The 2010 Elections Under Threat From Cyber Terrorists And Vulnerable Voting Machines! (Retitled, Updated)
This report cannot be taken lightly: the hacking, and defacement of a 5th government website:
Hackers of the Technical Education and Skills Development Authority (Tesda) Web site, however, took on a bolder approach by leaving a message that seemed to mock the upcoming automated elections.
“Ano ba gagamitin sa Election? Blade server? Juniper Firewall (what is going to be used in the elections? Blade server? Juniper firewall)?” the message read.
Before Tesda’s, hackers had also victimized the Web sites of the Department of Health (DOH), Department of Social Welfare and Development (DSWD), National Disaster Coordinating Council (NDCC), and Department of Labor and Employment (DOLE).
The hacked Tesda Web site also showed a black and white illustration of a man giving the “dirty finger” supposedly directed against several “abusive” military and police units.
A pair of bulging eyeballs also followed the pointer anywhere on the page, and background music was also set up on the site’s second web page to which it automatically transfers.
Aside from the derisive reference to the May elections, message of sympathy to a slain communist rebel and a potshot against an alleged abusive police officer also replaced the original contents of the site.
Deputy presidential spokesman Gary Olivar :
Of course we are concerned. This is not just a problem in our country, this is not just something that has happened just recently, it’s happening all over the country so this is certainly something that we are sensitive to as a matter of information policy within government,.
For the first time I agree with Mr. Olivar.
The aspiring geek that I am, this writer employs an off the shelf site and internet surfing protection suite and previous visits to the Malacanang site had identified it as an ‘unsafe site’ while also having firewalls protecting access to my own system and website.
Given the larger and certainly more critical roles of the government site, one wonders how the government’s own computer infrastructure is protected at all not just from hacking but cyber terrorism.
Don’t doubt it: the five attacks on the government websites are just test missions.
The hackers of the TESDA site did not only deface it. they dubious also made the site automatically jump into a second page, which featured a background music and job announcement supposedly from VenturesLink, one of the partners of Smartmatic-TIM in the automation of the elections
I’m sure Malacanang and COMELEC must now realize what’s up: a direct threat to the all-important servers for the automated election being made to crash resulting not just in failure in the transmission of mission-critical election data, the tallies plus back-end information.
Yes, that’s what we are looking at: the failure of elections.
Postscript and Update:
Hackers are not the only problem.
There’s a study that’s been done at Princeton University showing the vulnerability of automated voting machines.
The machine is a different brand to that being supplied to COMELEC but works and is configured in similar fashion:
Here’s the executive summary from the Princeton study:
Security Analysis of the Diebold AccuVote-TS Voting Machine:
Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten
For more information and the full text of this study, see http://citp.princeton.edu/voting.
The Diebold AccuVote-TS and its newer relative the AccuVote-TSx are together the most widely deployed electronic voting platform in the United States. In the November 2006 general election, these machines are scheduled to be used in 357 counties representing nearly 10% of registered voters. Approximately half these counties — including all of Maryland and Georgia — will employ the AccuVote-TS model. More than 33,000 of the TS machines are in service nationwide.
This paper reports on our study of an AccuVote-TS, which we obtained from a private party. We analyzed the machine’s hardware and software, performed experiments on it, and considered whether real election practices would leave it suitably secure. We found that the machine is vulnerable to a number of extremely serious attacks that undermine the accuracy and credibility of the vote counts it produces.
Computer scientists have generally been skeptical of voting systems of this type, Direct Recording Electronic (DRE), which are essentially general-purpose computers running specialized election software. Experience with computer systems of all kinds shows that it is exceedingly difficult to ensure the reliability and security of complex software or to detect and diagnose problems when they do occur. Yet DREs rely fundamentally on the correct and secure operation of complex software programs. Simply put, many computer scientists doubt that paperless DREs can be made reliable and secure, and they expect that any failures of such systems would likely go undetected.
Previous security studies of DREs affirm this skepticism, but to our knowledge ours is the first public study encompassing the hardware and software of a widely used DRE. The famous paper by Kohno, Stubblefield, Rubin, and Wallach studied a leaked version of the source code for parts of the Diebold AccuVote-TS software and found many design errors and vulnerabilities, which are generally confirmed by our study. Our study extends theirs by including the machine’s hardware and operational details, by finding and describing several new and serious vulnerabilities, and by building working demonstrations of several security attacks.
Main Findings The main findings of our study are:
1. Malicious software running on a single voting machine can steal votes with little if any risk of detection. The malicious software can modify all of the records, audit logs, and counters kept by the voting machine, so that even careful forensic examination of these records will find nothing amiss. We have constructed demonstration software that carries out this vote-stealing attack.
2. Anyone who has physical access to a voting machine, or to a memory card that will later be inserted into a machine, can install said malicious software using a simple method that takes as little as one minute. In practice, poll workers and others often have unsupervised access to the machines.
3. AccuVote-TS machines are susceptible to voting-machine viruses — computer viruses that can spread malicious software automatically and invisibly from machine to machine during normal pre- and post-election activity. We have constructed a demonstration virus that spreads in this way, installing our demonstration vote-stealing program on every machine it infects.
4. While some of these problems can be eliminated by improving Diebold’s software, others cannot be remedied without replacing the machines’ hardware. Changes to election procedures would also be required to ensure security.