Posted in Politics, Technology

31C3: Internet elections can be manipulated

31C3: Internet elections can be manipulated


More and more nations count on Internet voting, despite negative experiences with voting machines and warnings by security researchers. At the 31C3 (link: these are showing that the current technology has little to fend off attackers.

At the recent CCC congress in Hamburg Alex Haldermann of the University of Michigan reported about various problems in Internet voting – including in Estonia. The hackers were faced with two challenges: First, they could not as in previous tests investigate manipulable voting machines offline – and transform them, for example, into a Pacman machine. Secondly, interventions to ongoing online elections are sensitive. “As a security researcher you can not simply hack into a server during an election,” Halderman said. Too big is the risk that you would so sabotage a democratic election result.

But during a test run of a scheduled online election in Washington, the researchers were able to take control of the entire election data center and in this way to convince the authorities of the system imperfections. Because Estonia does not perform such tests, Haldermann’s team confines itself to an external analysis of the processes at the first independent study of Internet voting.

The electoral process in the Baltic States is complex: The the voter should remain anonymous to the online voting system and at the same time have the opportunity to verify the correctness of his vote. The Estonian officials have therefore chosen a digital two-envelope solution that is similar to the classic absentee ballot: A signature ensures that the vote actually comes from an electorate. The votes are counted but only if the votes are exempt from the personal signatures. The verification works via a mobile app that allows citizens to see their voting results again and to even change them. This is to prevent votes sale, but would also allow a Trojan which was foisted to a citizen to change the vote afterwards.

Blabbed password

Haldermann’s team found several key weaknesses in the system: for instance the counting computer is giving merely the result of the election and does not sufficiently document, how it came about. Although the responsible parties have taken many security measures to protect the counting computer, but according to Haldermann these hardly withstand a serious attack of an state aggressor.

Thus, the security researchers discovered plenty of evidence of inadequate operational safety in the YouTube channel of the election officials of Estonia. Gaps are lurking in both the clients and the servers: so the central (or key) signatures were created on an obviously privately used computer, and in the videos you can see the access codes of the wireless network of the developers, and one video even shows the key to the server room sufficiently sharp to be able create a duplicate. During a vodka-soaked night a responsible was said to even even betray a key password.

But state organizations such as NSA might also try to compromise the counting maschine – either on the way from the manufacturer or by manipulated download images for the operating system. References to such concepts Edward Snowden delivered it was said.

Inconsistent code

The Baltic model is waking up desires in other states. So the cryptologist Tor Bjørstad in Hamburg reported about the online choice experiment in Norway. The Scandinavians had built a similar system as in Estonia in some constituencies for the parliamentary elections in 2013. They avoided some of the pitfalls of the model: So there were two different counting systems, which should ensure the correctness of the result. Despite long preparation, the project however failed to arouse the interest of technical experts. So Bjørstad was commissioned to examine more than 200,000 lines of JavaScript code for vulnerabilities almost single-handedly. A hopeless venture: “The code looked like typical enterprise applications,” the cryptologist summarizes. So encryption functions had been implemented twice, the code was not consistent. Five days before the election, a bug was discovered in the encryption system – still the voting could not be performed. Despite the apparently successful test run, the experiment is finished: The 2013 newly elected government had no interest in continuing the project of their predecessors. (Thorsten Kleinz)



I live in Germany.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s