Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Software The Internet

Software To Capture Votes in Upcoming National Election is Insecure (vice.com) 91

Hackers could have manipulated the results of the upcoming election in Germany by using "trivial" attacks against a program used to count and transmit voting results, researchers warned on Thursday. From a report: White hat hackers from the Chaos Computer Club (CCC), a well-known hacking organization in Germany, claim to have found a series of serious vulnerabilities in PC-Wahl 10, software used by German authorities to count and transmit voting results. The researchers said their attacks show the software is in a "sad state" and that malicious hackers could have compromised it with "one click." "The amount of vulnerabilities and their severity exceeded our worst expectations," Linus Neumann, one of the researchers who conducted the study, said in a press release. The good news, however, is that the researchers believe it would have been hard for malicious hackers to get away with such attacks during the upcoming German election on September 24 without anyone noticing. "Technically, manipulation would be possible in several ways, but it is unlikely that manipulation would remain undetected," Thorsten Schroder, another researcher involved in the study, wrote in an op-ed for the magazine Der Spiegel.
This discussion has been archived. No new comments can be posted.

Software To Capture Votes in Upcoming National Election is Insecure

Comments Filter:
  • But of Course! (Score:2, Interesting)

    by clonehappy ( 655530 )

    The globalists wouldn't want to have another Trump on their hands in the most powerful nation in Europe!

    The only people who you really have to worry about hacking the vote are based out of Brussels, not Moscow.

    • It has nothing to do with so called "globalists".

      If Merkel's coalition doesn't win, then Justin Trudeau becomes the "Leader of the Free World".

      That is not acceptable to anyone at this time.

      • At least we agree on the group of people who wish to remove the democratic element from the elections in Germany, whether or not we agree on their name.

      • The entire concept that we need a "leader" is the whole problem. Who came up with this idea? As far as I can tell, the Americans came up with it so they could play World Police. The Americans have done an absolutely hideous job being "world leader", starting wars left and right. Millions of poor brown people died. The most recent US president spent his entire time in office at war, and yet was honored as a man of peace by these same globalists.

        Maybe it's time we retired the "world leader" thing. And

    • by mjwx ( 966435 )

      The globalists wouldn't want to have another Trump on their hands in the most powerful nation in Europe!

      The only people who you really have to worry about hacking the vote are based out of Brussels, not Moscow.

      Don't worry about the "Globalists", or whichever conspiracy theory they came from. Trump has ensured that there isn't going to be a Trump in Europe. Far right parties have been doing spectacularly badly in recent European elections, Centre right and centre left are doing well.

      I expect this to be a comfortable win for Merkel. That evil witch who has managed to keep the German economy strong throughout terrible economic conditions. Only the centre-left SPD has the chance to unseat her and they need to pic

  • by jd ( 1658 ) <imipakNO@SPAMyahoo.com> on Thursday September 07, 2017 @12:50PM (#55154327) Homepage Journal

    It is not difficult to build a highly secure e-voting system with highly robust, highly secure reporting.

    This is the minimum standard that should be considered acceptable.

    Ok, so how do you do this?

    1. A system is no better than the platform it is on. So you want a formally verified, tamper-proof platform with no extraneous physical connections.

    2. The software should be designed using formal methods (coloured petri nets will work because there are only a fixed number of well-known arcs under well-known conditions, learning from SEL4 won't kill anyone either).

    3. Votes should be retained in encrypted form, each voter's public key being on their voter registration card in a computer-readable form (but not remotely readable), and stored in multiple locations. This eliminates the possibility of any database admin trying to delete or insert votes, as the hashes won't tally. Blockchain can be used to ensure majority consent on the hashes, thus excluding corrupt institutions.

    4. The server that generates the public/private key pairs should feed the private keys only to official Orange Book A1 servers for counting.

    • Sorry, e-voting will never be secure. It will always be black box mysticism.

      • Claims without proofs are worthless. And spineless.

        I can prove this system has 100% integrity, that nobody gets illegally excluded, that no vote is altered, injected or deleted, that nobody behind the scenes can tamper with results, that the results can be certified after the fact, that it cannot be hacked, that test data cannot be "accidentally" left there, that votes for opponents don't get magically stuffed behind radiators and office furniture.

        In other words, I can prove you wrong.

        • In other words, I can prove you wrong.

          Only if there a paper copy of the vote that I can verify before putting into the box to count the old fashion way. Without it there is no such proof, only speculation. In other words, you can't. Your claim is equally worthless, and spineless. Your only "proof" is attempted insults, water off a duck's back in this case.

          If you could prove what you say, computer malware could not exist, much less run for years without anybody noticing.

          • by jd ( 1658 )

            First, where did I say there wasn't a paper copy?

            Second, if the software is peer-reviewed and proven to be correct, and you can compare your copy of the digital signature with that in any of the observer databases, I'd say there's a bit more than speculation.

            Third, computer malware exists because 99% of all the software out there is written by morons and 99% of what's left is written by enthusiasts who like coding but hate testing or documenting. Name one formally proven A1+ OS that has malware. You're tryi

            • Nice troll! I like it!

              I can very easily prove what I say, because formal methods are something I am very, very good at.

              You should be rich then, and making headlines. Pretty good at blowing your own horn, aren't ya?

    • It may not be difficult but it sure as hell is expensive. Most voting equipment is only used once every several years. The added expense is unnecessary and is only wanted by the media so they can get better ratings on election night. There's nothing wrong with waiting a few hours for results.

      • Waiting for results is good. It prevents election rigging.

        I'm not interested in reducing delays, I want them increased.

        What I absolutely want is to prevent election officials excluding people illegally (a common practice in the Bible Belt where, for twenty pieces of silver, you can have an election murdered) and for said officials to stop stuffing ballot papers for the "wrong people" behind office furniture, claiming innocence.

        I want independent observers to be able to verify that the votes cast equals the

    • 3 & 4 above seem to imply that anyone who gets hold of a voter registration card will be able to vote on the owner's behalf.

      Was this intended? If so, you might want to rethink this proposed standard....

  • by dstyle5 ( 702493 ) on Thursday September 07, 2017 @12:50PM (#55154335)
    Sure it will take longer to count votes with people instead of software, but I'm fine with that. I'd rather it take hours for paper ballots to be counted than have the possibly of government officials or hackers corrupting the voting system. Politicians will bend over backwards to stay in power, giving them an easy way to manipulate votes in their favor makes me uneasy.

    So far here in Alberta all federal and provincial elections I've participated in have used paper-based voting systems and been counted by hand (AFAIK), hopefully it stays this way.
    • I've always wondered. What mechanisms are in place to prevent someone taking high-res photos of their ballot while voting, going home and duplicating large quantities of them, mark the candidates they want to win, and passing them off to co-conspirators who palm them and drop them into the ballot box at the same time they're dropping in their real ballot?

      The allure of paper ballots always seemed to me to be based on fear and ignorance. Supporting an old system not because it's actually superior, but be
      • The allure of the paper system is that everyone understands it, not just he high priests of computer technology.

        Regarding that ballot stuffing scenario: it is an old trick with many variations, but that's why there are observers in voting stations, preferably from multiple parties in the election.

      • by AHuxley ( 892839 )
        Take some random paper vote nation.
        People in some small town or small area from different political parties watch the vote, paperwork and the counting.
        All voters are real citizens and allowed to vote, fully registered and can only vote once. No illegal migrants can vote, no citizen returning to vote many, many times.
        One real citizen, one vote counted on paper.
        They see a final number and that count is sent up the system. That number is passed up to a region. The people who count and observe in a regio
      • by tlhIngan ( 30335 )

        I've always wondered. What mechanisms are in place to prevent someone taking high-res photos of their ballot while voting, going home and duplicating large quantities of them, mark the candidates they want to win, and passing them off to co-conspirators who palm them and drop them into the ballot box at the same time they're dropping in their real ballot?

        Absolutely nothing.

        But, you have to be careful because boxes are often serialized, and how many people put votes in a box is tallied. If the count gets ou

    • by sad_ ( 7868 )

      And manual counting of votes by people is failproof because people can't be corrupted/bribed/...?

  • by Anonymous Coward on Thursday September 07, 2017 @12:51PM (#55154343)

    In Germany, we use paper ballots which are counted manually. The software is only used for transmitting and aggregating results. Every part of the process that is handled by the software is observable by the public and can be verified by the public. If the people who do the counting at the polling places make a note of the result and check that it matches what is published upstream and that the aggregation is done correctly upstream (from public input to public output according to defined, simple algorithms), then any manipulation that a hacker could inject through the flaws in this software is detectable.

    • Do they not have telephones in Germany yet? Why is specialty network software required to read off vote totals?

    • by Nidi62 ( 1525137 )

      In Germany, we use paper ballots which are counted manually. The software is only used for transmitting and aggregating results. Every part of the process that is handled by the software is observable by the public and can be verified by the public. If the people who do the counting at the polling places make a note of the result and check that it matches what is published upstream and that the aggregation is done correctly upstream (from public input to public output according to defined, simple algorithms), then any manipulation that a hacker could inject through the flaws in this software is detectable.

      Arguably it is better for the manipulator that it is detected. Sure, by manipulating the tally secretly you might get your preferred candidate elected but it would still have to be a one of the leading candidates otherwise you rouse suspicion, meaning the damage is limited. If you can invalidate the government in such a public way then you start undermining the trust the population has for the government. Shake the population's confidence in government and you have done real damage.

  • Everyone involved hopes to exploit the system to their own benefit, they're not interested in a fair, honest, open system. That's why ballot stuffing is a thing and why we have secret ballots so people can't be reliably threatened or bribed for their votes.

    Then there's the fact that there is a lot of money on the line, and you can bet lobbying (both honest and dishonest) is going on to keep that money flowing.

    It seems very strange that there's so much wrangling over how to create a ballot until you recogni

    • The UN has established 'best practices'. It's time the first world accepts that those standards are not just for the 'stans' and banana republics.

      Paper ballots, see through ballot boxes (so they aren't half full at the start), tracked chain of custody of the boxes, ID requirements and stained fingers. All interested parties can have a representative in the counting rooms and polling stations. Done.

  • by sdinfoserv ( 1793266 ) on Thursday September 07, 2017 @01:09PM (#55154461)
    Given:
    1) The critical importance of voting in Democratic societies,
    2) The ease at which eVoting devices appear to be compromised,
    3) The effectiveness paper voting as proven over untold millennium
    4) The inherent lack of accountability in current eVoting ,
    No logs, Insecurely stored, No validation, etc

    It begs the question, why even bother with eVoting machines? Just because it’s “new”, “electronic”, can be “web enabled”, seems insufficient to perch the entire construct of Democracy on such weaknesses
    • by AHuxley ( 892839 )
      re "It begs the question, why even bother with ..... machines? "
      Pure profit. Money is flowing for new machines, secure networks, support services, repairs, staff support and further education. Cryptography and "private sector" academic certification.
      All costs that some federal or state gov can be expected to pay in full for again and again.
      Then later updates, upgrades, support for all the different levels of politics in a nation. The cash keeps flowing and the few trusted brands can then sell intern
  • by jeti ( 105266 )
    The voting records are uploaded to a central server using FTP. All clients use the same credentials, which are hidden in the software. Once you extracted the credentials, you can change the records of current and past elections at will.

    The update process is completely unsecured as well. However, the current problems are not a real issue since the software will receive an online updare that fixes the discovered vulnerabilities before the upcoming election.

    • Also not an issue as long as the totals are kept at the counting stations and the numbers are cross checked after.

      Any shenanigans would be easily found with a routine audit.

  • Slashdot is a website read around the world. When posting an article of this type about a "national election", it would make a shitload of sense to add, in the title, the name of the country the election is for.

    • You're obviously bucking for a job as /. editor.

      Didn't even RTFS, qualified! But spelling and grammar are too good, work on it.

      • by SeaFox ( 739806 )

        I read the summary, and am aware of the country is Germany from it -- thank you.

        But, that does little for those of us looking at the titles on our RSS readers. In a normal news source, if the country is not mentioned then readers will assume the location is the home country of the publication, and Slashdot is a U.S. site. I'd argue in the case of an internationally read website it would be more logical to always list the country of origin.

  • It's true but this has been well known in the security industry for years, if not decades..

  • Which voting technology is the most secure is secondary, really, when the whole process is fundamentally flawed by the fact that voters can't be bothered to learn the actual facts or even turn up to vote, and when elections are completely overwhelmed by deliberate misinformation campaigns. As it is, it would be fairer to play dice for the presidency. Simpler too, and it might even engage people more.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...