By Brad Friedman - BradBlog
A University of Michigan computer scientist and his team were not the only ones attempting to hack the Internet Vote scheme that Washington D.C. had planned to roll out for actual use with military and overseas voters in this November's mid-term election.
According to testimony given to a D.C. City Council committee last Friday by J. Alex Halderman, asst. professor of electrical engineering and computer science at University of Michigan, hackers from Iran and China were also attempting to access the very same network infrastructure, even as his own team of students had successfully done so, taking over the entirety of the Internet Voting system which had been opened for a first-of-its-kind live test.
[See our report last week on details of what had already been disclosed about Halderman's startling hack prior to last Friday's hearing.]
"While we were in control of these systems we observed other attack attempts originating from computers in Iran and China," Halderman testified. "These attackers were attempting to guess the same master password that we did. And since it was only four letters long, they would likely have soon succeeded."
In his stunning public testimony --- before a single member of the D.C. Board of Ethics and Elections (BoEE), and a nearly empty chamber --- Halderman explained how the team had, by the time they discovered their fellow intruders, already gained complete control of the system, it's encryption key and its passwords. The system was developed as part of an Internet Voting pilot program with the Open Source Digital Voting Foundation.
As The BRAD BLOG reported last week, Halderman's team was able to take over the system within 36 hours after it had gone live for testing. After having "found and exploited a vulnerability that gave [them] almost total control of the server software," his team was able to steal the encryption key needed to decode "secret" ballots; overwrite every single ballot cast on the test system; change the votes on those ballots to write-in candidates; discover who had already been voted for and the identities of the voters; install a script that would automatically change all votes cast in the future on the same system; install a backdoor to allow them to come back later; and then leave a "calling card" --- the University of Michigan fight song --- which was programmed to play in the voter's browser 15 seconds after each Internet ballot had been cast.
Read Full Article Here...
Our IP Address: