With another election season on its way, everyone’s a little extra concerned about what the potential candidates have to say. Elections are one of the few things in life we really have a say in, whether or not our candidate wins. It’s only natural that we’re invested in how those votes get tallied. The fate of the country for at least four years rests in an honest tally of who people want to become president. That’s why many have been looking for unriggable ways to collect and count votes. Electronic systems are far from unhackable, so back in 2010 the Washington DC election board issued a challenge along with its announcement that it would be setting up an e-voting system for absentee ballots. The challenge: hack it.

 

 

 

 

Unable to resist the completely legal challenge Professor Alex Halderman and some students from the University of Michigan took on the task. According to The Register:

“They figured out a way of writing directly to the images directory on the compromised server – and then encrypting the traffic so that the front-end intrusion detection system did not spot the intrusion. The team also managed to guess the login details for the terminal server used by the voting system. This wasn't exactly difficult, since the user name and password were both "admin".”

Once in, they spotted a ton of weak points. They were able to find authentication codes for every registered DC voter and exposed a security problem with surveillance cameras, making it easy for them to mess with the server when staff wasn’t around.

The team then changed all the votes in the system. No voter was left with the real vote they had made. Fictional IT systems such as Skynet became the new candidates. In fact, Bender Bending Rodriguez came out the clear victor. Yes, that Bender. The robot that runs on alcohol is from Futurama, a comedy known for it's cool take on the future and coming back from the dead. After making sure that any future ballots would come under their control, the team simply left the word "owned" on the final signoff screen, played with the University of Michigan's football fight song. It took two days for anyone to realize they'd been hacked spectacularly. The stark realization that our voting systems may not be up to par couldn't have been dropped in a more humorous way. Our hats off the Prof. Halderman and his hackers.

 

[Via Geekologie and The Register ]