Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Invited To Crack Internet Voting

Posted by samzenpus on from the I-wonder-what-will-happen dept.

InternetVoting writes "The Philippine government and the International Foundation for Electoral System will be soliciting hackers to test the security of of their Internet voting system that will be tested in an upcoming pilot program." From the article,"Local and foreign computer hackers will be tapped to try and break into an Internet-based voting system that will be pilot tested by the country's Commission on Elections (Comelec) starting July 10."

15 of 119 comments (clear)

  1. So... by Anonymous Coward · · Score: 3, Insightful

    they got a formal invitation this time?

    I'm sure all the REAL hackers will RSVP.

  2. What a dumb idea by EmbeddedJanitor · · Score: 2, Insightful
    What they want is to be able to say:"We got the best hackers on the job and nobody could hack it".

    Of course any hacker with intentions of being a naughty boy is not going to show up and (a) make himself known or (b) reveal the holes.

    --
    Engineering is the art of compromise.
    1. Re:What a dumb idea by TodMinuit · · Score: 3, Insightful

      Of course any hacker with intentions of being a naughty boy is not going to show up and (a) make himself known or (b) reveal the holes.

      But freelance security professionals and security companies looking to make a name for themselves will.

      --
      I wonder if I use bold in my signature, people will notice my posts.
  3. Think they have not thought about that? by WindBourne · · Score: 5, Insightful

    Almost certainly, they are recording ALL the packets that travel across the line as well as checking the state of the system. And if not, then they deserve what will happen. And if it is on a OSS platform, then they will be able to modify the kernel so that it gives more info during the cracking attempt.

    --
    I prefer the "u" in honour as it seems to be missing these days.
  4. Re:What if by quanticle · · Score: 4, Insightful

    Two words: honeypot system.

    The way I would do something like this is to put the voting system inside a fully monitored and logged virtual machine. Then I would open it up to hackers, knowing that all changes to the system state will be logged and can be scanned for malicious actions.

    --
    We all know what to do, but we don't know how to get re-elected once we have done it
  5. I live in the Philippines... by RuBLed · · Score: 2, Insightful

    Seriously, nothing to see here, move along...

    On a related topic = I can't believe our Comelec is advertising this thing, a few months ago they don't even have a feasible electronic voting solution. I remember that they got a "Diebold" like deal for use in the last national elections but we know that the expensive machines had been now rotting in warehouses (and never had seen the light of the day, that makes Diebold more succesful). There are even local programmers/firms who are willing to "donate" their services just to make the election electronic but I guess that did not work out.

    And I still don't have that promised "Electronic Voter's ID" when I registered at 18 (I'm in my 20's now). Now, how could they validate if I am the one who had casted my vote.. Hmmm...

    As I said, nothing to see here.. move along.. I'm going to make some coffee...

    Regards,

  6. Re:What if by mackyrae · · Score: 3, Insightful

    I think they're trusting that more than one person will notice it. With OSS, we know that it's possible someone will find a security bug and not report it because that would benefit them. We also figure that there's a high enough probability of someone else noticing too that the first person's secrecy will be nullified anyway. With the people who pay for each issue you find, the hacker has a better shot at cash through trying to report it first than through hoping nobody else does.

    --
    look! it's a bird, it's a plane, it's....a girl? yes, a girl browsing Slashdot on Linux
  7. Re:So...failure to disclose vulnerability? by buswolley · · Score: 2, Insightful

    So how do you make sure that they tell you of a hack they do find? What is to prevent them from failing to disclose said hack and sell it for a tidy sum to China?

    --

    A Good Troll is better than a Bad Human.

  8. Re:What if by fred911 · · Score: 1, Insightful

    "That could possibly give them the power to take over a country, or receive some big payments from a political party who would really like to win"

    Sounds like a diebold system to me.

    --
    09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
  9. Re:So...failure to disclose vulnerability? by Yvanhoe · · Score: 3, Insightful

    Because they're living there ?
    Democracy is valued in some countries you know...

    --
    The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
  10. 100% foolproof guaranteed exploit by Builder · · Score: 3, Insightful

    1. Go to relatives house
    2. Hold gun to their head and insist that they vote for who you tell them to
    3. Watch them cast the vote
    4. Tell them that you will kill them and their pet rabbit if they tell anyone
    5. Win the election

    Sadly, that is a problem that will always exist if people aren't voting in a private cubicle in a public place.

    After the recent postal voting in the UK, it was found that many heads of families coerced the rest of the family into voting a certain way. That just can't happen in a private cubicle where you can always lie to dad later, but vote for who you want to now.

  11. Procedural comparison by Random+BedHead+Ed · · Score: 4, Insightful

    How things work outside the United States:

    • Government announces plan to implement a voting system.
    • Government devises detailed plan for a system, working with experts in field.
    • Government runs pre-launch plan for rigorous testing of system reliability. Experts invited to oversee tests.
    • System implemented, possibly with modifications based upon lessons learned in testing.

    How things work in the United States:

    • Government announces plan to implement a voting system.
    • Industry lobbyists head to Washington. Meet with lawmakers, attempting to steer business toward their sponsors.
    • Dinners held, bribes exchanged.
    • Select lawmakers refuse to give in to lobbyists, are denied funding for upcoming campaigns, lose next election. Most capitulate, are re-elected.
    • Revised bill reintroduced. Spending increased by a factor of 10.
    • Experts review bill, criticize flaws, are ignored. Who needs 'em?
    • Bill to implement system passes. Includes provision allowing NSA to nuke a US city without prior oversight if it finds suspicious activity in said city. Pre-absolves president of guilt for said annihilation. Also includes subsidy of corn processing industry in midwest, tax breaks for plastics industry executives. Last-minute rider added to provide additional funding for superhighway from Mexico to Kansas (now standard in all bills), and provide funding for evangelical law school that advocates a new wars to prevent the coming of the Antichrist.
    • President signs bill in televised ceremony. Pen used to sign bill is framed.
    • System implemented with no modifications. Massive failures nationwide.
    • Experts point out that they predicted failures, are ignored again. Who needs 'em? Industry spokespersons call experts 'communists trying to undermine the free market,' deny there are any problems. Evening news ignores story, focuses on a recent celebrity divorce.
    • Lawmakers vow to raise new spending bill to correct problems. Lobbyists return to Washington ...
  12. Reverse engineering corruption by gr8dude · · Score: 2, Insightful

    the philippines is a beautiful land, with beautiful people... and a corrupt political establishment, it's a sad commentary on corruption the philippines, the vote buying
    In the context of corruption, perhaps this will be handy, Reverse engineering corruption. The essay has quite a few hidden references to Slashdot subculture.
    --
    The saddest poem
  13. WRONG. Q: Can it be manipulated by insiders? by Catbeller · · Score: 2, Insightful

    Wrong question, a straw man. The problem isn't outside hackers playing with the system, but political insiders who have full access to the machines and code inperceptibly changing elections and the voting logs. A hacker may not be able to change an election, but a fully vested operative in the voting machine company can. Want a real test? Give the testers full access to the machines from soup to nuts. All code, accumulators, logs, access to the paper trail printouts, the works. NOW can they change the election?

    Yes. Always, untraceably, if you can manipulate the traces.

    This test they are running is worthless. They are playing to the myth of the superhacker, master of all crimes. The problem with evoting is that the evoting system programmers own the democracy, and you cannot test for that.

    These evoting systems are the answer to the question: how do we fix elections without anyone noticing, or even understanding the system so that they notice that we can? The paper systems are foolproof, if done correctly, as in Canada. Those systems aren't broken. So we are fixing an uncrackable system for one that is cracked by design.

    People. Someone is really determined to own democracy. Follow the money.

  14. Re:Hey mods, supress your knee-jerk reaction by skarphace · · Score: 3, Insightful

    I would like to know what's so seriously wrong with Paper ballots counted by people that we want to abandon them? People have
    2000 Florida, USA is one example.

    I would like to know why so many places are trying to move to more expensive, more complex, less secure means of voting when a better method already exists. I'm all for using computers where they have a place, such as things like filing taxes, but I fail to see the need for computers in voting.
    You just answered your own question. It's exactly like taxes. It keeps you from having to go somewhere or mail something out to get (taxes/voting) done. This'll allow people to vote from work, take 5 minutes at breakfast to place their vote before leaving for work. All kinds of good reasons for the voters.

    It doesn't speed up the counting process.
    Oh yes it does. Tabulation takes seconds instead of days/weeks/months. You only have to do a hand count if it's challenged.

    It doesn't make it any cheaper.
    Yes it does. Computers are cheaper then people.

    And it doesn't put any extra security into the system.
    Now this is the #1 argument against electronic/internet voting. This is also the reason I'm still on the fence about the whole thing. There are many benefits but if all it accomplishes is to allow people to rig elections easier, then it's not worth it. Until they start paying more attention to the security aspect, I'm staying on the fence.
    --
    Bullish Machine Tzar