Most Read: Local

Posted at 01:59 PM ET, 03/06/2012

D.C. vote-hackers publish their vote-hacking exploits


Halderman’s hackers commandeered elections board security cameras. (J. Alex Halderman - University of Michigan)
Feels like ancient history at this point, but it was only 17 months ago that a group of computer science experts at the University of Michigan brought the city’s brief dalliance with Internet voting to an ignominious halt.

Professor J. Alex Halderman and his grad students managed to infiltrate an online voting test bed set up by the Board of Elections and Ethics weeks before it was to be deployed for the use of overseas absentee voters. The hack, done at the board’s invitation, included Halderman’s team gaining access to cameras monitoring the BOEE server room (seen above), embedding an audio clip of the Michigan fight song into a board Web page and changing the winner in one race to Bender, cartoon robot of “Futurama” fame. It took officials 36 hours to discover anything was amiss.

The Michiganders’ exploits are now immortalized in an academic paper presented last week at the Financial Cryptography and Data Security conference on the Caribbean island of Bonaire.

The authors use the hack to throw cold water on the idea that secure, reliable online voting could ever exist on the Internet as we now know it:

The D.C. BOEE should be commended for running a public test of their system. Their trial was a step in the right direction toward transparency in voting technology and one of the first of its kind. Nonetheless, we reiterate that adversarial testing of Internet voting applications is not necessary to show that they are likely to be weak.
[...]
Our experience with the D.C. pilot system demonstrates one of the key dangers in many Internet voting designs: one small mistake in the configuration or implementation of the central voting servers or their surrounding network infrastructure can easily undermine the legitimacy of the entire election. ... Securing Internet voting in practice will require significant fundamental advances in computer security, and we urge Internet voting proponents to reconsider deployment until and unless major breakthroughs are achieved.

Here’s the paper — which has brought new attention to the hack via Fox News, Gizmodo and other tech-oriented news sources — in full:

By  |  01:59 PM ET, 03/06/2012

 
Read what others are saying
     

    © 2011 The Washington Post Company