Slashdot Mirror
Hackers Invited To Crack Internet Voting
InternetVoting writes "The Philippine government and the International Foundation for Electoral System will be soliciting hackers to test the security of of their Internet voting system that will be tested in an upcoming pilot program." From the article,"Local and foreign computer hackers will be tapped to try and break into an Internet-based voting system that will be pilot tested by the country's Commission on Elections (Comelec) starting July 10."
they got a formal invitation this time?
I'm sure all the REAL hackers will RSVP.
0wn th31r machines and figure out how to make sure the Boss isn't in the room telling the v0t3r how t0 v0t3!!!
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
1. Find bug
2. Don't report it
3. ????
4. Profit!
Of course any hacker with intentions of being a naughty boy is not going to show up and (a) make himself known or (b) reveal the holes.
Engineering is the art of compromise.
Yep, Already done.
Next subject please...
This sound like a good idea in theory, but slightly fatal for the goverment. What happens when the "hax0rs!!!" don't play nice and report bugs?
Posted by samzenpus on Wednesday April 18, @10:43PM
"The Philippine government and the International Foundation for Electoral System will be soliciting hackers to test the security of of their Internet voting system that will be tested in an upcoming pilot program."
UPDATE:
Posted by samzenpus on Wednesday April 18, @10:53PM
Internet voting has now been cracked.
"Things are more moderner than before- bigger, and yet smaller- it's computers-- San Dimas High School football RULES!"
Ferdinand Marcos elected for another term as President with 3,000,000,000 votes. Runner up, D4v1d 3. P3t3rs0n had only 2,000,000,000 votes. Second runner up, Nikolay Sokratov from St. Petersberg had 1,5000,000,000 votes and the remaining 10,000,000,000 votes were split among 1,000,000,000 minor party candidates.
they'll still keep murdering anyone who makes a stand for human rights
Mongrel News all the news that fits and froths
Although this seems like a good idea to check for security holes, one has to wonder if there were a more devious plan behind it or as an added bonus. Couldn't this conceivably be a way to trap people trying to break in under some sort of international law?
I looked through a lot of quotes about life and they are all bullocks.
for handing out wads of cash to the poor to get them to vote a certain way come elections
200 peso notes famously become scarce before elections
no need to hack the system to alter the vote, just keep buying the votes
the philippines is a beautiful land, with beautiful people... and a corrupt political establishment, it's a sad commentary on corruption the philippines, the vote buying
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I can assure you that when this story hits the mainstream media they are going to try and turn this into something it's not. I certainly hope the daytime talking heads will manage to find a decent "expert" for the show who can explain what a good thing this really is.
There is no replacement for displacement.
Almost certainly, they are recording ALL the packets that travel across the line as well as checking the state of the system. And if not, then they deserve what will happen. And if it is on a OSS platform, then they will be able to modify the kernel so that it gives more info during the cracking attempt.
I prefer the "u" in honour as it seems to be missing these days.
...make sure to add n+1 votes for CowboyNeal!
Hahaha.. this is hilarious as if it got a 1.
Let's just hope it's more secure than Mr. Linderman's voting system!
Seriously, nothing to see here, move along...
On a related topic = I can't believe our Comelec is advertising this thing, a few months ago they don't even have a feasible electronic voting solution. I remember that they got a "Diebold" like deal for use in the last national elections but we know that the expensive machines had been now rotting in warehouses (and never had seen the light of the day, that makes Diebold more succesful). There are even local programmers/firms who are willing to "donate" their services just to make the election electronic but I guess that did not work out.
And I still don't have that promised "Electronic Voter's ID" when I registered at 18 (I'm in my 20's now). Now, how could they validate if I am the one who had casted my vote.. Hmmm...
As I said, nothing to see here.. move along.. I'm going to make some coffee...
Regards,
the problem is the internal hackers, like the diebold tech who has testified before congress that he was told by the VP to override the machine's security and install "unauthorized patches" without alerting the polling officials.
i dont know many people outside the phillipines who get up every morning saying "i really have a stake in rigging the phillipine election this year".
VLC FOR MAC IS DYING! IF YOU DEVELOP, PLEASE SAVE IT!!
In America we call buying votes tax breaks
"Ok, boys you know what to do. Explore the weaknesses look around and give a thumbs up. Come election time we go for gold"
In an unrelated story, George W. Bush has received over 50,000 votes in the upcoming 2008 presidential election.
But someone I did some consulting for years ago had a PC security product that they claimed was unhackable. It was some disk arrangement where the OS could write to the disk, and those sectors would be saved in a scratch table so that when you rebooted the machine it reverted to its original state.
They took it to one of the big conventions and had a briefcase with $10k in it for the first person that could make a permanant change to the disk without opening the case. Guys showed up with their own latex gloves so they wouldn't leave prints and one managed to come up with the proprietory vendor unique command set for the particular drive model that was in the system.
I don't think that was really the sort of adversary that they expected would show.
This is black box testing with dubious motivation for the attackers.
The right way to do this is to publish everything and pay people like Adi Shamir and Ross Anderson for blocks (big blocks) of consulting time. Even that's futile without the will and the budget to fix problems -=>WHEN<=- the security people find them.
What they're doing is a good way to get headlines and to impress the impressionable. It's not a good way to make sure a system is secure.
"When Scytl presented the system, everybody was impressed on the security features. It is covered by international patent and it has been declared secured by no less than Switzerland and everyone in the global community should respect that decision," Tuason told reporters in a conference Tuesday.
Switzerland is now the global arbiter of the well defined "secured" and the global community should accept that? Huh? This quote is either a really bad translation or high comedy.
The system sitting in front of it (probably with a hub or via a broadcast) can record the traffic and then replay it at a later time. In fact, they can (and probably will) replay the data against the system as it comes from 1 connection at a time. This way they can see who is doing what. As to a /.ing, assume that it happens. Then it means that they have a LOT of work to do.
I prefer the "u" in honour as it seems to be missing these days.
If they want it to be hack-proof, just get Diebold to design it.
So how do you make sure that they tell you of a hack they do find? What is to prevent them from failing to disclose said hack and sell it for a tidy sum to China?
A Good Troll is better than a Bad Human.
I understand that any electronic voting machine, if hacked, can completely invalidate an election. Therefore the only way to make a voting system credible is to encourage the public to develop, and crack it.
I personally think the OSTG, FSF, or some other open source advocacy group needs to start an open source, high profile, project to create an "uncrackable" solution for electronic voting. I know uncrackable is unobtainable, but there is a level where physical access to internal components is required to crack the system; and a system can be made with intrusion detection and prevention in place that when combined with proper physical security practices, a successful crack can only be done via significant corruption or some amazing social engineering.
I believe that ONLY the open source community could successfully develop such a voting system. Not because of the technical expertise, but because any proprietary alternative will be suspect in the eyes of the voter.
Sometimes the best solution is to stop wasting time looking for an easy solution.
How much is the reward for cracking it? Or is there none?
:D
Either way, if it's less than what someone running for president can give you, then creating problems for themselves
Topic Sold Separately - A blog about everything, anything, and sometimes not
This is a step in the evolution of the wiki government. Once we have a reliable network infrastructure, we can move on to governing ourselves for a change. (Though I am sure that's not what the Philippine government is thinking.)
Because they're living there ?
Democracy is valued in some countries you know...
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
1. Go to relatives house
2. Hold gun to their head and insist that they vote for who you tell them to
3. Watch them cast the vote
4. Tell them that you will kill them and their pet rabbit if they tell anyone
5. Win the election
Sadly, that is a problem that will always exist if people aren't voting in a private cubicle in a public place.
After the recent postal voting in the UK, it was found that many heads of families coerced the rest of the family into voting a certain way. That just can't happen in a private cubicle where you can always lie to dad later, but vote for who you want to now.
Look at e-mail Received From path for network structure, make social engineering phone calls, convince a hot chick to sleep with their system administrator for passwords...
All your elections are belong to us !
Don't you know it is now both immoral and criminal to think beyond the next quarterly report?
Unless of course the e-voting procedure requires a signoff from a trusted third party who assures that the voter isn't showing their vote to their boss /person who paid them/ abusive spouse, yada, yada, yada, you get the point.
Well, someone else might find it, then you wouldn't get the money from China, and you wouldn't get the credit. Besides, the invitation makes no difference if you really want to sell the hack.
How things work outside the United States:
How things work in the United States:
as people vote in their own self-interest.
Whether that self-interest is 200 Pesos thrust into their hand as they walk into the booth, or 200 Pesos less tax paid due to new tax system voted in doesn't make much difference.
Actually the more I think about it - In the Phillippines the cash seems to be given to you by the politician if you promise to vote for them. In the 'democratic West',we get nothing for our vote apart from the promise from the politician. Personally I'd prefer to see the cash in my hand, rather than a promise.
The saddest poem
Wait, wasn't that on an episode of Numb3rs? Are you getting reality and TV confused? Or am I...? -ponder-
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
The real problem of Internet Voting isn't that you can hack the system. Even if you have an unhackable system, Internet Voting is still a bad idea.
In a voting booth, you can put your vote wherever you want, even if someone bribed or threatened you or your family to make you vote his way. You can put your mark somewhere else, nobody will know.
At home, your vote can be checked before it's sent.
Assorted stuff I do sometimes: Lemuria.org
It seems that with things like this, they usually fall because the programmers are either incompetent or lazy, and do not write code that is secure by design. Because of that they are scared stiff that someone will get a peek at the source code and find their sloppy hacks, identify careless assumptions, or discover that the outwardly formidable security is based on a model with a difficult to fix design flaw.
So they should publish the source code to the machines. There's nothing like a good public mugging to quickly uncover any stupid code. As is well known, any security code that cannot withstand public review is worthless. Anyone that says their code has to remain private to remain secure is admitting their code is NOT secure, and that it's merely a matter of time before it's compromised.
Hello Diebold, are you LISTENING? idiots.
I work for the Department of Redundancy Department.
Thats a lot of trust though. You're relying on everyone being of the same mind...
Say I'm a l33t hacker (which I'm not) and I find myself around this system and exploit its weaknesses. Cool, what does this make me? Well, a very helpfull beta tester which posses skills people might want to keep an eye on. But in the end I'd still be John Doe who managed to win the price and find the bug(s).
OR... I wait for the system to go live, then start digging around and falsify data in such a way where its obvious that something is stinking big time. Then all I have to do is leave my mark of some sorts and watch the cardhouse tumbleing down. Sometimes even taking whole (local) goverments with it. Ofcourse not always that extreme, but when it comes to election fraud you can be sure that reputations will be bruised or scarred, credibility will be on the line and if things do get out of control the whole thing can tumble down like the cardhouse mentioned earlier.
Gee, what option would I pick if I were in it for the fame and glory? Hard choice indeed... NOT!
Wrong question, a straw man. The problem isn't outside hackers playing with the system, but political insiders who have full access to the machines and code inperceptibly changing elections and the voting logs. A hacker may not be able to change an election, but a fully vested operative in the voting machine company can. Want a real test? Give the testers full access to the machines from soup to nuts. All code, accumulators, logs, access to the paper trail printouts, the works. NOW can they change the election?
Yes. Always, untraceably, if you can manipulate the traces.
This test they are running is worthless. They are playing to the myth of the superhacker, master of all crimes. The problem with evoting is that the evoting system programmers own the democracy, and you cannot test for that.
These evoting systems are the answer to the question: how do we fix elections without anyone noticing, or even understanding the system so that they notice that we can? The paper systems are foolproof, if done correctly, as in Canada. Those systems aren't broken. So we are fixing an uncrackable system for one that is cracked by design.
People. Someone is really determined to own democracy. Follow the money.
Just imagine a bunch of [instert your favourite radical political group here] visiting you at home, verifying that you vote "correctly"? Or your wife threats you to vote "correctly"?
Senator Clelland, Georgia. War vet, hero amputee. Ahead in polls by large number days before election in race with draft dodger who impugns Clelland's patriotism. Weasel somehow wins by small margin.
That is a rigged election. I'm not a scientist, so I can state the obvious. Someone flipped the switch. And there are so many others, with margins so slim that recounts are not automatic and therefore expensive. And the few recounts that have occured have Diebold techs cherrypicking districts to recount that match expectations rather than the suspicious districts. Diebold has the fix in. What else can be said? We've no logs, and they fought like scientologists to make sure paper trails didn't exist. Their intractibility in suing or pounding official who want paper trails is a slam dunk -- they are rigging elections, otherwise they wouldn't care. Use your heads. They don't want paper trails. WHY. BECAUSE. They are cheating.
There have been numerous elections using voting machines that have given government-collapsing results, like that vote last election in some district in Texas that popped up with 100,000 more votes than they had registered voters. Even the Republicans in the district went bonkers.
But, no one understood the problem in reporterland, and sure as hell citizens haven't cared. The big collapses have occurred -- and NO ONE CARED.
No one cared about the US role in Iraq at the beginning. If you were cynical or *gasp* even critical about the mission you weren't a real American, or so people said. And look whats happening now? The clock is ticking...
I think you're overestimating the government's desire to catch international criminals. Everyone's election systems are warty - internet voting is not going to be particularly wartier. But it hasn't really been done before. This is a way to publicize it, and it stands a decent chance of not having any show-stopping holes showing up. But even if it did, guess who comes off as progressive? This is publicity. Occam's Razor suggests it's not much more than that, and trying to read in Machiavellian intent is only serving their basic purpose, and making all those now-backward nations look worse by comparison. After all, why hasn't the U.S. with it's wealth and it's democracy done this yet?
[Ego]out
here in the us, u get with ur promise to vote major road, bridge fixes even free parks with clean toilets, some areas even offer free bus rides. in the philippines, for that 200 pesos u get an almost double price hike on every basic commodity - rice, cooking oil, eggs, bath soap, laundry detergent, electric and water bills... - in a matter of months.
not that people are oblivious about their predicament but to some, that 200 pesos means a meal for the kids or an empty stomach, a tylenol or a high fever, in some cases even life or death.
at least other governments are taking initiatives to try and make better electronic voting systems. This one seems to like the minibar key access control protocol :D
Relocating to San Francisco / Palo Alto... Hire me?
I wish every country would allow open inspections like this.
Hacker here is just a buzz word, but basically it's an open invitation for all security experts and amatures to
inspect and search for hole and problems before commiting to a potentially flawed system.
This is trully the only way to ensure a secure system and also provide a level of confidence to the public that will need to trust it.
In the USA our systems are terrably flawed and there has been much evidence that they deliberately cover up security hold problems and evidence of outright election fraud.
www.mailclad.com
John
I am always doing that which I can not do, in order that I may learn how to do it. - Pablo Picasso
as people vote in their own self-interest.
LOL! That's the funniest thing I've read all day.
It's a great idea, and it would definitely gain more voters who hate fighting the irate crowds... and avoiding bombs. It would be nice if the US actually had an OS that was secure enough to support something like this. Unfortunately, they can't even keep their own computer voting booths secure, let alone one on the internet.
"Please, shut up. Just when I think you can't say anything more stupid, you speak again." -Archie Bunker.
Make sure that the software they use to commit election fraud is safe from hackers?
Election fraud is as likely, if not more, to come from the government (or parts thereof) organizing the elections as it is to come from outsiders. And insiders don't need to crack the electronic voting servers, they have direct access to them.
This is why electronic voting cannot be trusted. There is no way for the voter to verify the software being run on election day.