The Details On How To Elect Futurama's Bender To Whatever Election Is Using Online Voting
from the bite-my-shiny-metal-ass dept
Back in October of 2010, we wrote about how some “hackers” had broken into a test of the Washington DC e-voting system, and had managed to have the system play the University of Michigan “fight song” every time people voted — University of Michigan being where the researchers (led by e-voting security expert J. Alex Halderman) were from. A day later, we discussed some more details of the hack, noting how just a tiny vulnerability could take down the integrity of the entire system.
It’s been a bit of time since then, but Halderman has released the academic paper they wrote about the experience, which is now getting some new attention, including the fact that, beyond playing the UMich fight song, they also installed their own slate of “fictional” candidates, including Bender from Futurama, who is presumably running on a Kill All Humans platform.
The full paper has some other interesting tidbits, as well, including the fact that they didn’t just hack into the e-voting machines… but also accessed the security cameras watching the e-voting servers, which were left open to public access. I’m not kidding.
These webcams may have been intended to increase security by allowing remote surveillance of the server room, but in practice, since they were unsecured, they had the potential to leak information that would be extremely useful to attackers. Malicious intruders viewing the cameras could learn which server architectures were deployed, identify individuals with access to the facility in order to mount social engineering attacks, and learn the pattern of security patrols in the server room. We used them to gauge whether the network administrators had discovered our attacks—when they did, their body language became noticeably more agitated.
Either way, the entire thing suggests just how insecure e-voting can be, and the paper suggests these are fundamental, systematic problems with any e-voting approach these days, rather than just a poor implementation.