stupid. according to who? according to someone who is angry that the "smartest" agenda is not being implemented? on what basis is your agenda better and smarter? in china, they think as you do: the average man is too dumb to determine his own destiny. in other words, your thinking is the essence of anti-democratic fascism: "the common man can not think for himself, i must think for him". this is how every despot, dictator, and authoritarian system thinks: like you
2) Most candidates can only get anywhere by money
yes, and this is why we need to improve democracy, not make it even more flawed with internet voting
3) You can never get rid of or mitigate the influence of money on politics since corporations are what makes the world go round.
money is an influence. its not ALL the influence. unless you are a hopelessly negative cynic. in which case, butt out: us who are trying to make a positive difference don't need to be told our fight for what is good is hopeless. we know it isn't hopeless, and we also know you believe that out of a personality defect you have, rather than any better knowledge of reality. what you have is called "learned helplessness". it is a psychological flaw that defines a downward trajectory to YOUR life, not my life, and not our reality
4) Until their is something of a mass movement/revolt so that the power of corporations are reigned in, voting is irrelevant.
so you want a bloody revolution. after which, who knows who will be in power (no one controls a revolution). it could (it will) be a lot worse than the system we have now
how about we use the issue you and i care about: get money out of our government, to vote for **gasp** candidates who want money out of government? what an amazing fucking concept. as opposed to your mindless cynicism that believes in things WORSE than what we currently have
There's an even bigger problem: selling votes (Score:5, Interesting)
There's an even bigger problem: selling votes.
If I'm allowed to vote at home criminals can use threats and/or bribes to convince me to vote in their presence so they can be sure that I voted exactly how they wanted.
That's why vote must always be strictly secret and voters must always have plausible deniability about their choices. E.g. in most modern democracies voters are prohibited from taking photos inside the voting booth for exactly this reason: so anyone else cannot be sure of their votes, and threats and bribes to influence elections become much less effective.
That's the biggest problem you can think of...? (Score:3, Interesting)
What about all those "botnets" you see in the news?
Strength of cryptographic algorithms, etc., is completely irrelevant when people vote by visiting a web page using their home PC.