[ale] hack challenge for electronic boting system

Transam bob at verysecurelinux.com
Mon Aug 25 20:47:03 EDT 2003 

On Sat, Aug 23, 2003 at 07:35:51AM -0400, Jim Philips wrote:
> The state of Georgia has decided to allow a Cumming programmer, Roxanne 
> Jekot, and her team a chance to hack into the states touch screen 
> electronic voting system. They took up the challenge after she 
> complained of the system's vulnerability in a forum. One of the system's 
> designers says he puts their chances of hacking undetected at "1 billion 
> to one". I was wondering why he hedged it with "undetected". Bob Toxen: 
> You betting on this one?

This is what is known as a "Penetration Test", or PenTest for short.

If the penetration attempt is successful then the system (computer,
network, etc.) has been proven insecure.  If there is no penetration
then nothing has been proven nor disproven.

A PenTest is worthless for proving a system secure, which is the goal
here.  Only a proper security audit can rule out many weaknesses.


In the case of the old punched card method, many people ensure the physical
security of the cards.  This prevents substitution.  The cards can be
recounted and re-inspected by all interested parties ad infinitum.  This
constitutes an audit trail, i.e., a way to verify that there was no
unauthorized alteration of the data.

While we all recall the Florida problems, it is important to accept that the
error rate was very small.  The only reason why it was an issue was because
the Presidential election was, I believe, the closest in history and
because some people failed to follow the instructions.

In the case of the machines, there is no audit trail.  A single change in the
secret Microsoft code could alter the casting of a hundred million votes
with no opportunity to detect this.  A simple unintentional bug could do
the same thing, again with no opportunity to detect it.  The computers used
to tabulate the votes at the county level could be hacked.  Since the
OS is Microsoft, it has been proven insecure in the extreme.

Nobody has the opportunity to watch the votes being counted because it
is just electronic signals.  With the punched cards, in an extreme
situation, each political party could run the cards through its own
equipment and validate the accuracy of the vote counting.  You may even
have noticed that each punched card had a serial number and that the
number on your stub (that you got to keep) matched what was put into
the "box".  Thus, votes and people even could be matched up after the
fact, if necessary, for people willing to provide their stubs.

> The story is here:

> http://www.ajc.com/metro/content/metro/0803/23voting.html

> I submitted it to Slashdot too. Don't know if they'll post it.

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list