Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Hack of the D.C. Internet Voting Pilot -- Explained

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
Home » Discuss » Topic Forums » Election Reform Donate to DU
 
Bill Bored Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Oct-05-10 11:22 PM
Original message
Hack of the D.C. Internet Voting Pilot -- Explained
Edited on Tue Oct-05-10 11:26 PM by Bill Bored
by J. Alex Halderman

-snip-

Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters’ secret ballots. In this post, I’ll describe what we did, how we did it, and what it means for Internet voting.

-snip-

A small vulnerability, big consequences

We found a vulnerability in the way the system processes uploaded ballots. We confirmed the problem using our own test installation of the web application, and found that we could gain the same access privileges as the server application program itself, including read and write access to the encrypted ballots and database.

The problem, which geeks classify as a “shell-injection vulnerability,” has to do with the ballot upload procedure. When a voter follows the instructions and uploads a completed ballot as a PDF file, the server saves it as a temporary file and encrypts it using a command-line tool called GnuPG. Internally, the server executes the command gpg with the name of this temporary file as a parameter: gpg (…) /tmp/stream,28957,0.pdf.

We realized that although the server replaces the filename with an automatically generated name (“stream,28957,0” in this example), it keeps whatever file extension the voter provided. Instead of a file ending in “.pdf,” we could upload a file with a name that ended in almost any string we wanted, and this string would become part of the command the server executed. By formatting the string in a particular way, we could cause the server to execute commands on our behalf. For example, the filename “ballot.$(sleep 10)pdf” would cause the server to pause for ten seconds (executing the “sleep 10” command) before responding. In effect, this vulnerability allowed us to remotely log in to the server as a privileged user.

-snip-


Read more at:
http://www.freedom-to-tinker.com/blog/jhalderm/hacking-dc-internet-voting-pilot
Refresh | +8 Recommendations Printer Friendly | Permalink | Reply | Top
Bill Bored Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Oct-05-10 11:37 PM
Response to Original message
1. What this means for Internet voting:
Edited on Tue Oct-05-10 11:38 PM by Bill Bored
From the same author:

"The specific vulnerability that we exploited is simple to fix, but it will be vastly more difficult to make the system secure. We’ve found a number of other problems in the system, and everything we’ve seen suggests that the design is brittle: one small mistake can completely compromise its security. I described above how a small error in file-extension handling left the system open to exploitation. If this particular problem had not existed, I’m confident that we would have found another way to attack the system.

"None of this will come as a surprise to Internet security experts, who are familiar with the many kinds of attacks that major web sites suffer from on a daily basis. It may someday be possible to build a secure method for submitting ballots over the Internet, but in the meantime, such systems should be presumed to be vulnerable based on the limitations of today’s security technology."
Printer Friendly | Permalink | Reply | Top
 
Stevepol Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Oct-06-10 03:55 AM
Response to Original message
2. I'm not a computer expert, but what's the difference really between
internet voting and voting on machines which are also subject to the same sort of hacking and vulnerabilitieis?

The machines are most easily rigged or maliciously programmed or the vote totals maliciously altered by insiders but experts probably could do the same thing if they had access to the machines at any point.

What am I missing?
Printer Friendly | Permalink | Reply | Top
 
demodonkey Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Oct-06-10 06:13 AM
Response to Reply #2
4. Very similar but it seems that internet voting is even MORE vulnerable and less traceable/auditable.
Edited on Wed Oct-06-10 06:14 AM by demodonkey

Internet voting has been described as 'DREs on steroids.'

Apparently the internet is wide open to a lot more attacks than so-called closed systems running in a county election office. Then, of course, with internet voting you are turning the private hardware and software of every voter using the system into a voting machine, along with whatever virus or malware it might contain.

Internet voting is very seductive to officials who see it as cheaper and easier for themselves.

Right now the vendors are pushing internet voting hard as a way to improve voting opportunities for far-flung military and the disabled; am sure that soon there will be a shift to touting it as "better" for all voters.

We must nip all this in the bud.
Printer Friendly | Permalink | Reply | Top
 
hootinholler Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Oct-06-10 07:09 AM
Response to Reply #2
5. In a word, access.
On the net you can slam the system repeatedly. With DREs you have one shot and you need physical access to a smart card.

Don't get me wrong IMO, neither are acceptable substitutes for ink and paper.

-Hoot
Printer Friendly | Permalink | Reply | Top
 
Bill Bored Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Oct-06-10 12:57 PM
Response to Reply #5
7. You don't necessarily need "physical access to a smart card." DREs and ballot scanners have PORTS!
These ports include Ethernet, RS-232 and USB. Any of these ports can be used to connect to anything (except a lever voting machine!) including the Internet.
Printer Friendly | Permalink | Reply | Top
 
hootinholler Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Oct-06-10 03:15 PM
Response to Reply #7
8. But you still need physical access to the DRE
To connect something to it.

