Slashdot Mirror
Hackers Fail To Crack Brazilian Voting Machines
blueser writes "From Nov 10th to Nov 13th the Brazilian Government hosted a public hacking contest to test the robustness of its voting machines. 38 participants from private and public IT companies (including the Brazilian Federal Police) were divided into 9 teams, which tried several different approaches to try to tamper with the software installed on the machines, and even to physically interfere in other stages of the process. All attempts (aside from a minor one which would not compromise the overall results) failed, and observations from the participants and neutral observers will be taken into account to improve the process even further. Here is the official announcement for the contest (Google translation; Portuguese original). A summary of the results is available in the Brazilian press (original). Brazilian voting machines use Linux." US voting officials ought to be envious of their Brazilian counterparts, or ashamed, or both. Perhaps this MIT-developed cryptographic voting system offers a way forward.
Of course not! There were a brazilian of 'em!
...if you think the person who actually cracked it would admit it before cashing in.
Failure to find a flaw does not prove absence of a flaw. Even if it did, I still need to trust the people handling the machines that the machines I'm voting on are the ones that were tested, because there is no way for me to verify that in an actual voting situation. A paper ballot vote is completely observable and does not require trust. Electronic voting is unnecessary and undemocratic.
Obviously this puts a lot of software produced in the US to shame.
Today it seems like it's all about selling something crappy for money in the US with an EULA where you free yourself of all responsibility.
And when someone points out the flaws the lawyers are called in to hide the fact that there is a gap that can put Grand Canyon to shame.
No wonder that the world has suffered so much malicious software.
Sure - call me a troll, but it's also an observation. Time to market is more important than quality.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Cracking contests are warning sign number 9 on Bruce Schneier's list of security snake oil warnings.
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
Of course this doesn't really guarantee it's secure (nothing does) but it indicates they're taking security seriously. I am curious if they had full access to machines for a while before the competition, 3 days is a lot of time to try out a bunch of exploits you've worked out, but it's not a lot of time to try to find those exploits if it's the first time you've seen the system.
I stole this Sig
Time to market is more important than quality.
Yeah look at Ubuntu. Every 6 months on the dot no matter what the quality.
;)
And uuh...yeah...Look at Vista. Was that 6 or 7 years to market?
Your statement doesn't hold up.
There's no place like
Sure - call me a troll, but it's also an observation. Time to market is more important than quality.
Customers get what they pay for. If they aren't willing to make security a priority and pay more for it, then they won't get it.
Qxe4
Didnt some of the American ones have hardware that changed? Slightly but differed to the original spec. Then someone finds a buffer overflow etc.. Its a minefield but then again finance companies manage to have secure machines. You just have trusted people using them. As a pc support person I couldnt touch the two pcs that made millions of pounds in transfers it was the external company that supported them.
Also:
If you cant trust one person - have technical representatives at each pollling station from each party.
Or get two diff machines from diff companies and get people to hit two buttons on two machines.
Or have a paper backup.
Or all of the above.
On a long enough timeline. The survival rate for everyone drops to zero. Chuck Palahniuk, Fight Club, 1996
The reason for Microsofts constant failure at security and bugs is that they outsource portions of the code still. Win ME was the first time they did that, look what happened. They still dont learn or care about it and outsource code. Look at recent GPL violations for current proof. That and they focus more on crap that has nothing to do with an Operating System.
Is this exercise realistic given the need to protect against well hidden back doors, tampering by election officials, and sloppy procedures (like letting a vendor install uncertified patches just before an election)? They tested only a narrow range of dangers.
The right way to do something like this is at design time.
They deserve credit, though, for doing things so much better than the US.
Some people are allergic to free.
Rather than focusing on the machine itself it is much more important to make sure that the results are verifiable. Here's my take:
1) Give the voter a randomly chosen voter number.
2) Reveal the vote for each voter number in some puclic channel. (Yes I mean print each and every one's vote in the newspaper)
3) Extend voter's obligations to include reading the newspaper the next day.
4) Have volunteers count the number of people entering each voting station.
If everyone is happy with his own entry in the newspaper and the volunteers are happy with the number of entries, then the election went well.
Yeah look at Debian, many years was it between releases?
If you mod me down, I will become more powerful than you can imagine....
Simplicity --> greater security (I'm not saying the contest measured something).
http://en.wikipedia.org/wiki/Elections_in_Brazil#The_Brazilian_voting_machines
The source is available to the parties.
NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
If there was a strong incentive or motive, that might have made a big difference. If all you get from success in cracking is the recognition, that won't bring in all the possible methods. OTOH, if there was a genuine and significant prize, like actually taking leadership of the country, or a billion dollars, you might find the machines can be cracked.
now we need to go OSS in diesel cars
Actually, they ARE Diebold machines! When I turned 18 and voted for the first time I was really surprised to see that the voting machines here in Brazil have Diebold logos... and this was around the time when electronic voting was starting to make noise in the US due to insecure Diebold machines. However, I suspect that the Brazilian machines are actually designed by some national organization and only the manufacturing of all the thousands of machines is outsourced to Diebold.
Weve been voting with these machines for over 10 years, if Im not mistaken, and not a single major flaw has ever surfaced. Some small problems may have occurred without anyone noticing, but weve never had an election result deviate wildly from poll numbers, so it seems trustworthy to the extent that we can detect.
Goes to show that electronic voting machines or even Diebold are not the whole problem, you just need some transparency and supervision of the whole process... DEFINITELY not closed source!
If I were here, I'd have cracked the machine with a hammer
Just because a few people didn't find a flaw in the time the spent there doesn't mean there isn't one. If someone found a hack, someone who actually wanted to exploit it, do you actually think they would divulge that kind of information? I would keep my mouth shut and let them think it was secure. Then it would make it even easier when the time came to mess with election results.
It usually takes more than three days to hack anything which flaws aren't by any means evident. It sure shows the voting machines are quite secure, but does that really show that they are "unhackable"?
brasil isn't latin america, duffus. barsil is brasil. plain and simple.
our democracy is a lot more solid than our neighbor's.
What ? Me, worry ?
I beg to disagree. Apart from things like hanging chads and butterfly ballots, which can be corrected by proper voter instruction, paper ballots are subject from a large number of possible frauds, ranging from relatively unsophisticated methods like ballot stuffing to more advanced methods like ballots numbered with invisible ink.
Besides, as every corrupt politician knows, the best way is not to commit fraud at the ballot itself, but at the counting process. Unless there was only one vote for a candidate at one ballot, no one knows how the other people voted, and who will ensure the counting is done right?
http://br-linux.org/2009/video-e-fotos-do-boot-do-linux-em-uma-urna-eletronica-brasileira/ (scroll down the page a bit)
for now.
According to the newspapers, the successful attempt was on the carrying bag for the media (which I assume carries the data required). It seems lack of physical security still can happen, but the media is supposedly cryptographically signed, so replacing it would be hard in any case.
You've got it all wrong. Vista was just Win7 beta.
You are welcome on my lawn.
Debian is server-centric. (Though also hihgly-usable as workstation too.) Long release/support cycles there is the feature, because stability is the priority.
On other side, I have used for about two+ years Debian Sid as desktop at home. I had only three major breakages in all the time which required me too boot system in single user mode to repair it. And that is unstable branch which is literally "just compiled software". That easily compares to rate of reinstalls I had to do on my Windows workstation, which despite being touted as stable by MS, still breaks very easily and breaks quite often.
All hope abandon ye who enter here.
How can you, personally, be sure that every vote in every ballot in the country was counted correctly? Paper votes are sensitive to "economic power" frauds. The party which can put more inspectors in the process is the one which controls the counting.
In Brazil there was a big affair in the 1982 Rio de Janeiro state governor elections, when the leftist candidate Brizola denounced an attempt to subvert the vote counting, in what became known as the "Proconsult scandal". According to Brizola's party, this fraud attempt was performed with the collusion of the right-wing media organizations, which presented fake exit polls indicating a victory for the rightist candidate.
In any major election there are many people working together and one must inevitably trust a lot of people involved in the counting. No ordinary citizen has the resources to monitor an election by himself, the support of the party is needed.
In these days, any political party should have lots of people who know and understand computing technology. It's much easier and cheaper to let a trusted team of computer experts do a thorough audit on the software than to get a large team of scrutineers to watch every little detail where a paper ballot can be defrauded.
