Forgot your password?
typodupeerror
Hardware Hacking Security Build Hardware Politics

Contest To Hack Brazilian Voting Machines 101

Posted by Soulskill
from the hack-the-vote dept.
An anonymous reader writes "Brazilian elections went electronic many years ago, with very fast results but a few complaints from losers, of course. Next month, 10 teams that accepted the challenge will have access to hardware and software (Google translation; original in Portuguese) for the amount of time they requested (from one hour to four days). Some will try to break the vote's secrecy and some will try to throw in malicious code to change the entered votes without leaving traces."
This discussion has been archived. No new comments can be posted.

Contest To Hack Brazilian Voting Machines

Comments Filter:
  • by Tellarin (444097) on Saturday October 31, 2009 @12:18AM (#29932115) Homepage Journal

    for those who do not RTFA.

    The teams can bring any software or equipment they want to try and break the machines' security.

    And there is even a bounty of a little more than USD$2000,00 paid by the government to the team that gets closer to the goal.

  • Hack the judges (Score:5, Insightful)

    by noidentity (188756) on Saturday October 31, 2009 @12:32AM (#29932177)
    The simplest way to win this is to hack the judging process so that your team is announced the winner, with a false claim that you hacked one of the machines.
    • The simplest way to win this is to hack the judging process so that your team is voted the winner

      T, FTFY.

      • Re: (Score:2, Insightful)

        by noidentity (188756)
        No, my point was that you don't have to hack any voting machines (the apparent activity involved in this contest). You just need to hack the people managing it so that they announce you as the winner, and describe how you (fictitiously) hacked a voting machine.
        • And I knew your point. I was just joking. If you didn't like the joke, just say you didn't.

          By the way, I don't like it, either ;)

          • And I knew your point. I was just joking. If you didn't like the joke, just say you didn't.

            OK. I kind of got the joke, that you'd hack the voting machines the judges use, rather than the machines you were given. And your username is cute. Maybe there's someone named tarred_gzip (which would be an odd thing to do).

            • by cheftw (996831)

              I tar up everything on my system, you insensitive clod.

              It may not have the best compression ratio but damn is it fast to decompress.

        • by ais523 (1172701)
          You could hack a real election the same way. Don't hack the voting system, just the people who announce the results.
    • Re: (Score:3, Insightful)

      by T Murphy (1054674)
      Any voting system will have risk due to human judges- this test will hopefully prove that electronic voting (on Brazilian machines) has no additional openings. If this works for Brazil, American companies have no excuse not to let us do the same to their machines (not that it will likely happen anyways). In any case this sounds great and I wish more governments would do things like this to prove trustworthiness rather than expect everyone to trust the government baselessly.
  • by Flyer434 (581876)
    That is a lot of voting machines...
    • by Asmor (775910) on Saturday October 31, 2009 @01:07AM (#29932305) Homepage

      A senior aide goes up to President Bush. "Sir," he begins, "we just heard that two Brazilian men were killed in an attack in Iraq."

      Bush is visibly shaken, he hangs his head and covers his mouth with his palm. After a few moments, he asks in a solemn tone, "How many is a Brazilian, again?"

  • by Anonymous Coward

    Seriously one of the ten teams who figured they could hack a 'brazilian' voting machines in 'one hour', kudos.

  • by timmarhy (659436) on Saturday October 31, 2009 @01:03AM (#29932285)
    I've never understood how, on a technical level, electronic voting has failed so hard in many countries. write a simple app that writes the vote to a flat text file, then reads the recorded result back to the voter for them to confirm, and store a hash of the result seperately. encrypt all the drives, lock down the hardware in each location with steel boxes and armed gaurds if needed.

    transport the results out of the voting location with the votes and hashs seperately and count then use the hash to verify that the count wasn't tampered with in transit etc.

    • Re: (Score:3, Insightful)

      by Ihmhi (1206036)

      If it was that foolproof, it would be difficult for the people in power to tamper with it if they ever wanted to.

