Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher Who Reported E-voting Vulnerability Targeted By Police Raid in Argentina

Posted by Soulskill on from the stay-safe dept.

TrixX writes: Police have raided the home of an Argentinian security professional who discovered and reported several vulnerabilities in the electronic ballot system (Google translation of Spanish original) to be used next week for elections in the city of Buenos Aires. The vulnerabilities (exposed SSL keys and ways to forge ballots with multiple votes) had been reported to the manufacturer of the voting machines, the media, and the public about a week ago. There has been no arrest, but his computers and electronics devices have been impounded (Spanish original). Meanwhile, the information security community in Argentina is trying to get the media to report this notorious attempt to "kill the messenger." Another source (Spanish original).

22 of 116 comments (clear)

  1. Re:Gazillion votes by TrixX · · Score: 4, Informative

    Just FTR, the group organizing this election is the government of the city of Buenos Aires. which is not run by the Kirchner but one of the opposition parties

  2. Not kill the messenger ... by perpenso · · Score: 3, Insightful

    If the researcher is not being arrested its not "kill the messenger". Impounding his equipment, the "evidence", is just a very rude way of getting his data on vulnerabilities and attacks. They could have asked. Then again perhaps they feared the "evidence" being tampered with, confidential sources and all that sort of thing. Again, rude, but a plausible path if such concerns were warranted.

    1. Re:Not kill the messenger ... by perpenso · · Score: 2

      They went into his house and took his shit. In South America. I think that qualifies as "kill the messenger".

      In a region with a history of actual political assassinations (body found) and dissapearances (body not found), no that does not qualify. Such things happened as recently as the 1980s. About 10 years ago the Argentine Congress established a "Day of Remembrance for Truth and Justice" for such victims. Having to buy a new computer and restore from backups is not in the same league.

    2. Re:Not kill the messenger ... by Trax3001BBS · · Score: 3, Insightful

      So why would the next messenger bring any message?

      Because the next messenger would be smart enough to realize that if they have any electronic data more valuable than school assignment, video game save game files, selfies and letters to grandma then they should have offsite backups. Whether your data burns up in a fire, gets destroyed in a flood, gets stolen by non-government agents or impounded by government agents does not really matter; except that in the impounding case you might get it back. Back it up and there is much less to fear.

      And perhaps this first messenger has a backup too.

      In this case everybody has the information: "As reported Telam a specialist who preferred anonymity, which leaked on the web are "SSL certificates terminals that send data from the schools to the datacenter," which were published "on the site http: / /caba.operaciones.com.ar by poor settings on your servers. "" (translated version).

    3. Re:Not kill the messenger ... by khallow · · Score: 2

      Having to buy a new computer and restore from backups is not in the same league.

      Doesn't have to be in order to fit the definition. And milder forms of censorship and suppression are often preludes to greater forms especially in places where there's already a history of such tyranny.

    4. Re:Not kill the messenger ... by perpenso · · Score: 4, Insightful

      So why would the next messenger bring any message?

      Because the next messenger would be smart enough to realize that if they have any electronic data more valuable than school assignment, video game save game files, selfies and letters to grandma then they should have offsite backups. Whether your data burns up in a fire, gets destroyed in a flood, gets stolen by non-government agents or impounded by government agents does not really matter; except that in the impounding case you might get it back. Back it up and there is much less to fear.

      And perhaps this first messenger has a backup too.

      In this case everybody has the information: "As reported Telam a specialist who preferred anonymity, which leaked on the web are "SSL certificates terminals that send data from the schools to the datacenter," which were published "on the site http: / /caba.operaciones.com.ar by poor settings on your servers. "" (translated version).

      The desired "evidence" may be unreported information. For example things that make otherwise anonymous people less anonymous. Again, the researcher is not necessarily the target.

    5. Re:Not kill the messenger ... by perpenso · · Score: 2

      It remains to be seen if there is censorship. Impounding material evidence is not necessarily suppression.

      But heavy-handed behavior is a good indication that such suppression is going on. After all, why wouldn't this researcher cooperate with the police?

      There was no censorship. The researcher who published the exploits was not arrested. His computers were impounded as part of an investigation. He may not be the target, they may be searching for a 3rd party he was in contact with, perhaps a black hat. Seizing evidence in such a case removes the opportunity for the evidence's destruction. Its a pretty standard thing in North America and Europe too.

      As for the "definition". In a region where a generation or two ago "kill the messenger" was literal not figurative, the figurative definition doesn't work.

      Bullshit. When the figurative definition is ignored the literal one comes back. Throwing elections (and thuggish suppression of evidence of that) is a phase I'd expect in a return to such tyranny.

      The existence of an exploit is not evidence that anyone, government or not, is actually rigging an election. Its evidence of risk. There are most likely exploits in every electronic balloting device and in every web voting system ever made.

  3. Can we get some confirmation of this? by Anonymous Coward · · Score: 2, Insightful

    Come on, Slashdot editors! Get with it! Fix the fucking summary! It's fucking awful!

    Jesus Christ, most of the links are to non-English articles, and the automatic translations are shitty. Like most people here, I don't read Spanish, so I have no idea if the automatic translations are actually accurate and match with what the Spanish articles are saying!

    Additionally, I have no idea who is behind these articles. Being unfamiliar with them, I do not know how reliable they are, or what their biases are.

    I know I'm not alone. This is a site targeting English-speaking individuals. As we already speak the most relevant language in the world, we have no need for other languages.

    Is anyone in the English media covering this? Can we get some confirmation from reputable American, British or Australian news sources, so we can actually understand what the fuck is going on in this case?

    1. Re:Can we get some confirmation of this? by TrixX · · Score: 3, Informative

      I can provide you with this english link. This has not been reported in english speaking media yet, sorry for not having something better but this is breaking news yet. https://gist.githubusercontent...

    2. Re:Can we get some confirmation of this? by Anonymous Coward · · Score: 2, Informative

        Some days before the elections taking place today in BsAs, a guy found "bugs" and other mistakes from which the Frente Para la Victoria, the PRO, the Frente Renovador, and other polithical parties from here may take advantage of. The article is fine and describes in a very suitable and short way what's really happening. This is obvious, just as with Nisman, and other cases: we are being ruled by a right-wing party disguised as a populist left-wing party who wants to stay in the power, no matter what. Just like in some other countries.

      The best thing to do for people who has no idea what's happening, like you, would be to explain the general context in which this specific case is taking place.

      The modern "peronistas" polithical parties always assure their "eternal" position in the governement by giving niggas ("negros villeros") some coke and hotdogs since they just don't care about the rest, 'cause they have nothing to lose. Then you give them these "planes sociales" (asignación universal por hijo, plan procreAR, plan trabajAR, etc) and make sure you have them happy for a while. Once you've done this, you gotta start spreading around propaganda to convince low and middle class that you really are carrying on with the agenda J. D. Perón had in his first presidence back in 1945. After all that, finally, you can choke the uptown-hypster-conservative class by the balls using low and middle class against them. And when the party is on the hiatus (like it's gonna be in 2/3 months) you just get the fuck outta here to the Bahamas, leaving everything prepared for your comeback in 4/8 years (with help from Scioli, Massa, etc).

      What does all this have to do with the article? 1) Manipulating the votes would re-assure the victory of Scioli (a right wing-burocrat disguised as a left-wing, close friend of Menem, that contributed with the neoliberal economic State general overthrown in Latin America back in the '90 to spread EEUU's geopolithical rules, and who has the guts to confront all of us, not cause he's a good man, but because Argentina's mafia and other polithics will maintain his butt clean and assure his polithical status in the future) and therefore a future comeback and victory from the kirchneristas or Cristina herself; 2) Scioli would also leave everything prepared for other kirchneristas to win the next elections in 2019 (since the dólar is gonna skyrocket because of all this fachade of maintaining these "planes sociales" without a real planning and agenda with money nobody will pay for, wasting more resources and money to make everyone think they really are carrying on with populist-economic decisions) by making sure bills are payed and that mouths are shutted with represion, and by checking that "La Cámpora" keeps ruling as a student-polithical dangerous party to allow, with their influence, a comeback from Cristina & company); 3) Internationally, I suspect, sooner or later they'll have to deal with Daddy and mammy (EEUU and Europe), because with all the "Griesa" default debate, plus our firendly relationship with Russia and China (we're more their hooker on duty than their friend) America is not smiling at us, and personally, now that shit is scalating with Russia and Asia in general it's their opportunitty to re-assure their worldwide hegemony; and the fact that this guys are comfortably standing on power, it'll be no trouble taking decisions against argentinian's will.

      So, no doubt the guy who reported the problems described in the article just got in trouble. I doubt they're gonna kill him or something. But he will have to walk looking over his shoulder his entire life.

      Cheers

  4. That's what happens when... by Krojack · · Score: 5, Insightful

    You expose a backdoor that the current in-power government was going to use to win the election.

  5. The elections are not "next week". It's tomorrow by carlos92 · · Score: 2

    TFS is wrong. We hold elections on Sundays in Argentina, not on weekdays. In less than 11 hours we will be voting with this horribly unsafe system that hasn't really been tested.

  6. Estonia evoting by Anonymous Coward · · Score: 2, Interesting

    Estonia also uses e-voting as an option, using an ID card. Basically software is opes source and anybody can check for backdoor, plus there is independent checking committee.

    Bottom line of this is that it is much more difficult to fraud in e-voting than in ordinary voting with paper.

    Interestingly the biggest critic of e-voting is our opposition party who relies heavily on russian and old people vote, basically less educated is the target group, they have raised hell after hell, and yet no one has yet to produce any attack vector that is not fundamentally in it already - al la guy holds a gun into your head and forces you to vote x or malware that steals your pins and votes x.

    Basically the bottom line is that if you trust banking and your money, because if anybody cracks it, it is the first thing to go after. you should trust e-voting as long as there is independent oversight and source is open.

  7. The inherent problem with electronic voting by Opportunist · · Score: 4, Insightful

    There is one single very dangerous problem with electronic voting: Trust. People have to trust it, because they are unable to test it.

    With paper and pen, it's easy. You can nominate anyone to work as an election monitor. The necessary qualification is "being able to find out where the X marks the spot" and "count". That's a skill set available to nearly everyone.

    Working as an election monitor to rule out foul play with election machines requires someone to know quite a bit about computers. It's anything BUT simple to rule out foul play.

    The danger here isn't even so much that manipulation can take place. And I don't even want to engage in the discussion whether or not these machines can easily be manipulated. The danger is that some populist aiming for the uneducated masses goes and cries foul play when he loses the election. And that's a danger not to some party but to the faith of the population in the whole democratic process. And that inherently is dangerous to democracy altogether.

    It's not easy to debunk such claims. With paper, it's easy to go "oh please, count them yourself if you don't believe us. Here's the paper slips, and you can count, can't you?". Now try the same with election machines. Saying "you can do an audit yourself" isn't going to cut it. Why should we trust the computer experts? It's not something just anyone can do.

    These machines are a danger to democracy. Nothing less.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:The inherent problem with electronic voting by Opportunist · · Score: 3, Interesting

      But any party involved can (at least in my country, and pretty much all civilized countries I know of) nominate election observers that can easily identify whether everything's running correctly without any kind of special knowledge. They can easily tell whether the ballot is properly sealed, they can easily tell whether people step into the voting booth alone. They can easily find out whether the choice is free of influence. They can be present when the ballot seal is broken (actually, over here people are essentially locked in 'til the paper slips are counted, collected and sealed again, nothing going in or out in between) and when the paper slips are counted.

      It's pretty hard to manipulate anything in such an environment. It's easy to see whether someone tries to manipulate results since it takes little more than eyes to detect foul play.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:The inherent problem with electronic voting by Opportunist · · Score: 2

      I didn't say that paper elections cannot be rigged. They can, and have been more often actually than there have been fair elections.

      I did not even say that it's easier to rig electronic elections than paper elections. Personally, I'd expect it to be as long as you're the one calling the shots.

      What is harder is simply to debunk cries of foul play. People can easily imagine what a paper election is like and how counting them (with representatives of all parties involved present) can be somewhat trusted. It is easy, on the other hand, to convince people that this is not the case with voting machines.

      People don't trust what they don't understand. And trust is something a democracy needs urgently. People need to have faith in their system of government. Whether they like their current government or not, but they need to know that it was elected fairly and that it is what "the people" wanted. That's the whole problem here. Because without ... well, you see how Mexico is doing...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re:The inherent problem with electronic voting by Guillermito · · Score: 2

      In this case the audit is just counting the paper votes. The voting machines used in Argentina will save the voter selection to an RFID chip in the ballot and at the same time print the exact same information. The voter can use a separate machine to read the information in the chip and verify that the information displayed on a screen matches the information printed on the ballot. After that the voter has to insert the ballot in a box. At the end of the day the voting station authorities will empty the box and use a machine similar to the one that the voters used to verify their ballot in order to tally the votes, approaching the ballots one by one to the RFID reader. Each political party can nominate a monitor to oversee this process. They can even ask to manually recount the votes using the printed information if they have doubts. When everyone present agrees on the results, the data is transmitted to a central location to be aggregated. The ballots are put in the box again and the box is shipped to a central location. The totals from each polling station are made available online. The week after the election a 5% of the polling stations are randomly selected. The boxes from those stations are re-opened and the votes are re-counted using the printed information. Again, delegates from every political party oversee this. This is the second time this system is used. The first time was in the Salta province. The audit of the 5% of the votes found no differences.

    4. Re:The inherent problem with electronic voting by Guillermito · · Score: 3, Interesting

      The system used in Argentina has a paper trail. When a vote is casted the machine saves the voter's choice to an RFID chip inside the ballot and at the same time the same information is printed as human-readable text on the ballot. The voter can use a separate machine to read the RFID and verify that the information printed matches the information stored.

      The votes are counted at each polling station primarily using a RFID reader, but each political party can designate monitors to oversee the process. In case of doubts the votes can be re-counted using the printed information. When everyone present agrees on the totals, the results are sent to a central location where they are aggregated. Results from each polling station are made available online so each party can verify that the totals add up correctly.

      As a final step, 5% of the polling stations are randomly selected the week after the election and votes are manually re-counted using the paper trail. This is done in the presence of monitors from the different parties. This is the second time this system is used. The first time the audit of the 5% of the polling stations showed no differences.

      I think there is a bit of exaggeration on these reports since even if the software is vulnerable, the system as a whole can be verified. The police raids can be explained since some of these "researchers" made available a list of all the employees of the company supplying the voting machines including phone numbers and addresses in an attempt to prove the incompetence of that company

    5. Re:The inherent problem with electronic voting by fgouget · · Score: 2

      They (supposedly) didn't have enough ballots to go around, and thus polling places were closing hours ahead of schedule, with the reason given by the Registrar of Voters as "We didn't have enough ballots for everyone to be able to vote".

      That's really a trivial problem to solve and the fact that it occurred means the election officials were criminally incompetent which is now obvious for all to see. In contrast detecting hacks in voting computers is close to impossible, proving them harder still and preventing them while maintaining transparency downright impossible.

    6. Re:The inherent problem with electronic voting by Anonymous Coward · · Score: 2, Interesting

      The officials at the voting table sign the envelopes. Whenever they sign envelopes, they must sign a batch of them with the same pen and with the same amount of signatures (one official, two officials, three officials, etc), so that it's not possible to identify a specific voter by the signatures on their envelope (I think there's a minimum of 8 or so).

      This is how the vote in Argentina has worked for many many years. This doesn't mean that it's impossible to fraud it. Voting table officials need to be careful of always looking when an envelope is put in the voting box, that it contains the signatures. If it doesn't, the person may take the signed envelope away and use it to create a chain of bought votes (i.e. give the signed closed envelope with the selected candidate already inside to someone voting at the same table, and ask them to give them back an open signed envelope on their way back in exchange for money).

      With this new system, there's no envelope because all voting ballots look basically the same, they are just folded so that the printed name of the person receiving the vote is not visible. This prevents the old type of buying votes, but there's already a video of how it's still possible to do the same via using a device that verifies that the information in the RFID matches what you want the voters to vote (this could be a full smartphone or a device that does just that).

      The good thing about this system is that it can still be counted by reading the information on the ballots. But we need to hope that everybody looks at what the machine printed on their ballot before folding it AND that the table officials actually verify that what the RFID machine says is the same as what their manual counting says...

      The RFID part baffles me. A QR or good old bar code would have been enough for speeding up counting. Why an RFID? It adds significant costs to the whole equipment needed, for no apparent gain (at least to me). My only explanation is that the business selling the RFID equiment and supplies to the city government has cut some kind of 'deal' to make them choose this...

    7. Re:The inherent problem with electronic voting by grc · · Score: 2

      RFID makes it a less likely that a party can print their own ballots. Also, the ballots have two cut-away pieces. The first one is cut off when the voting authority hands you the blank ballot. They keep it. The second one gets cut off just before you place the vote in the urn. They are physically placed one next to each other. They have printed symbols on them which must match up, or they don't let you place the ballot in the urn. This also prevents parties from printing and handing out pre-filled ballots.

  8. Re:The E-Voting is not really an E-Voting System by grc · · Score: 2

    Not entirely true. The system works by printing the ballot and writing the data to a chip on the ballot. When voting is over, all the chips are scanned and the results sent to a central location. The system allows the voter to both read what got printed on the ballot and scan the chip and see the results on-screen again.
    There is one machine per voting place (school) that is use to transfer the results from all the voting machines at that school to the central DB. The SSL keys from all of these machines where "found" at a machine controlled by Magic Software Argentina because it was misconfigured.
    Most of the source code for the voting machine was also posted anonymously on SourceForge some days ago. It wasn't the latest version according to MSA, but pretty new none the less.