from the bite-my-shiny-metal-ass dept
It's been a bit of time since then, but Halderman has released the academic paper they wrote about the experience, which is now getting some new attention, including the fact that, beyond playing the UMich fight song, they also installed their own slate of "fictional" candidates, including Bender from Futurama, who is presumably running on a Kill All Humans platform.
The full paper has some other interesting tidbits, as well, including the fact that they didn't just hack into the e-voting machines... but also accessed the security cameras watching the e-voting servers, which were left open to public access. I'm not kidding.
These webcams may have been intended to increase security by allowing remote surveillance of the server room, but in practice, since they were unsecured, they had the potential to leak information that would be extremely useful to attackers. Malicious intruders viewing the cameras could learn which server architectures were deployed, identify individuals with access to the facility in order to mount social engineering attacks, and learn the pattern of security patrols in the server room. We used them to gauge whether the network administrators had discovered our attacks—when they did, their body language became noticeably more agitated.Either way, the entire thing suggests just how insecure e-voting can be, and the paper suggests these are fundamental, systematic problems with any e-voting approach these days, rather than just a poor implementation.