Slashdot Mirror
Hackers Fail To Crack Brazilian Voting Machines
blueser writes "From Nov 10th to Nov 13th the Brazilian Government hosted a public hacking contest to test the robustness of its voting machines. 38 participants from private and public IT companies (including the Brazilian Federal Police) were divided into 9 teams, which tried several different approaches to try to tamper with the software installed on the machines, and even to physically interfere in other stages of the process. All attempts (aside from a minor one which would not compromise the overall results) failed, and observations from the participants and neutral observers will be taken into account to improve the process even further. Here is the official announcement for the contest (Google translation; Portuguese original). A summary of the results is available in the Brazilian press (original). Brazilian voting machines use Linux." US voting officials ought to be envious of their Brazilian counterparts, or ashamed, or both. Perhaps this MIT-developed cryptographic voting system offers a way forward.
These obviously weren't Diebold machines.
Maybe US hackers are better?
Nah, seriously, we should try to hack their machines here, even though I don't think we'll do much better.
Sweet. They fixed it.
Oh, wait... Brazilian...
Of course not! There were a brazilian of 'em!
...if you think the person who actually cracked it would admit it before cashing in.
Failure to find a flaw does not prove absence of a flaw. Even if it did, I still need to trust the people handling the machines that the machines I'm voting on are the ones that were tested, because there is no way for me to verify that in an actual voting situation. A paper ballot vote is completely observable and does not require trust. Electronic voting is unnecessary and undemocratic.
Cracking contests are warning sign number 9 on Bruce Schneier's list of security snake oil warnings.
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
Of course this doesn't really guarantee it's secure (nothing does) but it indicates they're taking security seriously. I am curious if they had full access to machines for a while before the competition, 3 days is a lot of time to try out a bunch of exploits you've worked out, but it's not a lot of time to try to find those exploits if it's the first time you've seen the system.
I stole this Sig
Didnt some of the American ones have hardware that changed? Slightly but differed to the original spec. Then someone finds a buffer overflow etc.. Its a minefield but then again finance companies manage to have secure machines. You just have trusted people using them. As a pc support person I couldnt touch the two pcs that made millions of pounds in transfers it was the external company that supported them.
Also:
If you cant trust one person - have technical representatives at each pollling station from each party.
Or get two diff machines from diff companies and get people to hit two buttons on two machines.
Or have a paper backup.
Or all of the above.
On a long enough timeline. The survival rate for everyone drops to zero. Chuck Palahniuk, Fight Club, 1996
Is this exercise realistic given the need to protect against well hidden back doors, tampering by election officials, and sloppy procedures (like letting a vendor install uncertified patches just before an election)? They tested only a narrow range of dangers.
The right way to do something like this is at design time.
They deserve credit, though, for doing things so much better than the US.
Obviously we should make our voting machines out of Brazilians like they do, it seems to work well.
Rather than focusing on the machine itself it is much more important to make sure that the results are verifiable. Here's my take:
1) Give the voter a randomly chosen voter number.
2) Reveal the vote for each voter number in some puclic channel. (Yes I mean print each and every one's vote in the newspaper)
3) Extend voter's obligations to include reading the newspaper the next day.
4) Have volunteers count the number of people entering each voting station.
If everyone is happy with his own entry in the newspaper and the volunteers are happy with the number of entries, then the election went well.
FYI- Real hackers do not attend public events such as this.
If there was a strong incentive or motive, that might have made a big difference. If all you get from success in cracking is the recognition, that won't bring in all the possible methods. OTOH, if there was a genuine and significant prize, like actually taking leadership of the country, or a billion dollars, you might find the machines can be cracked.
now we need to go OSS in diesel cars
Besides anyone who plans on hacking these machines would definitely not attend an event such as this.
Actually, they ARE Diebold machines! When I turned 18 and voted for the first time I was really surprised to see that the voting machines here in Brazil have Diebold logos... and this was around the time when electronic voting was starting to make noise in the US due to insecure Diebold machines. However, I suspect that the Brazilian machines are actually designed by some national organization and only the manufacturing of all the thousands of machines is outsourced to Diebold.
Weve been voting with these machines for over 10 years, if Im not mistaken, and not a single major flaw has ever surfaced. Some small problems may have occurred without anyone noticing, but weve never had an election result deviate wildly from poll numbers, so it seems trustworthy to the extent that we can detect.
Goes to show that electronic voting machines or even Diebold are not the whole problem, you just need some transparency and supervision of the whole process... DEFINITELY not closed source!
If I were here, I'd have cracked the machine with a hammer
Just because a few people didn't find a flaw in the time the spent there doesn't mean there isn't one. If someone found a hack, someone who actually wanted to exploit it, do you actually think they would divulge that kind of information? I would keep my mouth shut and let them think it was secure. Then it would make it even easier when the time came to mess with election results.
It usually takes more than three days to hack anything which flaws aren't by any means evident. It sure shows the voting machines are quite secure, but does that really show that they are "unhackable"?
I beg to disagree. Apart from things like hanging chads and butterfly ballots, which can be corrected by proper voter instruction, paper ballots are subject from a large number of possible frauds, ranging from relatively unsophisticated methods like ballot stuffing to more advanced methods like ballots numbered with invisible ink.
Besides, as every corrupt politician knows, the best way is not to commit fraud at the ballot itself, but at the counting process. Unless there was only one vote for a candidate at one ballot, no one knows how the other people voted, and who will ensure the counting is done right?
http://br-linux.org/2009/video-e-fotos-do-boot-do-linux-em-uma-urna-eletronica-brasileira/ (scroll down the page a bit)
for now.
I still have serious concerns about the current voting system. Heck, last time I heard, the version which had its source inspected by the Supreme Court wasn't necessarily the final version. If they don't really know what's in there, who does? How hard would it be to bribe someone in the company. And, worse than technological flaws, are always the human flaws. Cases of people who work at the polling stations (they do unpaid compulsory work) voting for people who didn't vote are not unheard of. Besides, the statistical samples taken to avoid frauds are VERY, VERY weak.
"I decided I could write something better than everything out there in two weeks. And I was right." - Linus Torvalds
According to the newspapers, the successful attempt was on the carrying bag for the media (which I assume carries the data required). It seems lack of physical security still can happen, but the media is supposedly cryptographically signed, so replacing it would be hard in any case.
How can you, personally, be sure that every vote in every ballot in the country was counted correctly? Paper votes are sensitive to "economic power" frauds. The party which can put more inspectors in the process is the one which controls the counting.
In Brazil there was a big affair in the 1982 Rio de Janeiro state governor elections, when the leftist candidate Brizola denounced an attempt to subvert the vote counting, in what became known as the "Proconsult scandal". According to Brizola's party, this fraud attempt was performed with the collusion of the right-wing media organizations, which presented fake exit polls indicating a victory for the rightist candidate.
In any major election there are many people working together and one must inevitably trust a lot of people involved in the counting. No ordinary citizen has the resources to monitor an election by himself, the support of the party is needed.
In these days, any political party should have lots of people who know and understand computing technology. It's much easier and cheaper to let a trusted team of computer experts do a thorough audit on the software than to get a large team of scrutineers to watch every little detail where a paper ballot can be defrauded.
It's funny that they'd crow about the fact that "hackers" couldn't break their security in three days. Hacking a voting machine isn't a timed athletic contest. It might take 4 days, or a week, or a year, but once it happens, the damage from a hacked election could be catastrophic for a nation.
The problem with voting machines is that somebody has to make them, usually a private company. Private companies are after profit. Profit + elections can be a disastrous combination. The effects of private money have turned the US political system into a bad joke.
The way to secure and fair elections is not through any proprietary technology, that's for sure.
You are welcome on my lawn.
I wonder, with all the universities around, and those news about a 'formally proven' OS kernel, if a team of researchers couldn't attempt to formally prove a modular voting software system (maybe using the OS kernel that's already proven)?
Sure, it may be troublesome, but with government funding, it's a work that can be done, and independently verified by anyone that knows how to read such proofs.
the software is actually is closed source software according to wikipedia.
Before you do the attempt you have to explain what you're planning to do, and the procedures have to stay with the TSE. The real hackers don't get their hands on that voting machine, only the security companys and universities can do the tests.
http://www.michel.eti.br
It's important to note that the prize for the winner is of just R$ 5.000, a little under $ 3.000. This certainly scared most experts away.
On a side note, you guys have just slashdotted our fucking Superior Election Court website. I hope you are happy.
Sure, the 'best crackers' couldn't hack it, see? So its secure, see?
I want to delete my account but Slashdot doesn't allow it.
Electronic balloting machines should be used only where necessary, for people who physically need help.
And they should simply print a bubble sheet like the ballots everyone else uses.
A ballot recorded only electronically is too hard to observe in a meaningful way.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
More accurate: "Successful Brazilian voting machine hackers stay quiet, wait for election day."
Then again, with nothing to gain in a public competition/venue, the real hackers worth their salt are holding back.
It's worth more to them to crack the devices later, offering the ability to somebody who would pay them substantial sum of money to sway an election.
If you want to wear a tin foil hat, you might come to think the whole hacking competition was rigged for the benefit of the government...... Nah...
Either way you look at it, it makes the whole event suspect.
While cracking the machines would prove that they are insecure, failing to crack them proves nothing. It only proves that one group of people at a particular time couldn't crack them.
Hackers Fail To Crack Brazilian Voting Machines
Give them time, a brazilian is a lot of machines!
Ba-doom-boom-tss.
For a system to be adopted in the US, it needs to be closed source, proprietary and subject to the anti-tampering and reverse engineering provisions of the DMCA.
Fraud and covert manipulation are essential "checks and balances" in the American system, ensuring that the interests of minorities like banks, insurance, pharmaceutical and petro-chemical industries are protected from the tyranny of the majority.
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
I've traveled a fair bit and I can tell you that there is a fair range of very distinctive political systems in the world that are all rubber stamped as democracies. Some of these democracies would not look like much of a democracy to us in the West.
It is important to note that the system we have today was conceived hundreds of years ago when philosophers started looking for something better than Absolute Monarchies. Back in the 1500s, everybody assumed that it was a natural thing for a country to have a King and for the monarch to have absolute power. We laugh at them today. Will there be people laughing at us in the future?
I think the biggest advantage of advancing efforts in the area of electronic voting is increased representation. Today, we elect a dude who goes to Washington and we don't hear much from him for the next few years until he comes back to us asking for more votes. We have very little representation as voters. It is even worse in the case of Presidential elections since our system (i.e., USA) does not follow a policy of one-man-one-vote. Therefore, our representation in Washington is minimal. It would be better if we as a population could vote more often and an electronic system could help with that. I don't know what the solution is but I would like to see more popular representation in Washington. I don't think We, the people, would have voted to pay with our hard-earned dollars for a bail-out to every major financial institution in this country. Would we?
PS: After Florida 2000, we in the US can't say crap about any other voting system in the World.
My translation [explanatory comments in brackets]:
Test of the security of the electronic voting system
From Tuesday to Friday this week, 10 to 13 November, the Supreme Electoral Tribunal (TSE) will hold the first public testing of security in electronic voting machines that will be used in the elections of 2010, and of the other provisions of the electronic voting system. During those days, 38 specialists in computer science and network engineering will try try to find vulnerabilities in the [voting computer] programs in a competition conducted within the court. The purpose is to test the software and to receive contributions for the improvement of computerized voting.
The participants who submit the three ideas most relevant to improvement of the system will be awarded 5,000 reais [about 2,873 U.S. dollars], 3,000 [$1,724], and 2,000 [$1,149]. This initiative to expose the electronic ballot box system for public testing is unprecedented in the Electoral Court. The tests were approved unanimously during a TSE administration meeting on 30 June 2009. The public testing of security in the electronic voting system [used in Brazil] will serve to verify possible vulnerabilities in the system, for example, whether it is subject to possible violations or fraud.
Minister Ricardo Lewandowski was appointed by the Court to coordinate the testing. In his opinion, this is an opportunity to demonstrate the security of electronic voting machines, as well as to show "the total transparency with which the Court deals with the subject". The results will be analyzed and disseminated by a committee composed of members outside Electoral Tribunal, called the Evaluation Committee.
-----
My comments: As Brazil has shown over the years, it is possible to make secure voting software. The fact that so many vulnerabilities in U.S. voting software have been easy to demonstrate gives many the impression that the vulnerabilities are there because some group wants to exploit them.
As the article says, the purpose of the test was partly a demonstration of the openness of the Brazilian electronic voting system. There were, of course, other tests for vulnerabilities in the voting software used in Brazil, but they were done privately.
So, the machines' backdoor cannot be used by just about any hacker? Well good to know!
Put in a different way, that's as if you made a contest out of making people try to log through SSH into your machine, to prove that *you* can't log into it.
You just got troll'd!
Absolutely nothing...
Just because the 38 so-called "experts" failed to crack the voting machine does not prove that the machine is secure at all.
All it proves is that those "experts" lacked the skill or knowledge to crack it.
It will funny (and quite ironic) when some 16 year old, with a little too much time on his/her hands, cracks the machine. Only to prove that those 38 experts should probably not be in the security industry in the first place..
I'm Brazilian and this media statement is full os shit, why ? 1st - To try to hack it you had to submit a paper telling EVERYTHING you would try to hack... Any hacker knows that "hacking" isn't easy, and you must adjust your techniques every time, so it is virtually impossible to design a paper telling what you're going to do. Hacking isn't simply mathematics and scheduled procedures... 2nd - They would allow you very limited access to the voting machine in a controlled everinoment and on a limited time. Hacking takes days to understand the code, flaws ans possible ways to exploit it. It can't be done under pressure in a few days. 3rd - No REAL hacker would show his personal information and submit it to the goverment. Why ? It's very clear that everyone who enlisted was added to a federal police database of "possible suspects" and only the winner (almost impossible to archive, due the circunstances) would gain anything. So the chance of winning was very low, and being exposed wasn't worth the try. If they want a REAL test, they must: 1 - Allow anyone read the full source-code 2 - Put some of those voting machines on the internet with full-access. (login and passwords) 3 - Let us try anything without pressure. 4 - Offer a REAL prize, like US$100.000. 5 - Get a chance to try to hack it without being exposed in the first-hand. Of course whoever wins must reveal his identity, but only the winner (and everything that would come from that) would be known. That said, it was just a media statement... I can BET there are a lot of flaws in the system...
Remind me again why we need a government to steel from us and hit us?
I do most things in my life without a government and know that I could vote better with my money in a free market.
Check out Stefan Molyneux's work to truly understand freedom. http://fdrurl.com/PA
But if we do really feel like we need a gov why don't the machines print out a receipt and then we put receipt in a ballot. that way we can have real time results and then still get a paper count in the days' weeks after to confirm the electronic ballot.
someone must have to administer the machines with some kind of administrator privileges. Did these tests include whether corrupt election officials could effect the result? Most likely the only way to prevent that would be to have some sort of printed reciept... oh wait that's just paper ballots all over again.
First, is not the Brazilian goverment but the Tribunal Superior Eleitoral (supreme election jury or something like this in English).
And all the test is a ugly lie.
The... "hackers" are public workers, not really hackers. And they are forbidden to use really "hacker" methods like disassemblers, sniffers and etcetera, only the "approved" methods. Is like you ask to a thief to try to bypass your security system, but allows then to use only a paper clip. Ridiculous, but the TSE do not care.
Religion: The greatest weapon of mass destruction of all time
"Hackers Decline to Reveal That They Cracked Brazilian Voting Machines"
It's almost as if they had some incentive to keep it to themselves.
In my reading on the subject (I follow the Brazilian interest group run by Amilcar) I find that the most likely actual case of election fraud in recent years involved cloning of the machines by duplicating the card. This was observed in the statewide election of 2006 in Alagoas (a very weird place to be from). You just let voters enter their votes on one machine, then deliver another machine with the same serial number but different votes to the tallying authority. This gambit is helped along by the fact that precinct authorities transport the machines containing the votes to the center in a police car. The police are a major source of corruption of all kinds in Brazil ... and how.
In Alagoas, investigators found duplicate machine cards and other physical equipment partially burned out behind the warehouse of the company to which machine set-up was outsourced for that election. The ownership structure of the outsourcer is pretty interesting, too.