Hackers hijacked internet voting system in Washington DC
October 9, 2010 Leave a comment
Earlier this week, the internet voting system designed to allow Washington, D.C. residents to cast absentee ballots was put on hold after computer scientists exploited vulnerabilities that would have allowed them to rig elections and view secret data.
The system, which was paid for in part by a $300,000 federal grant, was hijacked just 36 hours after Washington DC elections officials began testing it ahead of live elections scheduled for next month. Scientists from the University of Michigan pulled off the hack to demonstrate the inherent insecurity of net-based voting.
“None of this will come as a surprise to internet security experts, who are familiar with the many kinds of attacks that major websites suffer from on a daily basis,” one of the scientists, J. Alex Halderman, wrote on the Freedom to Tinker blog. “It may someday be possible to build a secure method for submitting ballots over the internet, but in the meantime, such systems should be presumed to be vulnerable based on the limitations of today’s security technology.”
The pilot system, which was built on open-source software, was deployed a week ago Tuesday, and just 36 hours later, the team was able to take full control of it. Even though their attack caused computers that were used to cast votes to play their alma mater’s fight song, it took elections officials until Friday to suspend the site.
It has since been reinstated, but residents can use it only to download ballots that they can print and return by postal mail. Internet voting has been suspended.
Feel free to follow me on Facebook