Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Fail To Crack Brazilian Voting Machines

Posted by kdawson on from the voting-envy dept.

blueser writes "From Nov 10th to Nov 13th the Brazilian Government hosted a public hacking contest to test the robustness of its voting machines. 38 participants from private and public IT companies (including the Brazilian Federal Police) were divided into 9 teams, which tried several different approaches to try to tamper with the software installed on the machines, and even to physically interfere in other stages of the process. All attempts (aside from a minor one which would not compromise the overall results) failed, and observations from the participants and neutral observers will be taken into account to improve the process even further. Here is the official announcement for the contest (Google translation; Portuguese original). A summary of the results is available in the Brazilian press (original). Brazilian voting machines use Linux." US voting officials ought to be envious of their Brazilian counterparts, or ashamed, or both. Perhaps this MIT-developed cryptographic voting system offers a way forward.

2 of 143 comments (clear)

  1. for what it is worth... by Sir_Lewk · · Score: 4, Interesting

    Cracking contests are warning sign number 9 on Bruce Schneier's list of security snake oil warnings.

    Warning Sign #9: Cracking contests.

    I wrote about this at length last December: . For now, suffice it to say that cracking contests are no guarantee of security, and often mean that the designers don't understand what it means to show that a product is secure.

    --
    "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
  2. Paper vote inspection is sampled by mangu · · Score: 3, Interesting

    You can simply look at all the steps in the design and see that you can observe what's going on.

    How can you, personally, be sure that every vote in every ballot in the country was counted correctly? Paper votes are sensitive to "economic power" frauds. The party which can put more inspectors in the process is the one which controls the counting.

    In Brazil there was a big affair in the 1982 Rio de Janeiro state governor elections, when the leftist candidate Brizola denounced an attempt to subvert the vote counting, in what became known as the "Proconsult scandal". According to Brizola's party, this fraud attempt was performed with the collusion of the right-wing media organizations, which presented fake exit polls indicating a victory for the rightist candidate.

    In any major election there are many people working together and one must inevitably trust a lot of people involved in the counting. No ordinary citizen has the resources to monitor an election by himself, the support of the party is needed.

    In these days, any political party should have lots of people who know and understand computing technology. It's much easier and cheaper to let a trusted team of computer experts do a thorough audit on the software than to get a large team of scrutineers to watch every little detail where a paper ballot can be defrauded.