-Hoot
Printer Friendly | Permalink | Reply | Top
 
Bill Bored Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Oct-07-10 12:28 AM
Response to Reply #8
9. But not for long. A few minutes would be long enough. nt
Printer Friendly | Permalink | Reply | Top
 
eridani Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Oct-06-10 04:54 AM
Response to Original message
3. Please send this to your county auditors and SecStates
I did, and if I get a response, I'll post it.
Printer Friendly | Permalink | Reply | Top
 
diva77 Donating Member (999 posts) Send PM | Profile | Ignore Wed Oct-06-10 11:41 AM
Response to Reply #3
6. I'd like to see someone ask the NASS to comment on this!!
:argh:

http://www.nass.org/
Printer Friendly | Permalink | Reply | Top
 
Wilms Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Oct-19-10 11:54 PM
Response to Original message
10. kick
Printer Friendly | Permalink | Reply | Top
 
Bill_Kelleher Donating Member (18 posts) Send PM | Profile | Ignore Thu Oct-21-10 06:08 PM
Response to Original message
11. POSITIVE NEWS FOR INTERNET VOTING

Friends!

Don’t despair over the DC hacking. Here is a short list of positive news for Internet voting:

Pasadena Star News, Two Sunday editions
“Are you ready for Internet voting? For millions of Americans overseas, it's the only way to ensure their votes are counted”
http://www.pasadenastarnews.com/opinions/ci_16357185

Also, RE: CA Prop 14 (nonpartisan elections) and the future of CA politics
http://www.pasadenastarnews.com/ci_16172903?IADID

Both articles have excellent debates in the comments.


Op Ed News
“Does the DC Fiasco Damn Internet Voting?”
http://www.opednews.com/articles/Does-the-DC-Fiasco-Damn-In-by-William-J-Kellehe-101015-957.html


SSRN
“Scary Stories Fail to Stop Internet Voting”

Abstract:
Rather than using the results of scientific testing, and probability calculation, opponents of Internet voting have commonly resorted to telling scary stories about what might happen. In 2004 this tactic had spectacular success. The Department of Defense had already spent over $22,000,000 on an Internet voting project. It was ready to be used in the 2004 November election, but well publicized scary stories had it halted.

Since that time, state election officials, the military, and DoD have regained their reason, and Internet voting is coming back.

At, http://ssrn.com/author=1053589 (free download)

William J. Kelleher, Ph.D.
Internetvoting@gmail.com
Printer Friendly | Permalink | Reply | Top
 
Bill Bored Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Oct-22-10 01:56 AM
Response to Reply #11
12. Spamming DU too? My, you must really be desperate to push Internet voting. Who R U working 4? nt
Printer Friendly | Permalink | Reply | Top
 
Bill_Kelleher Donating Member (18 posts) Send PM | Profile | Ignore Mon Oct-25-10 03:31 PM
Response to Reply #12
14. False Accusations, Uninformed Opinion
My message is simple: Internet voting can neutralize the power of Big Money over all US elections, and therefore over our government. Why not take just a moment to check out my article on OEN “Does the DC Fiasco Damn Internet Voting?”
http://www.opednews.com/articles/Does-the-DC-Fiasco-Damn-In-by-William-J-Kellehe-101015-957.html

and my recent comments at the Huffington Post: http://www.huffingtonpost.com/pearl-korn/citizens-united-an-assaul_b_772482.html

To learn even more, check this out:
Scary Stories Fail to Stop Internet Voting
http://ssrn.com/author=1053589

Nobody is giving me anything. I care about our democracy.
Printer Friendly | Permalink | Reply | Top
 
Bill_Kelleher Donating Member (18 posts) Send PM | Profile | Ignore Mon Oct-25-10 04:04 PM
Response to Reply #12
16. RE who is getting paid
The anonymous poster, WillYourVoteBCounted, is paid by the anti-Internet voting group, Verified Voting They have tons of money
Printer Friendly | Permalink | Reply | Top
 
emlev Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Oct-24-10 06:00 PM
Response to Original message
13. Halderman testimony at D.C. hearing
Wish more people were paying attention to this story!

http://www.bradblog.com/?p=8118">BRAD BLOG story
Note: This story includes links to video of the hearing.

http://www.bradblog.com/?page_id=8117">Transcript of hearing
Printer Friendly | Permalink | Reply | Top
 
Bill_Kelleher Donating Member (18 posts) Send PM | Profile | Ignore Mon Oct-25-10 03:32 PM
Response to Reply #13
15. More than one side to this story
check out my OEN article (above) for another view on this hearing
Printer Friendly | Permalink | Reply | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to add this author to your Ignore list Thu May 02nd 2024, 11:57 PM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Topic Forums » Election Reform Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC