For years, computer security experts have said that casting ballots using the Internet cannot be done securely. Now, after a team from the University of Michigan successfully hacked the Washington D.C. Board of Elections and Ethics (DCBOEE) public test of Internet voting, we have a visceral demonstration of just how serious the threats really are.
Prior to rolling out the Internet voting system this November year, the DCBOEE allowed a 5 day trial period, inviting the public to test the ballot casting system and probe its security. Despite short notice given to the public, Dr. Alex Halderman and a team of students took up the challenge. What they were able to achieve in 36 hours demonstrates how vulnerable Internet voting is to a whole host of attacks, and how serious the security threats really are.
In testimony before the DC Council Hearing of The Committee on Government Operations and The Environment, Dr. Halderman detailed the extent to which his team was able to take complete control of DCBOEE’s Internet voting system:
- In initial probes of the DCBOEE’s network, the Michigan team discovered that a master password had not been changed from the original system default. By simply looking up the default password in the owner’s manual they were able to take control not only of the Internet voting software and the hardware that controls network communications, but access security camera video feeds and watched staff configure the system and enter passwords.
- Using multiple methods of attack, Dr. Halderman’s team used a common hacking technique called shell injection to control the web form used by voters to cast votes. They not only changed the results of all votes cast during the test (big winners were HAL 9000 and Master Control Pro), but they played the University of Michigan fight song after a voter cast their ballot.
- Even more disturbing, the team found that they were not the only ones probing the system. After the Michigan team took control of the system, they noticed attack attempts originating in Iran and China probing the same default passwords they had used. Taking on the role of defender of the DCBOEE network, the team blocked these foreign attacks, changing the network password and adding other security measures.
- Exploring files on the test voting server, the team found a PDF file that contained the actual PIN numbers sent to overseas voters for use in November. These PINs are the ‘secret’ identifiers that voters would have used had the system been deployed. The Michigan team probed the system as white hats, but others with more malicious intent could have easily obtained this document with equal ease and cast false votes for every single voter in the coming election.
In his testimony, Dr. Halderman noted that while the individual weaknesses they exploited can be fixed, this and any other Internet voting system will have many other vulnerabilities that will be discovered by others. Flaws and vulnerabilities cannot be avoided because they are part of the structure of the Internet.
In response to the demonstrated ability of hackers to take control of the DCBOEE system, officials had no option but to cancel deployment of Internet voting in November. But do legislators and election officials fully understand what Dr. Halderman’s team has taught us? We’ve been given a lesson on how easy it is for attackers to penetrate and control not just this system, but any Internet voting system. Now the question is, will States moving forward with Internet voting pay attention and learn?
New York Times – Voting Test Falls Victim to Hackers
Computer World – Security concerns prompt D.C. to suspend Web-based overseas voting
Computer World – D.C. Web voting flaw could have led to compromised ballots