    • by wizardforce (1005805) on Saturday October 31, 2009 @01:14AM (#29932329) Journal

      The simplist explanation is that corruption is the problem not the technical aspects of these voting machines. These errors wouldn't be tolerated with ATM machines because the public seems to care a lot more if their bank account is fraked with but not so much their vote for some reason... That's the only real way to clean up the corruption; get the public to put real pressure on the entities involved in the voting process.

      • Re: (Score:3, Insightful)

        by TubeSteak (669689)

        These errors wouldn't be tolerated with ATM machines because the public seems to care a lot more if their bank account is fraked with but not so much their vote for some reason...

        [Citation Needed]

        Are you thinking of the same ATMs that I am?
        Many ATMs are Windows running on commodity hardware.
        I've seen a few whose entire functionality is a java applet sitting on the desktop.

        I can't dispute your assertion that "the public seems to care,"
        but I will dispute your claim that "these errors wouldn't be tolerated".
        I dispute the claim because we don't know.
        ATM mfgs & banks don't report to anyone.

        There are no statistics to prove or disprove the security of ATMs.
        There are no standards for co

        • Re: (Score:3, Insightful)

          by wizardforce (1005805)

          Most of the problems with ATMs that I've heard of involve hacking into the system, and utilising social engineering attacks. Electronic voting machines have had problems that go far beyong those:
          *social engineering attacks
          *weak physical security to the point of being able to access the machines' innards with a hotel key
          *federally illegal code used on sequoia voting machines leaked to the public
          *errors in tabulating votes sometimes in the thousands
          There are more but I think I've already made my point. The

        • by keeboo (724305)

          These errors wouldn't be tolerated with ATM machines because the public seems to care a lot more if their bank account is fraked with but not so much their vote for some reason...

          [Citation Needed]

          Are you thinking of the same ATMs that I am? Many ATMs are Windows running on commodity hardware. I've seen a few whose entire functionality is a java applet sitting on the desktop.

          I can't dispute your assertion that "the public seems to care," but I will dispute your claim that "these errors wouldn't be tolerated". I dispute the claim because we don't know. ATM mfgs & banks don't report to anyone.

          There are no statistics to prove or disprove the security of ATMs.

          I don't know how it works in other countries, but if you consider the Banco do Brasil [bb.com.br], the biggest bank in Latin America:
          The ATMs currently run a custom (in-house-compiled) version of OS/2.
          The bank is switching to a custom version of Linux (the userland code, naturally, is developed by themselves aswell).

          About the banking system, in Brazil all the financial transactions from all banks are reported to the Banco Central do Brasil [bcb.gov.br] (Central Bank of Brazil) and the data is cross-checked.

      • Re: (Score:3, Insightful)

        by fgouget (925644)

        These errors wouldn't be tolerated with ATM machines because the public seems to care a lot more if their bank account is fraked with but not so much their vote for some reason...

        When an ATM machine makes a mistake they very quickly see the result of it on their bank statement. So yes, they then get upset.

        When a voting machine makes a mistake, someone still gets elected with no one the wiser (unless the error was huge like more votes than voters). So since nobody knows the machines made a mistake (or were hacked) nobody cares or is upset.

      • by drsquare (530038)

        ATMs aren't secret ballots. You know what money comes out, and you see your bank statement afterwards. With any electronic device, you have no idea what happens to your vote. Even a small alteration in the chip or a couple of characters in the code could change everything, and no-one would know about it.

        Paper ballots placed into clear boxes is the simplest and best way.

    • by pengin9 (1595865)
      The problem is of course that people don't trust that the code will work. I get asked all the time, "how do you know it will work" because I freaking wrote it to work. Humans may have issues counting, but computers got that down pretty well. I think we can trust them to do a simple calculation.
      • by tqk (413719)

        That sounds like something Diebold/Sequoia would say. "Trust me. I know what I'm doing!"

