Slashdot Mirror

← Back to Stories (view on slashdot.org)

DC Internet Voting Trial Attacked 2 Different Ways

Posted by timothy on from the but-don't-worry dept.

mtrachtenberg writes "University of Michigan Professor J. Alex Halderman and his team actually had two completely separate successful attacks on Washington, DC's internet voting experiment. The second path in was revealed by Halderman during testimony before the District of Columbia's Board of Elections and Ethics on Friday. Apparently, a router's master password had been left at the default setting, enabling Halderman to access the system by a completely different method than SQL injection. He presented photographs of a video stream from the voting offices. In addition, he found a file that had apparently been left on the test system contained the PINs of the 900+ voters who would have used the system in November. Others on the panel joined Halderman in pointing out that it was not just this specific implementation of internet voting that was insecure, but the entire concept of using today's internet for voting at all. When a DC official asked why internet voting could not be made secure when top government secrets were secure on the internet, Halderman responded that a big part of keeping government secrets secret was not allowing them to be stored on internet-connected computers. When a DC official asked the panel whether public key infrastructure couldn't allow secure internet voting, a panel member pointed out that the inventor of public key cryptography, MIT professor Ronald Rivest, was a signatory to the letter that had been sent to DC, urging officials there not to proceed with internet voting. Clips from the testimony are available on YouTube." Update: 10/09 19:24 GMT by T : Reader Cwix points out two newspaper stories noting these hearings: one in the Washington Post, the other at the Chicago Tribune. Thanks!

6 of 123 comments (clear)

  1. Please use internet voting by Anonymous Coward · · Score: 5, Informative

    to mod me up to +5 informative, to show it does work perfectly!

  2. Inventor? by Anonymous Coward · · Score: 5, Informative

    > the inventor of public key cryptography, MIT professor Ronald Rivest,

    Rivest is a brilliant, very accomplished man, and was one of the inventors of one of the earliest and best-known public-key cryptosystems. But it's misleading to refer to him as "the" inventor of public-key cryptography in general. He co-invented RSA with Shamir and Adleman (several years after Cocks came up with it and kept it secret). But the concept of public-key cryptography was described before RSA, by such luminaries as Diffie, Hellman, and Merkle. He is certainly one of the pioneers of public-key crypto, and deserves acclaim for that, but is not "the" inventor of the concept.

    Incidentally, much of Rivest's recent work is in the area of electronic voting (how to make it simultaneously accurate/auditable, privacy-preserving, and usable by non-technical people)--so he's not just speaking as a luminary in the field, but as someone who has studied this specific problem.

  3. Actual article by Cwix · · Score: 4, Informative

    The youtube videos are all well and good.. heres a few links to written articles about this though

    http://voices.washingtonpost.com/debonis/2010/10/prof_explains_how_dc_online_vo.html

    http://www.chicagotribune.com/news/chi-ap-dc-dcelections-heari,0,541741.story

    --
    You are entitled to your own opinions, not your own facts.
  4. Corrrections to post text by EvilSporkMan · · Score: 4, Informative

    It was a terminal server, not a router, and the previously-published attack was shell injection, not SQL injection.

    --
    -insert a witty something-
  5. Re:Votes simply don't matter... by Mikkeles · · Score: 3, Informative

    'I don't understand why people are so up and up about the voting system...'

    Because letting a bad system become worse is not a good way to improve it.

    --
    Great minds think alike; fools seldom differ.
  6. Too bad you're clueless. by copponex · · Score: 3, Informative

    A democracy means there is a vote to either directly approve laws (direct democracy) or to elect representatives to do the same (representative democracy). Republic literally means ruled by the public, not by a monarch or a non-elected supreme rule. America is a representative democracy that limits government power with a constitution, but since that constitution can be changed by democratic action, you cannot say that it isn't a democracy. We could do away with the constitution in another constitutional convention and replace it with another if we so chose.

    Just because you read Atlas Shrugged yesterday doesn't mean shit to anyone else. Crawl back over the Drudge Report, where you can eat up the talking points regurgitation with the rest of the libertarian zombies.