Slashdot Mirror

← Back to Stories (view on slashdot.org)

Swiss E-voting Trial Offers $150,000 in Bug Bounties To Hackers (theverge.com)

Posted by msmash on from the open-challenge dept.

The Swiss government is offering bug bounties of up to CHF 50,000 (around $50,000) to anyone who can expose vulnerabilities in its internet-based e-voting system in a test later this month. From a report: In total, 150,000 CHF (around $150,000) will be up for grabs for any white hat hackers who register for the "Public Intrusion Test" (PIT). The Swiss Post system will be open for a dummy election between February 24th and March 24th, the length of a typical Swiss federal vote, during which time any registered "white hat" hackers will be free to discover and report vulnerabilities.

This PIT comes as the Swiss government is planning to expand its e-voting capabilities by October 2019 to two thirds of the 26 cantons that make up the Swiss Confederation. The country has conducted more than 300 trials of e-voting systems over the past 14 years, but current rules limit the amount of electronic votes to 10 percent of the total for referendums and 30 percent for constitutional amendments. However, the expansion plans have been met by opposition by politicians who claim current e-voting systems are insecure, expensive, and prone to manipulation.

17 of 33 comments (clear)

  1. Missing the point, as usual by JaredOfEuropa · · Score: 3, Interesting

    opposition by politicians who claim current e-voting systems are insecure, expensive, and prone to manipulation

    How about intransparent? Manipulation isn't the issue, the problem is that there's no way for laymen to verify that no manipulation has taken place. A transparent voting and tally system like paper ballot allows for audits "for the people, by the people". To audit an e-voting system, you need experts.

    --
    If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    1. Re:Missing the point, as usual by Anonymous Coward · · Score: 1

      FIRST, prove no one can get into the systems from the outside to hack the election
      THEN prove the output is easily verifiable.

      Number 1 bounty: Are any of these machines connected to any network OF ANY KIND. If you can see it from the internet the vote is suspect.

    2. Re:Missing the point, as usual by OrangeTide · · Score: 1

      the problem is that there's no way for laymen to verify that no manipulation has taken place.

      Laypeople aren't of much interest to governments.

      --
      “Common sense is not so common.” — Voltaire
    3. Re:Missing the point, as usual by Kokuyo · · Score: 1

      While we contend with that issue as well, don't forget that this is a direct democracy.

    4. Re:Missing the point, as usual by frank_adrian314159 · · Score: 1

      How about intransparent?

      How about opaque?

      --
      That is all.
    5. Re:Missing the point, as usual by dzelenka · · Score: 1

      Mod the parent up!

      E-voting is susceptible to fraud on a grand scale.

      --
      Bah!
    6. Re:Missing the point, as usual by OrangeTide · · Score: 1

      I though we learned in the 20th century that propaganda can easily subvert direct democracy?

      --
      “Common sense is not so common.” — Voltaire
  2. Lol by Anonymous Coward · · Score: 1

    Here in the US candidates can spend over $1 billion on winning an election. You think if a hacker could change the outcome of a countries election they would reveal that exploit for $150,000?

  3. Re:Enough money by Bradmont · · Score: 1

    More importantly, the researchers could sell any significant vulnerability for waaaay more than $150,000....

  4. Re:Enough money by Immerman · · Score: 1

    Which is why they're putting out a call for white-hat hackers. Not everybody is motivated primarily by money, but the combination of attacking government-grade security, helping to preserve democracy in the face of a move to electronic voting, and a chance to win a tidy sum as well, will likely interest a lot of ethical hackers.

    --
    --- Most topics have many sides worth arguing, allow me to take one opposite you.
  5. Laymen? by Actually,+I+do+RTFA · · Score: 1

    No way for laymen to verify? Hell, I'm not sure how anyone could verify it. Short of taking the devices apart under electron microscopes and seeing changes in the hardware as a result of voting, I'm not even sure how anyone could.

    --
    Your ad here. Ask me how!
  6. Only $150,000? by Volatile_Memory · · Score: 1

    Russia, China, Israel, the US, and some cool cats on the dark web are offering more. Just gotta know who to ask.

    --

    /**
    I have a "Zero Policy" tolerance.
    */

  7. Absent voting is always open to manipulation by HuskyDog · · Score: 2

    The basic problem with internet voting is exactly the same as all other forms of "voter absent" polling such as postal voting and that is how to ensure that the voter hasn't been threatened or bribed. You can make the actual mechanism as secure as you like with bug bounties and such like, but there will still be many thousands of women who will sit at the family computer whilst their husband says "Vote for that guy or I'll punch you again like I did last night" (just an example - many other permutations of abusive relationships are available!).

    I agree that there are some steps which can be taken to reduce this problem (e.g. allowing people to vote multiple times and only counting the last one), but these don't seem to properly address the fundamental problem.

  8. light version by hermi · · Score: 1

    They exclude a lot of things from the test, like social engineering or dns spoofing etc.
    It's most likely a publicity stunt that "hackers tried to hack our system!11!one" instead of an actual "real" audit / pen test.

  9. voting secrecy by 4im · · Score: 1

    A vote is also supposed to be secret.

    If you're in a booth, with other people around (voting officers and other members of the public), you'll be able to vote on your own without interference, secretly. Taking a picture of your filled-out voting bulletin as some sort of proof is a no-go (punishable in many places).

    What if you're wherever, voting electronically - who's to say you won't be coerced (e.g. by a violent spouse) to vote in a certain way? Who's to say it's even you who's voting, not somebody else who's taken your credentials from you (say, personnel from a caring facility voting in place of the elderly)?

    Voting by correspondence falls largely into the same categories, it should be kept to a minimum, not extended, for the reasons above.

  10. Comment by WallyL · · Score: 1

    And opponents of the Swiss government (whether domestic or foreign) are offering $15,000,000 in Bug Bounties To Hackers!

  11. DO YOU NEED A HACKER? by AlbertHacks · · Score: 1

    I’m Albert a hacker who has built a very good reputation and undeniably one of the best hackers you can come across.i have got access to hack into any account and also get to generate passwords for accounts like Facebook,Instagram,Twitter,gmail,yahoo mail,whats-app,we-chat,etc.Retrieving hacked social media accounts,clearing criminal records,increase credit scores,CC hack,hack bank accounts for transfers and credit card top ups,application hacking.We do custom software and web development in php, java, asp.net etc.hacking computer systems,Website hack,Catch hacker scammers,Phishing emails, that's to mention a few.You can contact me on. Email ... Theredhackergroup@gmail.com Whatsapp...+17867089974 or TEXT:571 318 9498 Best Online hacker with 100% guarantee and money back return policy for 48hours.