      • Whatever the potential problems I still believe it works better than the traditional voting system. If not, people should be questioning the widespread use of web banking or software in airplanes too. I'm not saying I don't think those are as secure as it gets(more than humans anyway), but the interesting point is that it seems to interest some of those with power that voting machines keep being unreasonably untrusted while some other more complex systems not.
    • Re: (Score:3, Insightful)

      Verifiability. And that is almost impossible if you don't provide a printout. All the solutions that provide a printout could succeed though, for example Bingo voting [bingovoting.de] or Punchscan [punchscan.org].
      So far companies such as Diebold sell "we know this is 100% secure, trust us" and that seems to be what sufficed for the people choosing a product. Cost, loss of democracy and provable security haven't been a criterion it seems.

      • by pwilli (1102893)
        Exactly. With paper votes, you can be sure that whatever you've written on the ballot doesn't change in the time between putting it in the voting box and the opening of said box by the people who count the votes and record the results at the end of the day.

        This timespan is the most critical, because manipulation can be done without leaving traces. And this is where you would have to trust a black box more than a piece of paper. Tough call.
        • by mpe (36238)
          With paper votes, you can be sure that whatever you've written on the ballot doesn't change in the time between putting it in the voting box and the opening of said box by the people who count the votes and record the results at the end of the day.

          Assuming that the appropriate security is in place. If this isn't the case then putting them in place is likely to be a far better idea compared with buying lots of expensive machines.
      • by timmarhy (659436)
        i don't think you need a print out to take with you - after all what exactly is it achieving? it won't be used in a recount. if it's deposited like a normal ballot you've achieved nothing. you certainly won't keep it and check that your vote has been recorded later on, since it's supposed to be a secret ballot remmeber, you don't want your name against how you voted.
        • Without a printout you can never verify if the system counted you correctly. Read up on the links I gave on how this still keeps your vote secret.

    • by TheLink (130905) on Saturday October 31, 2009 @01:58AM (#29932471) Journal

      Actually the puzzling thing to me is why is electronic voting so "popular". Why do the people in charge keep promoting it?

      Most electronic voting systems are bad at a very important requirement:

      Convincing the loser (and enough of his supporters) that he lost.

      The system doesn't just have to work correctly, it has to be accepted as working correctly (enough).

      With various fancy cryptography and systems it is possible to have an electronic system that is anonymous, verifiable and reasonably secure (see: http://www.youtube.com/watch?v=ZDnShu5V99s [youtube.com] for ideas on how this could be done), but as far as I can tell, they're not going for such systems.

      So why not just stick with paper ballots in a process where almost everything is done in the open? That way the eventual loser's representatives, 3rd party observers, various other people can observe every count of each vote. It's simple enough to understand. While postal votes can still be used to rig stuff, most electronic voting systems are also vulnerable to that same problem.

      That paper based system may take a bit more time, but it scales reasonably well - the more voters there are, the more volunteers there should be for counting. I'm assuming that it's not a case where too many of the citizens either can't count or are too lazy to do so.

      • Re: (Score:3, Insightful)

        by TubeSteak (669689)

        Actually the puzzling thing to me is why is electronic voting so "popular". Why do the people in charge keep promoting it?

        Here are the problems that e-voting solves:
        Handicap accessibility
        ballot complexity
        hanging chads/questionable pencil marks

        Electronic voting in its current form resolves these problems.
        Unfortunately, in its current form, it introduces serious problems in verifying the vote.

        • by amorsen (7485)

          Electronic voting only solves the first of those problems. For the other two it turns detectable failures into (probably fewer) undetectable failures.

          • Re: (Score:1, Interesting)

            by Anonymous Coward

            I have a solution for all those problems. If you can't operate a ballot, punch out a chad, or understand a touch screen, FUCK OFF. I don't want to know what you voted for, because you are an incompetent moron. The best argument against democracy is a 5 minute conversation with the average voter.

            The bottom line is simple. Creating a perfect electronic voting system is TRIVIAL. The only reason it hasn't been done is because it doesn't benefit any of the people who could make it happen. In a worl

        • by mpe (36238)
          Here are the problems that e-voting solves: Handicap accessibility

          Handicap is a generic term covering many things. If someone has difficulty getting to the polling station (because they are in a wheelchair, agrophobic, etc.) what they may find there isn't really the issue. Someone who cannot use their hands may well find a touchscreen just as unusable as pencil and paper. The simple alternative is for the handicapped voter to appoint someone (they trust) to either help them or at as their proxy/attorney
        • by kvezach (1199717)
          So, turn the electronic machine into an Expensive Pencil (i.e. touchscreen plus printer). The printout is the ballot, and the voter can manually inspect it before putting it in the ballot box.
      • Re: (Score:3, Informative)

        by value_added (719364)

        Actually the puzzling thing to me is why is electronic voting so "popular". Why do the people in charge keep promoting it?

        Seriously?

        Can't speak to Brazil specifically, but the "popularity" of electronic voting, or more correctly, the push to use electronic voting systems to deal with the problems of manual methods, can be summed in two words: hanging chad [wikipedia.org].

        Those two words, in turn, gave rise to another infamous two words: Bush v. Gore [wikipedia.org].

        The aftermath, described here [wikipedia.org], included the passage of the Help America V [wikipedia.org]

        • Re: (Score:3, Insightful)

          by mpe (36238)
          Can't speak to Brazil specifically, but the "popularity" of electronic voting, or more correctly, the push to use electronic voting systems to deal with the problems of manual methods, can be summed in two words: hanging chad.

          Thing is that the "hanging chad" issue is related to a mechanical, quite possibly in parts electronic, system anyway. Using Hollerith cards as ballot papers can only be described as a "hack" in the first place. If anything the underlaying problem is too much (inappropriate) technolog
        • by Velex (120469)

          the push to use electronic voting systems to deal with the problems of manual methods, can be summed in two words: hanging chad.

          I can't stand this false dilemma. I rather prefer a certain optical scanner method. There are several pairs of triangles, one pair for each candidate. You take a black, permanent marker (not a No. 2 pencil, mind you) and connect the pair of triangles next to the candidate you want. It doesn't get simpler. The optical scanner provides a real-time tally, and the votes are trivially recounted.

          Now, granted, there will always be people who screw it up. If you figured out how to solve PEBKAC, let me know

      • I don't care if you have a provably correct system (in the sense of a formal mathematical proof AND a code audit AND a hardware audit) because I cannot verify that that is the system I am indeed interacting with! On the other hand with paper and pencil I can easily verify that my vote was recorded correctly (did I make an X in the circle I wanted? .. yup.) and I can also EASILY verify that the vote is counted correctly (anyone is legally allowed to watch the count including people not affiliated with politi
        • Exactly. I have a PhD in computer science and a lot of experience debugging other peoples' code. If you gave me the source code to an electronic voting system, I could not be more than 50% sure that I had found all of the potential ways of exploiting it. Even if I do manage to convince myself that it is bug free, which might be possible if it were developed using formal methods, then I still have no way of verifying that the software that I audited is the software I am using to vote. More than 99% of th

      • But applying the same logic, we should go back to manual in a whole lot of other areas where things are nowadays totally automated.
      • Re: (Score:3, Insightful)

        by mpe (36238)
        Actually the puzzling thing to me is why is electronic voting so "popular". Why do the people in charge keep promoting it?

        Most likely it's simply an issue of "follow the money".

        So whyion not just stick with paper ballots in a process where almost everything is done in the open? That way the eventual loser's representatives, 3rd party observers, various other people can observe every count of each vote. It's simple enough to understand. While postal votes can still be used to rig stuff, most electronic
      • by XCondE (615309)

        Just add a paper trail to the electronic system.

        Once the results are disclosed the sore losers can count the vote themselves (just don't leave them alone in the room with the print-outs)

    • by geantvert (996616)

      A huge problems with the flat log file is that it breaks the secrecy. If you know the order of the voters you can easily figure out who voted what.

      A better solution could be to print or select a ballot paper and have it sent into a ballot box after visual verification by the voter.

    • Re: (Score:3, Insightful)

      by fgouget (925644)

      write a simple app that writes the vote to a flat text file,

      Thus writing the votes sequentially. If you independently record the order in which people vote (audio recorder in your pocket), then you can pretty easily know how each of them voted. See, you've failed at preserving voter privacy already. Preserving it requires randomizing the order of the votes in some way, which is not very practical with a flat text file.

      pretends to then read the recorded result back to the voter for them to confirm,

      Fixed that for you. What's written in the file does not have to match what's recorded in the file and the voter will never be able to prove anything.

  • What if the machines "pass" this contest?

    A real attack would likely involve more than a few days of effort, and might well have access to inside information not available to the red teams in the contest.

    If nobody breaks in, that will prove very little about the security of the machines.

    • The outcome of this contest doesn't prove much really. But as I heard their development is solid, just like bank websites or airplane softwares.
    • Re: (Score:1, Insightful)

      by Anonymous Coward

      Shush. Making the system appear secure is the point of the contest. Not finding a flaw does not mean there is no flaw, or we would all ship flawless systems. The purpose of hacking contests is therefore marketing and marketing alone.

  • by SeaFox (739806) on Saturday October 31, 2009 @02:34AM (#29932581)

    I like this idea. Voting systems corporations claim their solution is accurate and secure, let them put their money where their mouth is and let people try and crack it. If their machine's security depends on nobody being allowed to even try then it's all theater.

    • Re: (Score:3, Insightful)

      And you couldn't say that there is a much more worthy target for both white and grey hats. From crashing computer networks, hacking goes on to secure the logical foundation of democracy; voting.

      With some luck they will devestate the voting machines and companies, and create public uproar in the process. Civilization progresses when people care.

    • Re: (Score:2, Insightful)

      by fgouget (925644)

      I like this idea. Voting systems corporations claim their solution is accurate and secure, let them put their money where their mouth is and let people try and crack it.

      All it will prove is that these machines are hard to hack for outsiders. But the number one threat is that of insiders; mainly the government in place (who has most to lose in an election) and corrupt programmers at the company making the voting computers.

    • by seifried (12921)
      How do I verify that what I am auditing is actually what is used on election day? Oh yeah, I can't really. Oops.
      • by marcobat (1178909)
        to verify it, you successfully hack it but don't claim the prize ... Then you try again at election time :-)
  • by jsveiga (465473) on Saturday October 31, 2009 @11:03AM (#29934661)

    - You OUGHT to vote if you are a Brazilian citizen between 18 and 70, and is not illiterate. You get in a lot of trouble if you don't.
    - You don't register for avery election; you have a "voting ID" valid for every public election.
    - You have to vote in a specific designated place (noted in your "voting ID"), generally the closest voting section from the address you provided when getting your "voting ID". If you are away, you have to justify the absence (preferably on a mail office, at the election day)
    - Election happens in one day, throughout the country (there may be 2-phase elections, for example for mayor, governor or president, when in the 1st phase the winner does not get more than 50% of the votes - oh, yes, we DIRECTLY vote for president - every citizen's vote has the same "weight").
    - Although the voting machine is electronic, when you get to the voting section there are PAPER books with all voters for that section listed, and your ID is checked against that. You sign the book and get a "receipt" detached from it (you have to prove you voted, as it is a legal obligation).

    Soo, the electoral authority "knows" how many votes should appear in the results. Generally we do not have Disney characters, dead people, etc. voting, nor people voting in several electoral sections.

    As far as I can remember, results have matched the pre-election polls (from multiple sources) quite well. Generally people know in advance what the result will be from each city or even city area, and that can be seen in real time as the electronic counting unfolds at election night (yes, we generally get most results in the night of the election day). I can't recall results being seriously contested by the losing parties (we have MANY parties).

    Results are manipulated by "social engineering": Sending buses/boats to collect people from remote locations for voting in "exchange" for voting, trading dental treatment promises, money, death threats, etc. Illegal too, but easier and more difficult to trace than manipulating after the votes were cast.

    I trust that there are so many crooks in politics in my country that if a party found a way to manipulate the results after elections, there would be so many me-too-or-else-I'll-tell that it would spread like a wildfire and the results would be awkward enough to be laughable. It is a self-regulating system. If a hacker found a way to manipulate the results, he would not stop at selling the method to one single candidate. I believe the same applies for other voting methods (except the ones which allow Mickey Mouse to register, of course) - it is not the system itself that prevents fraud, but the fact that fraud works both ways, and that the result is not a complete surprise.

    In recent international elections you can see in the news that if the results do not match what the population though it would be, it is noticed at once, and people get to the streets (sometimes there wasn't even a fraud, it's just that some people won't accept the losing). It hasn't happened here so far, so we still trust the way it's been done.

    • by alberion (1086629)

      - You OUGHT to vote if you are a Brazilian citizen between 18 and 70, and is not illiterate. You get in a lot of trouble if you don't.

      No You don't. You have to pay about R$4 (USD 2) per election you miss, with a maximum of three elections. So you would have to pay about R$12 if you never go to vote, but need your voter id normalized (in case you decide to vote or get a public job). That is it. The only inconvenience is that you have to go to the voting registry place to do this, and it usually only opens in business hours.

      • by jsveiga (465473)

        "in case you decide to vote or get a public job"

        that's not the whole trouble,

        1 - you cannot even apply for a public job selection exam
        2 - you do not receive your salary for the 2nd month after the election if you have a public or somehow government-related job
        3 - if you represent your own business, you cannot participate in government bids
        4 - you cannot renew or get a passport or ID document
        5 - you cannot renew your registration to go on studying for free on public schools
        6 - you cannot get loans from finan

  • by fgouget (925644) on Saturday October 31, 2009 @11:07AM (#29934677)

    A lot of people seem to believe that hacking an election that uses electronic voting machines is so hard it's the stuff of science fiction.

    However some time ago I came across an article [ieee.org] describing how an unknown group hacked the Vodafone-Panafon cell-phone system. To me this hack conclusively proves that these groups have the technical and financial resources necessary to steal an electronic voting election.

    Consider:

    • They tapped the cellphones of Greece's prime minister and over 100 high-ranking dignitaries. All people for whom security is important and who would have noticed if something was amiss.
    • They hacked into Vodafone's switches: equipment that's rarer and more expensive than voting machines.
    • They had to hot-patch the software in memory since these switches are almost never rebooted. No such trickery is needed for voting machines.
    • They also had to ensure their hacks would evade detection and survive the regular software upgrades. In particular these upgrades perform checksums on the running software to ensure the starting point is as expected. But hey had countermeasures to avoid detection by these checksums. Not an issue you have if you hack the voting machines at the right time before the election.
    • To evade detection they also had to make sure none of their activity would be visible in any of the audit logs.
    • Yet, they remained undetected for over 6 months and where only detected by chance. In an election your hack only has to remain undetected for one day, then it can wipe itself clean and you've won.
    • The group who performed this hack was never identified.
  • Paper ballot is far from perfect. I think we are better this way. People will not hack a voting machine to win, just buy votes. It's easier. Brazil is a very big country and counting votes was always problematic. Now we have a official result in the same day. Elections for legislative branch was a problem too. People wrote the name or a nickname of a candidate, or just swear. A monkey (or another animal from a zoo, can't remember) was elected years ago as a prostest. Buying votes is harder too. They just
    • I have also worked at elections in Brazil. Governors in Brazil almost always do every kind of trick to take "advantages": take money from the taxes (steal), put their relatives and friends in government jobs, put people in government jobs in exchange to receiving comission on the person's salary. And most of the governors have what is called "parliamentary immunity", which in most cases is applied to common crimes (not only crimes regarding the public administration). Very rarely any member of the parliame
      • by alberion (1086629)
        Actually, I don't think the election numbers are manipulated in any way in Brazil. Simply because there is no need... People keep voting on these guys and these guys keep the people dumb enough to elect them. If democracy worked, companies would use it. Companies strive to always use the most effective and cost efficient system to manage themselves. It is the law of capitalism, if there is a better way and you don't adapt, you are going out of business. The fact that companies do not use ask the employees

Reference the NULL within NULL, it is the gateway to all wizardry.

Working...