Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Fail To Crack Brazilian Voting Machines

Posted by kdawson on from the voting-envy dept.

blueser writes "From Nov 10th to Nov 13th the Brazilian Government hosted a public hacking contest to test the robustness of its voting machines. 38 participants from private and public IT companies (including the Brazilian Federal Police) were divided into 9 teams, which tried several different approaches to try to tamper with the software installed on the machines, and even to physically interfere in other stages of the process. All attempts (aside from a minor one which would not compromise the overall results) failed, and observations from the participants and neutral observers will be taken into account to improve the process even further. Here is the official announcement for the contest (Google translation; Portuguese original). A summary of the results is available in the Brazilian press (original). Brazilian voting machines use Linux." US voting officials ought to be envious of their Brazilian counterparts, or ashamed, or both. Perhaps this MIT-developed cryptographic voting system offers a way forward.

6 of 143 comments (clear)

  1. Re:Hmm... by Z00L00K · · Score: 4, Insightful

    Obviously this puts a lot of software produced in the US to shame.

    Today it seems like it's all about selling something crappy for money in the US with an EULA where you free yourself of all responsibility.

    And when someone points out the flaws the lawyers are called in to hide the fact that there is a gap that can put Grand Canyon to shame.

    No wonder that the world has suffered so much malicious software.

    Sure - call me a troll, but it's also an observation. Time to market is more important than quality.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  2. for what it is worth... by Sir_Lewk · · Score: 4, Interesting

    Cracking contests are warning sign number 9 on Bruce Schneier's list of security snake oil warnings.

    Warning Sign #9: Cracking contests.

    I wrote about this at length last December: . For now, suffice it to say that cracking contests are no guarantee of security, and often mean that the designers don't understand what it means to show that a product is secure.

    --
    "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
    1. Re:for what it is worth... by Narpak · · Score: 4, Insightful

      Yet I find the concept of actively encouraging people to hack your system, through for instance competitions, far more comforting than insisting that the only security is total secrecy. Particularly in the field of electronic voting systems.

      --
      The Long Now Foundation
  3. Re:Doesn't change a thing by gzipped_tar · · Score: 5, Insightful

    1. How do you know that "A paper ballot vote is completely observable and does not require trust"?

    2. "Electronic voting is unnecessary and undemocratic." -- There are democratic political systems and undemocratic ones. There are no such thing as "democratic" or "undemocratic" technology. Technology is neutral; it depends on who is using it and how it is used.

    --
    Colorless green Cthulhu waits dreaming furiously.
  4. Re:Try again! by C0vardeAn0nim0 · · Score: 4, Informative

    they were designed under the electoral court's orders by universities and private companies. after the design was ready, the manufacturing was outsorced to several comapnies, one of them was procomp, that later was purchased by diebold.

    diebold doesn't own the designs or the copyright to the software. the electoral court does. so if diebold is thinking about selling similar machines in US, they'll have to pay our govt. royalties.

    --
    What ? Me, worry ?
  5. Ridiculous prize by BoppreH · · Score: 4, Funny

    It's important to note that the prize for the winner is of just R$ 5.000, a little under $ 3.000. This certainly scared most experts away.

    On a side note, you guys have just slashdotted our fucking Superior Election Court website. I hope you are happy.