Network News

X My Profile
View More Activity

Michigan prof explains how D.C. online voting system was hacked

UPDATED 8:50 P.M.

The University of Michigan computer science professor who led the team that successfully infiltrated an Internet voting trial held by the D.C. Board of Elections and Ethics has stepped forward to describe how he did it.

In a post to the "Freedom to Tinker" blog this morning, J. Alex Halderman explains that not long after the elections board started a test period last week, his team quickly "found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters' secret ballots."

The researchers, once inside, changed the ballots that had already been cast to select their preferred write-in candidates -- famous real and fictional computers, including HAL 900 of "2001: A Space Odyssey" and the Master Control Program from "Tron." They also installed a "back door" that allowed them to view votes that came in. And, yes, they left a "calling card" in the form of the Michigan fight song.

Halderman writes: "Stealthiness wasn't our main objective, and our demonstration had a much greater footprint inside the system than a real attack would need." Still, the hackers had access for two days before the intrusion was detected and the test was ended. They plan to submit a paper on the attack.

Paul Stenbjorn, the BOEE's chief technology officer, said Monday that the programming issue that allowed the Michigan team access was quickly identified and closed. But the board, he said, decided to scale back the Internet voting pilot, which was to go live for about 900 overseas voters this week, in an "abundance of caution."

Halderman writes that the problem they found isn't the issue so much as the problems that are yet to be found: "The specific vulnerability that we exploited is simple to fix, but it will be vastly more difficult to make the system secure. We've found a number of other problems in the system, and everything we've seen suggests that the design is brittle: one small mistake can completely compromise its security. .... If this particular problem had not existed, I'm confident that we would have found another way to attack the system."

UPDATE, 8:50 P.M.: Earlier today, Stenbjorn posted a full response to the hacking. An excerpt:

"Our public test [has] been hacked. Which you would think would have been an objectively bad thing for the BOEE. You'd think wrong. ... When Alex Halderman and his students successfully hacked the system, we learned many valuable lessons about the security issues with the file upload mechanisms used in this software. More importantly, however, we achieved a collaborative engagement with the computer science community that was working with elections officials in the early stages of developing a better model for future deployment. ... We will continue this project and hope this interaction will serve as a model for future releases. We will stand up new revisions and invite the computer science community not only to attempt to hack the system, but come develop it with us."

I spoke to Halderman earlier today. He said he's "concerned" that BOEE intends to continue with the project. "I don't think yet that they're approaching it with the appropriate seriousness," he said.

He added: "Voting over the Internet is just so far from a good idea using today's technology that it's a little bit startling to me that jurisdictions are seriously considering it."

By Mike DeBonis  | October 6, 2010; 11:20 AM ET
Categories:  DCision 2010, The District  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: DeMorning DeBonis: Oct. 6, 2010
Next: D.C. Council wanted too much at once, says top election official

Comments

Internet voting is a really dumb idea.

I think city officials just haven't tried hard enough to find another way to allow overseas absentee voting to happen in a timely manner.

This Internet voting effort should be stopped -- and doing so will save the city some money, as well, I'm sure!

Posted by: Kathy8 | October 7, 2010 6:05 PM | Report abuse

In other words, DC electoral politics, when viewed through the prism of computer technology:

To Grays and Browns and Oranges, and pols of every "hue",

It matters not who's "in the pink"; the tallies yield "Go Blue!"

Posted by: nan_lynn | October 7, 2010 8:51 PM | Report abuse

This article doesn't begin to describe how easily hacked DC's internet voting is.

Additionally, what DeBonis misses is the guy who *invented* the encryption technology being used by DC recommended in a letter to DC that they *not use this*.

But I guess the DC Council is smarter than experts in the field.

Don't be surprised when Marion Barry is the next mayor...

Go here:
http://slashdot.org

Posted by: Ombudsman1 | October 9, 2010 6:05 PM | Report abuse

Mr. Stenbjorn, the DC election IT director, shows incredible arrogance in his response to this hack and his dismissal of the opinions of computer security experts.

Not only did Dr. Halderman and his students hack this supposedly secure system, but Chinese and Iranian hackers were also working on breaking in. Mr. Stenbjorn et al asserted ahead of time that this voting system was secure, and they had planned on deploying it. Yet they carelessly left simple passwords in vulnerable places and committed other cardinal sins against computer security.

Do we really trust Mr. Stenbjorn and his friends to keep out elections secure?

In his response to the hack, Mr. Stenbjorn says "The burden of proof will always rest with the election officials to ensure integrity and transparency of all voting systems..."

Similarly, David Jefferson, computer security expert, says (as quoted by Stenbjorn) "After this there can be no doubt that the burden of proof in the argument over the security of Internet voting systems has definitely shifted to those who claim that the systems can be made secure.”


Both right!

So we must insist on proof of security *before* such systems are deployed. That is not what Mr. Stenbjorn did, nor is it the approach of many other election officials. They don't want to face the inherent insecurity of these systems, and would rather ignore the warnings of the computer security community, including that of Dr. Ron Rivest, MIT Professor and one of the originators of open cryptography. For these election officials, convenience trumps all, including the integrity of elections.

New internet voting systems should not even be put out for provisional voting before being thoroughly checked by truly expert group of computer security experts, such as Dr. Halderman.

I very much doubt that Mr. Stenbjorn did so before he set it up. I am sure he did not want to know the answer.

It is obvious from this incident that the computer security community is far more knowledgeable about such software than is Mr. Stenbjorn and his associates.

Mr. Stenbjorn should not be allowed to set up voting systems without an independent check by real computer security experts.

Posted by: resonator80 | October 11, 2010 10:51 AM | Report abuse

Post a Comment

We encourage users to analyze, comment on and even challenge washingtonpost.com's articles, blogs, reviews and multimedia features.

User reviews and comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions.




characters remaining

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company