It's funny that they'd crow about the fact that "hackers" couldn't break their security in three days. Hacking a voting machine isn't a timed athletic contest. It might take 4 days, or a week, or a year, but once it happens, the damage from a hacked election could be catastrophic for a nation.
The problem with voting machines is that somebody has to make them, usually a private company. Private companies are after profit. Profit + elections can be a disastrous combination. The effects of private money have turned the US political system into a bad joke.
The way to secure and fair elections is not through any proprietary technology, that's for sure.
You are welcome on my lawn.
I wonder, with all the universities around, and those news about a 'formally proven' OS kernel, if a team of researchers couldn't attempt to formally prove a modular voting software system (maybe using the OS kernel that's already proven)?
Sure, it may be troublesome, but with government funding, it's a work that can be done, and independently verified by anyone that knows how to read such proofs.
Sure - call me a troll, but it's also an observation. Time to market is more important than quality.
If I had mod points, I would have modded you down. In context of Linux, or any software which wants to give you a choice, you point is largely misplaced and wrong.
Personally, I'm tired of the overrated excuse - to shuffle half-baked software on users. "Time to market" is a great metric - if you also cut on features. (E.g. what Debian does by excluding from releases software which cannot be stabilized in timely manner.)
But no commercial company would *ever* do it - because software is sold (or rather it is purchased) based on feature list, not on stability. Stability and security are not features which you can market with a straight face. And that is only when "time to market" excuse is applicable.
From number of deals I had chance to observe, it never really mattered to end customer. (1) If company spend more time on development and testing (being late to market), generally it would also enjoy faster deployment times (and happy customers). (2) If company pushed on customer long feature list which wasn't even seen once working, then all the time/money saved on development and testing would be wasted during deployment phase - to tie all loose ends. And it might cost more, because during deployment one can't enjoy stability of environment generally found in test labs.
Now the problem with human nature, that companies which opt for plan (2) earn more money. People still buy software based on length of feature list and few can afford changing software at later date when it was found that it doesn't function as advertised.
And that is why it is not applicable to software like Linux. First of all, Linux (say Debian) magnitudes more stable and reliable than commercial software. (Because Debian has literally unlimited budget of person/years - commercial companies simply can't afford it.) Second, in the end you still get the choice: commercial software comes with lots of strings attach of how and what you can and cannot do, while with free software many pieces are standard-based and replaceable. Third, if you get to the level of national software, volumes are so high and budgets are so huge that it is not unacceptable idea anymore to actually hire or buy completely a dedicated F/LOSS company to handle the technical side of the project.
All hope abandon ye who enter here.
The voting system has been widely accepted, due in great part to the fact that it speeds up the vote count tremendously. In the 1989 presidential election between Fernando Collor de Mello and Luiz Inácio Lula da Silva, the vote count required nine days. In the 2002 general election, the count required less than 12 hours. In some smaller towns the election results are known minutes after the closing of the ballots.
I just don't get it. In Spain we know the results of the election with more than the 90% of votes counted at 21:00, while the election itself ends at 20:00. In an hour more or two, we got the 100% minus the postal votes. And of course our system is just the goold old ballot.
Customers get what they pay for. If they aren't willing to make security a priority and pay more for it, then they won't get it.
Funny, I didn't pay for Ubuntu, but somehow I feel at least an order of magnitude safer than using Windows, even windows 7. While I haven't got a virus in years (Thank you AVG, which is also free!), I know that
there are thousands viruses and security holes (even if we haven't discovered them yet) in Windows 7.
I say sure, stereotypically you get what you pay for; but what about Windows NT where the server version cost something like $800 but was exactly the same except for setup and how many http connections it allowed? (http://oreilly.com/news/differences_nt.html) Microsoft lied and said they were different, but the binaries were compared. I read this somewhere else on Friday night, and now I am looking to sell my unopened copy of Windows 7 that I bought from Newegg for $50 months ago. Screw anyone or any company that has to lie to me.
I agree that Microsoft has done much for the industry, friends have pointed this out when I spout my freedom doctrine. But I think the fellow below said it best:
"What upsets me is not that you lied to me, but that from now on, I can no longer believe you." - Friedrich Nietzsche
Like a city whose walls are broken down is a man who lacks self-control.
The source *is* open. Anyone from any political party or organized entity can request and have access to all source and follow all the procedures. The final binaries are signed by all interested parties as well and the system can be audited at any time. I know no system is fail proof but I believe they covered as much as they can and honestly, the paper system is also week to social pressures and bribing as well. That's the week link: people, not technology.
Scientia est Potentia
Before you do the attempt you have to explain what you're planning to do, and the procedures have to stay with the TSE. The real hackers don't get their hands on that voting machine, only the security companys and universities can do the tests.
http://www.michel.eti.br
It's important to note that the prize for the winner is of just R$ 5.000, a little under $ 3.000. This certainly scared most experts away.
On a side note, you guys have just slashdotted our fucking Superior Election Court website. I hope you are happy.
Sure, the 'best crackers' couldn't hack it, see? So its secure, see?
I want to delete my account but Slashdot doesn't allow it.
Electronic balloting machines should be used only where necessary, for people who physically need help.
And they should simply print a bubble sheet like the ballots everyone else uses.
A ballot recorded only electronically is too hard to observe in a meaningful way.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
More accurate: "Successful Brazilian voting machine hackers stay quiet, wait for election day."
Yeah, but what is your population? From Wikipedia, about 46M. Check Bras(z)il's: 190M. Your area? 500.000 square km, versus 8 millions and a half. And bear in mind that some of the brazilian population live in areas that only can be acessed by boat or airplane - not a big fraction, of course, but we have much bigger dispersion than Spain or any other European country.
Where is that guy who'd die defending what I had to say when I need him?
Then again, with nothing to gain in a public competition/venue, the real hackers worth their salt are holding back.
It's worth more to them to crack the devices later, offering the ability to somebody who would pay them substantial sum of money to sway an election.
If you want to wear a tin foil hat, you might come to think the whole hacking competition was rigged for the benefit of the government...... Nah...
Either way you look at it, it makes the whole event suspect.
This seems to imply that Diebold are *trying* to make secure voting machines.
Requiem for the American Dream
I still don't get it.
We don't go all the 40 million people the same place to vote, nor do we count the ballots one by one.
We open up nearly all schools, so every one of us is assigned the nearest from his home, just a few minutes walking. Inside each school, there are several ballot boxes, so in the end, there's no more than a few hundred ballots in each box, maybe a thousand at the most.
Counting that, is just a matter of minutes, and reporting the total count to a central administration is againt a matter of seconds by phone. Of course you then have to take all the ballots and you can recount them all many times you want, and a physical hand signed report from all the members at the school, but anyhow, it's just a matter of parallelizing properly.
Sure it's more difficult in a place like Brazil, but having a 90% count by the end of the day, seems really feasible to me. Maybe you can enlighten me if I made wrong suppositions, but I suspect there was something really bad done there in those days.
While cracking the machines would prove that they are insecure, failing to crack them proves nothing. It only proves that one group of people at a particular time couldn't crack them.
Hackers Fail To Crack Brazilian Voting Machines
Give them time, a brazilian is a lot of machines!
Ba-doom-boom-tss.
From a linguistic point of view it is latin america, but you may see latin america as central america.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
If you look at the market in general and don't focus on single products the perspective is different.
The number of products through history that haven't made it far outweighs the number of products that have survived.
And this isn't limited to applications, look at cars and a lot of other items.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
For a system to be adopted in the US, it needs to be closed source, proprietary and subject to the anti-tampering and reverse engineering provisions of the DMCA.
Fraud and covert manipulation are essential "checks and balances" in the American system, ensuring that the interests of minorities like banks, insurance, pharmaceutical and petro-chemical industries are protected from the tyranny of the majority.
"Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
Interesting. Sounds like you count at every polling place. Most countries don't do that. They gather the boxes up some smaller set of places (in the UK it's one per constituency) and count them all there. Obvious advantage -- much easier for parties and the press to scrutinise the count; obvious disadvantage -- it takes longer.
In the US they also have a curious attachment to having huge numbers of elections all at once and putting them all on the same piece of paper. I guess this probably is easier for the voters, at least in the sense of being less work, but it means that hand counting would be infernally complicated because the same ballot papers need to be counted in multiple different ways for everything from president of the USA to town dogcatcher.
Yeah, we do count every box, and there are always at least four people counting each box. One of them is designed by the local administration, and the other three are chosen randomly from the electorate itself.
If you're chosen, you are obliged to stay there during the day, and payed 50€ for the inconvenience. Of course, you aren't punished if you present some medical condition, are travelling or that kind of things.
Also, each party can send as many representatives as they want to each box or school, to verify nothing strange happens.
If you're interested and can read spanish, you should go read this link. It's from 2005 and discusses the electronic vote and compares it with our actual system.. I'm sorry is too long for me to translate it accurately
My translation [explanatory comments in brackets]:
Test of the security of the electronic voting system
From Tuesday to Friday this week, 10 to 13 November, the Supreme Electoral Tribunal (TSE) will hold the first public testing of security in electronic voting machines that will be used in the elections of 2010, and of the other provisions of the electronic voting system. During those days, 38 specialists in computer science and network engineering will try try to find vulnerabilities in the [voting computer] programs in a competition conducted within the court. The purpose is to test the software and to receive contributions for the improvement of computerized voting.
The participants who submit the three ideas most relevant to improvement of the system will be awarded 5,000 reais [about 2,873 U.S. dollars], 3,000 [$1,724], and 2,000 [$1,149]. This initiative to expose the electronic ballot box system for public testing is unprecedented in the Electoral Court. The tests were approved unanimously during a TSE administration meeting on 30 June 2009. The public testing of security in the electronic voting system [used in Brazil] will serve to verify possible vulnerabilities in the system, for example, whether it is subject to possible violations or fraud.
Minister Ricardo Lewandowski was appointed by the Court to coordinate the testing. In his opinion, this is an opportunity to demonstrate the security of electronic voting machines, as well as to show "the total transparency with which the Court deals with the subject". The results will be analyzed and disseminated by a committee composed of members outside Electoral Tribunal, called the Evaluation Committee.
-----
My comments: As Brazil has shown over the years, it is possible to make secure voting software. The fact that so many vulnerabilities in U.S. voting software have been easy to demonstrate gives many the impression that the vulnerabilities are there because some group wants to exploit them.
As the article says, the purpose of the test was partly a demonstration of the openness of the Brazilian electronic voting system. There were, of course, other tests for vulnerabilities in the voting software used in Brazil, but they were done privately.
So, the machines' backdoor cannot be used by just about any hacker? Well good to know!
Put in a different way, that's as if you made a contest out of making people try to log through SSH into your machine, to prove that *you* can't log into it.
You just got troll'd!
Counting is a highly parallelizable process. And the number of people who can count is generally proportional to the total number of people in the country. Therefore if all other things are equal, the size of population in a country should have zero effect on the time required to count the votes.
The Tao of math: The numbers you can count are not the real numbers.
I'm Brazilian and this media statement is full os shit, why ? 1st - To try to hack it you had to submit a paper telling EVERYTHING you would try to hack... Any hacker knows that "hacking" isn't easy, and you must adjust your techniques every time, so it is virtually impossible to design a paper telling what you're going to do. Hacking isn't simply mathematics and scheduled procedures... 2nd - They would allow you very limited access to the voting machine in a controlled everinoment and on a limited time. Hacking takes days to understand the code, flaws ans possible ways to exploit it. It can't be done under pressure in a few days. 3rd - No REAL hacker would show his personal information and submit it to the goverment. Why ? It's very clear that everyone who enlisted was added to a federal police database of "possible suspects" and only the winner (almost impossible to archive, due the circunstances) would gain anything. So the chance of winning was very low, and being exposed wasn't worth the try. If they want a REAL test, they must: 1 - Allow anyone read the full source-code 2 - Put some of those voting machines on the internet with full-access. (login and passwords) 3 - Let us try anything without pressure. 4 - Offer a REAL prize, like US$100.000. 5 - Get a chance to try to hack it without being exposed in the first-hand. Of course whoever wins must reveal his identity, but only the winner (and everything that would come from that) would be known. That said, it was just a media statement... I can BET there are a lot of flaws in the system...
