Don’t blame me, I voted for Zoidberg

You knew this day was coming:

Hacked DC School Board E-Voting Elects Bender President . . .

Within hours of examining the Ruby on Rails software build that constituted the voting system, Halderman’s team discovered a shell injection vulnerability, allowing them to alter an images directory on the compromised server as well as change outputs, and had guessed the admin login for the terminal server (hint: both the name and password were ADMIN).

From there, the team found vulnerabilities in the system controlling the server farm’s security camera’s, which allowed them to time attacks when nobody was around to notice the extra activity. Best of all, the team found a PDF containing authentication codes for every DC voter—you know, the ones voters use to prevent electoral fraud and prove their identities.

With this data, the team was able to change every ballot to a vote, not for any of the actual candidates, but a write-in for a fictional IT entity with Bender edging out Skynet in his political debut. Their control was so complete that even if new ballots were generated, they too would vote Bender.

Electronic voting is simply a bad idea.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: