Hackers Fail To Crack Brazilian Voting Machines 143
blueser writes "From Nov 10th to Nov 13th the Brazilian Government hosted a public hacking contest to test the robustness of its voting machines. 38 participants from private and public IT companies (including the Brazilian Federal Police) were divided into 9 teams, which tried several different approaches to try to tamper with the software installed on the machines, and even to physically interfere in other stages of the process. All attempts (aside from a minor one which would not compromise the overall results) failed, and observations from the participants and neutral observers will be taken into account to improve the process even further. Here is the official announcement for the contest (Google translation; Portuguese original). A summary of the results is available in the Brazilian press (original). Brazilian voting machines use Linux." US voting officials ought to be envious of their Brazilian counterparts, or ashamed, or both. Perhaps this MIT-developed cryptographic voting system offers a way forward.
Re:Hmm... (Score:3, Informative)
Simplicity --> greater security (I'm not saying the contest measured something).
http://en.wikipedia.org/wiki/Elections_in_Brazil#The_Brazilian_voting_machines [wikipedia.org]
The source is available to the parties.
Re:Doesn't change a thing (Score:4, Informative)
Not really. It is your job to prove to me that there is no flaw. It's the same thing with a paper ballot. You still have to prove to me that there is not a flaw in the paper ballot. Of course, I can look over the ballot in all of about 15 seconds and see that it's the correct ballot. It's far harder to find a race condition in a voting machine running proprietary software that causes miscounted votes.
Try again! (Score:1, Informative)
Actually, they ARE Diebold machines! When I turned 18 and voted for the first time I was really surprised to see that the voting machines here in Brazil have Diebold logos... and this was around the time when electronic voting was starting to make noise in the US due to insecure Diebold machines. However, I suspect that the Brazilian machines are actually designed by some national organization and only the manufacturing of all the thousands of machines is outsourced to Diebold.
Weve been voting with these machines for over 10 years, if Im not mistaken, and not a single major flaw has ever surfaced. Some small problems may have occurred without anyone noticing, but weve never had an election result deviate wildly from poll numbers, so it seems trustworthy to the extent that we can detect.
Goes to show that electronic voting machines or even Diebold are not the whole problem, you just need some transparency and supervision of the whole process... DEFINITELY not closed source!
Re:Try again! (Score:5, Informative)
they were designed under the electoral court's orders by universities and private companies. after the design was ready, the manufacturing was outsorced to several comapnies, one of them was procomp, that later was purchased by diebold.
diebold doesn't own the designs or the copyright to the software. the electoral court does. so if diebold is thinking about selling similar machines in US, they'll have to pay our govt. royalties.
Working link of pics, video of the voting machines (Score:2, Informative)
The successful atempt wasn't about the system (Score:3, Informative)
Re:Why not open source it? And the human flaws? (Score:3, Informative)
The source *is* open. Anyone from any political party or organized entity can request and have access to all source and follow all the procedures. The final binaries are signed by all interested parties as well and the system can be audited at any time. I know no system is fail proof but I believe they covered as much as they can and honestly, the paper system is also week to social pressures and bribing as well. That's the week link: people, not technology.
Re:for what it is worth... (Score:2, Informative)
But Brazil does have a stable political climate. Lot's of claims of corruption, but everything have been on its tracks for so long that is boring.
Re:for what it is worth... (Score:1, Informative)
Latin America is a rather less-than-stable political climate, after all.
You shouldn't generalize. Florida [wikipedia.org] may be part of Latin America by now, but it's certainly not in Brazil.
Re:Doesn't change a thing (Score:3, Informative)
Proving the absence of something is impossible, or close to it. No matter how hard he looks and says "it still seems to be flawless", you can ALWAYS claim that there is still the possibility of a hidden flaw.
It's always the job of the person claiming the existence of something to prove it, not the other way around. If you think there is a flaw, show us your proof, or at least your reasoning. If you can't, we wont have reason to believe you.
Is a Lie from Brazilian TSE (Score:3, Informative)
And all the test is a ugly lie.
The... "hackers" are public workers, not really hackers. And they are forbidden to use really "hacker" methods like disassemblers, sniffers and etcetera, only the "approved" methods. Is like you ask to a thief to try to bypass your security system, but allows then to use only a paper clip. Ridiculous, but the TSE do not care.
Re:Is a Lie from Brazilian TSE (Score:1, Informative)
Not a Lie. What TSE did not allow is using remote attacks which would not work anyway since ballot machines are NEVER connected to a network and similar attacks that could not ever work. So no time wasted with ineffective vectors of attack.
Brazilian people really lacks auto-estime in a shameful way. If it's made for a brazilian than it's bound to corruption or inefficience and so on. Really a shame to think like that.
I'm very proud of our ellection system, it works and is clean. TSE (Electoral Supreme Court) can even have corrupts on their ranks but the technicians that actually implement the election laws are not bound to any political affiliation and are dedicated to eliminate risks of attacks and corruption. I know cause I worked there and saw it with my own eyes. (and yes, I know how the system works).
Just to show: source code to ballot machine and central processing application IS open to any political party that wants to look at it. At time of ellection it's compiled and digitally signed in a ceremony that political parties participate. At any time during the election a party can request to verify all the software on the ballot machine to certify it's the original, verified one. Central code is also signed and is very simple. Anyway, each ballot machine prints a copy of the total votes on each candidate and political party at the end of the election and some copies are distributed to political parties observers that can check what was the computed value of any specific ballot machine on central system, so checks can be made about what was printed and what was computed (should be the same, obviously). They DO check often and never found a difference.
Parts of Brazil are very poor and is much cheaper to buy a vote with a bag of rice or bean or half of 50 note (like 28 dollars) and then deliver the other half after the candidate has beend elected. There are even pure threat to some communities where they are demanded to produce votes for an specific candidates or would suffer retaliation of the bandits, for example. All cheaper than corrupt the electoral system, which would be extremely difficult and so extremelly expensive. So expensive it would be prohibitively hard to implement.
That's all for now.