It seems to me that many equate free with worthless.
Home made pie made with home grown fruit isn't worth any less than a store bought, mass produced pie.
Yeah, yeah, I know some will laugh at the comparison - but the principle is still the same.
A programmer that gets paid isn't a guarantee that that persons code/programmes will be any better quality at their place of employment, than the code/programmes produced at home for free and contributes to open-source such as Linux.
First, is not the Brazilian goverment but the Tribunal Superior Eleitoral (supreme election jury or something like this in English).
And all the test is a ugly lie.
The... "hackers" are public workers, not really hackers. And they are forbidden to use really "hacker" methods like disassemblers, sniffers and etcetera, only the "approved" methods. Is like you ask to a thief to try to bypass your security system, but allows then to use only a paper clip. Ridiculous, but the TSE do not care.
Religion: The greatest weapon of mass destruction of all time
"Hackers Decline to Reveal That They Cracked Brazilian Voting Machines"
It's almost as if they had some incentive to keep it to themselves.
I read the link, but there are a few things which aren't clear to me yet:
1. How many boxes are there to count?
2. Do you have representatives from all parties at every box when it gets counted?
Depending on the answer, I'd think that system to be quite expensive.
Then, regarding some of the arguments presented there:
For the results to be seriously tampered in one table, it would be necessary to have all "vocales" and the president in agreement. That implies:
1. President, "vocales" and the administration representative to be from the same party.
2. All four to have little honor
3. All four to be bold enough to go against the law.
Considering that three of them are chosen by chance and don't know each other, what is the probability that these three conditions would happen?
Maybe Spanish people are extremely law abiding, but I don't see the unlikeliness of that happening if the current government tried to perpetuate itself. Basically it would need only to tamper the selection mechanism to put "loyal" people at the tables. For the Brazilian government to tamper with the election system, they'd have to choose another system. At least that's what I get from the article.
In any case, this could just be a "silver bullet" case. The Spanish system may work for the Spanish people, but would hardly work for Brazil where fraud is lurking in every corner. And the Brazilian system may work for Brazil, but might not provide any clear advantage to Spain.
http://dilbert.com/2010-12-13
You just couldn't resist sneaking a car analogy in there, could you ; )
http://dilbert.com/2010-12-13
1. How many boxes are there to count?
From the article: En el 2004 había 56.585 mesas electorales, so about 56585 boxes to count.
And yes, I also think it's pretty expensive. At 50€ per person, it's in fact more than ten million euros per national election. However, we also try to make all the elections happen in the same day, to save money and time. But it's true it's expensive, though we all think it's worth it.
Maybe Spanish people are extremely law abiding, but I don't see the unlikeliness of that happening if the current government tried to perpetuate itself. Basically it would need only to tamper the selection mechanism to put "loyal" people at the tables.
I don't think we're enthusiastically prone to law, but the advantadge of our system is that it really doesn't matter if you tamper 1, 100 or 1000 boxes, cause there are fifty thousand of them, and getting 50.000 people, as you say, "loyal" is really difficult, given that anyone can go and help -meaning supervising- with the recount and they could easily get caught tricking the count.
getting 50.000 people, as you say, "loyal" is really difficult
I forgot to say it's not only the random elected people that would have to be under government control, it's also the local representatives of the other parties who are supervising each box, and maybe a few of them are corrupt even against their own party, but you would need to buy at least two or three people more per box, and those would be the same who would be willing to buy you to vote or tamper in favour of their own parties, so I doubt very much anything like this could happen.
In 2004 we (in Brazil) had about 406.000 boxes (they were already eletronic voting machines then). That's about 10 times more than Spain at the same year. As stevelington said, we also don't count every box at each polling place (and we didn't do it before switching to eletronic boxes) but take them to a central place. Perhaps your way is faster (as maxwell_demon said below, counting is highly parallelizable, and having more people count makes the results be available faster). But I daresay counting votes is not as easy as it seems. There are null votes, and with a paper vote you might have problems identifying these - and the people at each poll station might not have the authority to decide. Also, I don't know about Spain political system, but Brazil have more than two dozen parties, five or six major ones. That poses additional complications.
Where is that guy who'd die defending what I had to say when I need him?