Slashdot Mirror
Voting System Test Hack Elects Futurama's Bender To School Board
mr crypto writes with this quote from El Reg:
"In 2010 the Washington DC election board announced it had set up an e-voting system for absentee ballots and was planning to use it in an election. However, to test the system, it invited the security community and members of the public to try and hack it three weeks before the election. 'It was too good an opportunity to pass up,' explained Professor Alex Halderman from the University of Michigan. 'How often do you get the chance to hack a government network without the possibility of going to jail?' With the help of two graduate students, Halderman started to examine the software. Despite it being a relatively clean Ruby on Rails build, they spotted a shell injection vulnerability within a few hours. They figured out a way of writing output to the images directory (PDF) on the compromised server, and of encrypting traffic so that the front-end intrusion detection system couldn't spot them. The team also managed to guess the login details for the terminal server used by the voting system. ... The team altered all the ballots on the system to vote for none of the nominated candidates. They then wrote in names of fictional IT systems as candidates, including Skynet and (Halderman's personal favorite) Bender for head of the DC school board."
the election board had the common sense to ask for this publicly and not cross their fingers and hope no one did this when they used it for real. More gov't entities should open up to testing like this.
Why not Zoidberg?
Bite my shiny metal ass!
"For every expert, there is an equal and opposite expert"
If elected I promise to KILL ALL HUMANS! Hey, you said there'd be hookers at this convention.
What a fool believes, he sees, no wise man has the power to reason away.
If you read the article, they didn't even have to guess really. The default root password for the HTTP admin interface was left intact. They then downloaded the etc/passwd file and cracked it in only 3.5 hours because, surprise surprise, the secondary administrator password was piss poor "cisco123"
Seriously. Who hired these clowns?
"Have you ever tried simply turning off the TV, sitting down with your children, and hitting them?"
Everything I say is a lie. Except that... and that... and that, and that, and that, and that... and that.
Ruby on Rails
And there's your problem. Only an idiot would try to run something that needs high security on Ruby on Fails. Rubyists couldn't write secure code if their life depended on it. Next time hire real programmers not hipsters who spend all day sipping lattes and admiring each other's new pair of skinny jeans.
Ya, well, I'm gonna go build my own election system. With blackjack! And hookers!
In fact, forget the election system.
Every single technology profession I have EVER communicated with, does not think electronic voting machines are a good idea. If EVERYONE is in agreement this is a BAD idea, why the FUCK are we still making these things?
Personally, i would have voted for Hubert Farnsworth.
I'm sure Bender doesn't endorse the cool crime of election fraud. He just needs a big government network to get down with maximum efficiency.
What I want to see is a real compromise of one of these systems that can be held up as a true scare story:
1. The compromise is undetected. At the time the results are reported, the election officials are unaware that the system has been compromised and none of the systems in place for detecting a compromise has indicated any trouble. According to all evidence in the audit trail the results are undeniably correct and true.
2. There was no indication of tampering at the time of voting. As votes were being cast there was no indication of tampering with the ballots or any other visible indication that the results weren't being correctly recorded and reported.
3. The results reported are undeniably wrong. Eg., the test voting was done in a controlled manner where everyone knew what the correct results should be and that everyone saw that everyone else had voted the way they were supposed to, so if the system functioned correctly it's known exactly how many votes should be cast for which candidate.
4. The reported results are undeniably wrong. Eg., according to the reported results 100% of the votes cast were for a candidate who should've received zero votes.
Comment removed based on user account deletion
He is a bending unit, not a 'head of the DC school board' unit...guh.~
The Kruger Dunning explains most post on
I can't be the only one thinking that this was an excellent opportunity to crack the system with impunity and not report the findings. That leaves you one simple ? from Profit!!!
Why is this modded Insightful instead of Funny?
Bender doing this should not be a surprise, after all he already messed up the presidential election of 2000 by going back in time and getting Bush elected instead of Gore Act VI, he was probably did this as a lark at the same time. Given Bender's innate robotics skills, there is no doubt he could have done this.
That's a pretty ridiculous prank to pull just for the lulz.
It's not for "lulz". It's to demonstrate, without possibility of denial, the incredibly serious point that e-voting is a bad idea that can never be safely implemented.
Sad-sack programs like this being compromised fuel the other companies who may be equally as susceptible to attack to press on as if they are somehow better or more secure.
"Sure they hacked that system the government set up, but that was some bloggers scripting in Ruby/Rails in a dark room. They didn't even change the default passwords! We're REAL programmers, writing in a lower-level language with security experience! We can't POSSIBLY do it wrong!"
If you want to actually test an election system, try having a fake Diebold election and see if it can be rigged. Use an ACTUAL e-voting vendor, not some scripts you cooked up to have a hack-off, with the default passwords and everything else right where the attackers expect to find them.
If the only way you can accept an assertion is by faith, then you are conceding that it can't be taken on its own merits
It's not news that electronic systems can be insecure. Those selecting such systems are certainly lobbied to believe that, whatever system they choose, "this time it will be different... this one IS secure."
The truth is all voting systems -- manually or electronically administered -- are insecure. The feature that traditionally manual voting systems have is that the scale of voting fraud exacted is correlated with the scale of corrupt election officials overseeing the process. To increase fraud you either need a) more conspirators or b) higher-level conspirators in the body that oversees the process. That is a feature that is worth keeping in any new version of voting system.
This article is just another example of a voting system that has given up the feature. Not all electronic voting systems forsake this feature, but those that keep it are at most electronic-assisted voting systems that retain distributed verification at multiple stages of the counting process. That's because voting is most secure when it's a distributed activity, not a centralized one. With thousands of tiny precincts collecting pockets of votes, any one could tamper with results -- but many would have to tamper to have a big impact. Election commissioners, keep this feature!
Everyone always ignores poor Scruffy :(
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
"Every single technology profession I have EVER communicated with, does not think electronic voting machines are a good idea." Three cheers, too, for superstitious luddites (see below). Here are my top three solutions to computer fraud and f**kups:
1. Wanted posters and long prison sentences. Rob a mail truck, do time. Why should this not work for email and other electronic fraud? Robbing an election is a more serious a threat to democracy than robbing the mails, which is bad enough.
2. Human signatures and carbon paper (or one-write NCR paper). When a live person signs a check, an invoice, a purchase order or a ballot, he or she thinks twice about the consequences. Anything can be faked, but carbon paper scores high on lie-detector tests.
3. Letterpress-imprinted sequential numbering. Paper forms, including ballots, with unique numbers and carbons copies, are a solid control for electronic databases.Ancient Letterpress lead-type numbering devices--stamp, crunch, print, and advance the counter-- are older and less screwable-with than computerized typesetting or laser-printing.
I use all of these systems in my own business because where my money is concerned, I do not entirely trust any computer system. I've seen an entire business of 100+ employees saved by one persnicketly accounting clerk who kept paper copies of all the invoices and payments. She had been ordered not to--don't be so old-fashioned, dear--but ignored the controller's blind faith in his new, shiny, $200K fail-safe automated system. No hacker except Murphy and his law was involved. She was neither thanked nor rewarded for rescuing her employer from catastrophic folly.
Murphy's corollary: no good deed goes unpunished.
Bite my educationally shiny ass!
Any voting system that can be hacked should be hacked. We need to see fictional characters elected to every office in the land until people figure out the results for real people have been cooked all along.
Because "Insightful" is Secret Slashdot Code for "Funny, but enough so it deserves karma". And "Funny" is Secret Slashdot Code for "So painfully unfunny it induces groaning."
Or possibly Groening. Not precisely clear on that.
Bender couldn't possibly do any worse.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
why we need computerized voting? We hold elections once every year or two, it's not like counting the vote by hand is some huge drain on society's resources. Yes, hand counting is slow, that's why elections are held well before terms expire. Yes, it's labor-intensive to count by hand, but lots of eyes in the process makes fraud much harder. The Florida debacle did expose flaws in the system, but touch-screen voting is not the solution.
Never let a lack of data get in the way of a good rant.
Why is this "Off-topic"...because it indicates how far elected officials will go to screw over their constituants?
What I and the rest of the parents wouldn't do to get them out and replace with Futurama Overloards - they clearly would do a better job representing us than the Republican's elected in on a promise and then breaking it at the first opportunity.
What I want to see is a real compromise of one of these systems that can be held up as a true scare story:
....
