US Electronic Voting System Hijacked In Less Than 48 Hours

A team of researchers from the University of Michigan hacked an American pilot project for online voting and changed all of the ballots in less than 48 hours in February.

Election officials did not detect the intrusion for nearly two business days—and might have remained unaware for far longer if the team hadn’t deliberately left a prominent clue. The findings were presented at the 16th Conference on Financial Cryptography & Data Security, held on Carribean Island of Bonaire this month.

Foundations of democracy

In 2010, Washington, D.C. developed an Internet voting pilot project that was intended to allow overseas absentee voters to cast their ballots using a website. Prior to deploying the system in the general election, the District held a unique public trial: a mock election during which anyone was invited to test the system or attempt to compromise its security.

Within 48 hours of the system going live, the team from the University of Michigan had gained nearly complete control of the election server. They successfully changed every vote and revealed almost every secret ballot.

“We used the stolen public key to replace all of the encrypted ballot files on the server at the time of our intrusion with a forged ballot of our choosing. In addition, we modified the ballot-processing function to append any subsequently voted ballots to a .tar file in the publicly accessible images directory (where we could later retrieve them) and replace the originals with our forged ballot,” reads the report entitled “Attacking the Washington, D.C. Internet Voting System“.

“Recovery from this attack is difficult; there is little hope for protecting future ballots from this level of compromise, since the code that processes the ballots is itself suspect.”

Unsecured network surveillance cameras gave researchers a real-time view into the network operations center. They could observe whether administrators made physical changes to the servers running the voting system and even monitor the frequency of patrols by security guards.

As many as 25 percent of Americans are expected to use paperless electronic voting machines in the upcoming November elections, according to the Verified Voting Foundation, but confidence has been eroded by incidents showing vulnerabilities.

Last September, researchers led by Roger Johnston at the Argonne lab were able to change votes on the a ballot machine using about $25 worth of equipment, by inserting a device to manipulate touch screens by remote control, reports the AFP.

A month later, Microsoft Research released a paper describing a so-called “trash attack” which it said could be “effective against the majority of fully verifiable election systems.” Microsoft also offered a technical fix for this weakness.

How well do you know Internet security? Try our quiz and find out!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

Is the Digital Transformation of Businesses Complete?

Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…

18 hours ago

Craig Wright Faces Contempt Claim Over Bitcoin Lawsuit

Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…

18 hours ago

OpenAI Adds ChatGPT Search Features

OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…

19 hours ago

Google Maps Steers Into Local Information With AI Chat

New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…

20 hours ago

Huawei Sees Sales Surge, But Profits Fall

US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…

20 hours ago

Apple Posts China Sales Decline, Ramping Pressure On AI Strategy

Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…

20 hours ago