3. The results reported are undeniably wrong. Eg., the test voting was done in a controlled manner where everyone knew what the correct results should be and that everyone saw that everyone else had voted the way they were supposed to, so if the system functioned correctly it's known exactly how many votes should be cast for which candidate.
http://en.wikipedia.org/wiki/Hacking_Democracy
Let us all welcome our shiny metal overlord. I look forward to his New Washington D.C., with Blackjack and Hookers. In fact, forget the blackjack!
do() || do_not();
Or possibly Groening. Not precisely clear on that.
This being a perfect example of "Funny". I gol'd (groaned out loud).
The more you know, the more you have to say and the more you should listen.
Although I must add, it was actually quite clever. Maybe your definition of "Funny" should be "Humorously entertaining to read, but most likely groan- or facepalm-inducing".
The more you know, the more you have to say and the more you should listen.
As a felon, Bender is barred from holding public office.
e-voting can be simply an safely implemented. All it costs is the untracibility and lack of verification we demand of our current system.
Learn to love Alaska
That is incorrect. I am a poll worker in Virginia, and we follow a very similar protocol for our DRE voting machines. We run the machines through a double-blind test prior to the vote, under the observation of multiple parties, and then we seal them. During the vote, the machines are kept in the open and observed by multiple parties. Each hour, the total votes cast are compared to the total voters allowed into the polling place, and the results called in my phone, and independently recorded, by the Registrar. At the end of the voting day, the vote totals are printed on paper, called into the Registrar by phone, and then aggregated by the State Board of Election. We then transfer the totals in ink onto a separate report, make a backup copy of the database, seal our report and the machines, and deliver them to the Registrar. The sealed reports and backup data go to the local courthouse, where they are locked away until the vote is certified.
In order to defeat our system, you would have to do it in the open, under the (very) watchful gaze of multiple parties both partisan and neutral, and you would have to do it in a way that did not change the total number of votes cast. I'm not saying it's impossible, but it would be really, really hard.
I have been volunteering for many years, know a thing or two about machine security, and am very confident that we run a clean, fair, and open election with results that are far better than a paper ballot count. If I had a choice between a paper and a machine/electronic balloting process, I would never choose to use paper. Paper is an awful medium for counting. You may have noticed that places where counting is important -- like banks -- paper is no longer used. There's a reason for that!
"We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
Sorry, He can't be. Bender was built in Mexico. Although if Mom is an American citizen, that could throw a wrinkle in the works.
Except that that removes the safety and security of the system. The untraceability is what protects voters from coercion. If it was possible for any party to trace a person's vote and see what it was, it's then possible to threaten voters with repercussions if they don't vote the way you want them to (eg. "Vote for the candidate the CEO likes or we'll fire you.", although in reality it'd probably be a bit more subtle than that).
Oddly it is possible to implement an electronic voting system that's both untraceable and secure. But so far every electronic voting company has been resistant to building an independent audit trail in.
The untraceability is what protects voters from coercion. If it was possible for any party to trace a person's vote and see what it was, it's then possible to threaten voters with repercussions if they don't vote the way you want them to (eg. "Vote for the candidate the CEO likes or we'll fire you.", although in reality it'd probably be a bit more subtle than that).
That's possible today and doesn't happen. So, that may be your opinion, but I claim the facts of today prove you wrong. We had open ballots for almost 100 years, and it wasn't until votes were taken during a war where one side of the war ran the polls where there was any problem with it, and since then, the fraud under closed ballots has been much higher than when ballots were open before the war.
Learn to love Alaska
The trick is to NOT use a DRE, but instead use a Voter Verified Paper Ballot. That is, the electronic device can help you vote, preventing overvotes and warning on undervotes, reading aloud to seeing impaired voters, etc., but the result is a printed out paper ballot which the voter then casts by putting it into a ballot box. The votes can be counted efficiently (i.e. scanned), and the paper ballots can be audited (by a separate system from a seprate vendor) and recounted.
That's untraceable and secure. There are a few systems like this (my favorite is the open source system at http://www.openvotingconsortium.org./ One nice thing is that you only have to trust the voter to verify the ballot - if the count is forged, the audit will find it. This means that you don't have to trust the software, just the process. That's a good thing.
Enable 3D printed prosthetics!
Hey, what's wrong with electing Bender?
Let's elect Bender to all offices, just like the Grand Pooh-Bah! It could hardly be worse than the present bunch.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire