Forgot your password?
typodupeerror
Government Security Your Rights Online

Hackers Fail To Crack Brazilian Voting Machines 143

Posted by kdawson
from the voting-envy dept.
blueser writes "From Nov 10th to Nov 13th the Brazilian Government hosted a public hacking contest to test the robustness of its voting machines. 38 participants from private and public IT companies (including the Brazilian Federal Police) were divided into 9 teams, which tried several different approaches to try to tamper with the software installed on the machines, and even to physically interfere in other stages of the process. All attempts (aside from a minor one which would not compromise the overall results) failed, and observations from the participants and neutral observers will be taken into account to improve the process even further. Here is the official announcement for the contest (Google translation; Portuguese original). A summary of the results is available in the Brazilian press (original). Brazilian voting machines use Linux." US voting officials ought to be envious of their Brazilian counterparts, or ashamed, or both. Perhaps this MIT-developed cryptographic voting system offers a way forward.
This discussion has been archived. No new comments can be posted.

Hackers Fail To Crack Brazilian Voting Machines

Comments Filter:
  • by Anonymous Coward

    Of course not! There were a brazilian of 'em!

  • by Loopy (41728)

    ...if you think the person who actually cracked it would admit it before cashing in.

    • by KamuZ (127113)

      How would you have done it to be sure everything went OK?
      No risk to sell the hack to a candidate or tamper data just for the kicks.

      Sincerely, i can't think on any.

  • by Anonymous Coward

    Failure to find a flaw does not prove absence of a flaw. Even if it did, I still need to trust the people handling the machines that the machines I'm voting on are the ones that were tested, because there is no way for me to verify that in an actual voting situation. A paper ballot vote is completely observable and does not require trust. Electronic voting is unnecessary and undemocratic.

    • by gzipped_tar (1151931) on Sunday November 15, 2009 @03:37AM (#30104792) Journal

      1. How do you know that "A paper ballot vote is completely observable and does not require trust"?

      2. "Electronic voting is unnecessary and undemocratic." -- There are democratic political systems and undemocratic ones. There are no such thing as "democratic" or "undemocratic" technology. Technology is neutral; it depends on who is using it and how it is used.

      • D'oh, my last sentence was malformed. I wasn't really paying attention to what I was typing. I meant to say "Technology is neutral; its outcome depends on who is using it and how it is used." FTFM.
      • Re: (Score:1, Insightful)

        by Anonymous Coward

        A paper ballot vote is designed to be observable. You can simply look at all the steps in the design and see that you can observe what's going on.

        Electronic inherently relies on trust in an authority of some kind (e.g. the company which built the system, or a certification agency which vouches for the validity of the system). That is a fundamentally undemocratic property, therefore electronic voting is undemocratic.

        • by mangu (126918) on Sunday November 15, 2009 @08:20AM (#30105174)

          You can simply look at all the steps in the design and see that you can observe what's going on.

          How can you, personally, be sure that every vote in every ballot in the country was counted correctly? Paper votes are sensitive to "economic power" frauds. The party which can put more inspectors in the process is the one which controls the counting.

          In Brazil there was a big affair in the 1982 Rio de Janeiro state governor elections, when the leftist candidate Brizola [wikipedia.org] denounced an attempt to subvert the vote counting, in what became known as the "Proconsult scandal" [google.com]. According to Brizola's party [pdt.org.br], this fraud attempt was performed with the collusion of the right-wing media organizations, which presented fake exit polls indicating a victory for the rightist candidate.

          In any major election there are many people working together and one must inevitably trust a lot of people involved in the counting. No ordinary citizen has the resources to monitor an election by himself, the support of the party is needed.

          In these days, any political party should have lots of people who know and understand computing technology. It's much easier and cheaper to let a trusted team of computer experts do a thorough audit on the software than to get a large team of scrutineers to watch every little detail where a paper ballot can be defrauded.
           

          • It's much easier and cheaper to let a trusted team of computer experts do a thorough audit on the software than to get a large team of scrutineers to watch every little detail where a paper ballot can be defrauded.

            /academic mode on

            Actually this point could be pushed a step further.

            The verification of the correctness of a computer can even be made automatic. At least in theory. We won't even need a team of human experts. Furthermore, once a particular model of machine pass the verification, it could be expec

        • by corrie (111769)

          Basically, just because many current implementations of electronic voting are failures, don't blame the concept of electronic voting. As the polulation grows, electronic voting has the potential to make voting more accessible, fair and efficient. Paper voting does not.

          You can cheat using either paper voting or electronic voting.

          Just because you can cheat in any particular system does not make it undemocratic.

      • by lennier (44736)

        "There are no such thing as "democratic" or "undemocratic" technology. Technology is neutral;"

        That's not actually the case.

        The basic architecture of any system is NOT politically neutral, it very deeply influences how that system can be used and whether control is centralised or distributed. If you want a stable democratic system, you really need distributed control - otherwise, you will constantly be fighting the centralisation tendency of the architecture. In a centralised system, even with your best effo

    • by dvice_null (981029) on Sunday November 15, 2009 @03:57AM (#30104836)

      > Failure to find a flaw does not prove absence of a flaw.

      And failure to find an unicorn doesn't prove absence of a unicorn. I claim that there is no flaw. It is now your job to find the flaw and prove me wrong.

      > A paper ballot vote is completely observable and does not require trust.

      So you think that computers can't be trusted, because you don't trust people handling them, but you can trust paper, because you trust people handling them?

      • by Mr. Freeman (933986) on Sunday November 15, 2009 @07:37AM (#30104974)
        "I claim that there is no flaw. It is now your job to find the flaw and prove me wrong."

        Not really. It is your job to prove to me that there is no flaw. It's the same thing with a paper ballot. You still have to prove to me that there is not a flaw in the paper ballot. Of course, I can look over the ballot in all of about 15 seconds and see that it's the correct ballot. It's far harder to find a race condition in a voting machine running proprietary software that causes miscounted votes.
        • It's far harder to find a race condition in a voting machine running proprietary software that causes miscounted votes.

          That's why these voting machines run Linux and an OpenSource counting software.

          • And how do I, as voter, verify that at the time I'm casting my vote the machine is indeed running that exact open source software, and not some other software which presents me with the same interface, but skews the results? With paper ballots at least I can know that whatever I vote really ends up in the ballot.

        • Re: (Score:3, Informative)

          by Patch86 (1465427)

          Proving the absence of something is impossible, or close to it. No matter how hard he looks and says "it still seems to be flawless", you can ALWAYS claim that there is still the possibility of a hidden flaw.

          It's always the job of the person claiming the existence of something to prove it, not the other way around. If you think there is a flaw, show us your proof, or at least your reasoning. If you can't, we wont have reason to believe you.

      • First, is not the Brazilian goverment but the Tribunal Superior Eleitoral (supreme election jury or something like this in English).

        And all the test is a ugly lie.

        The... "hackers" are public workers, not really hackers. And they are forbidden to use really "hacker" methods like disassemblers, sniffers and etcetera, only the "approved" methods. Is like you ask to a thief to try to bypass your security system, but allows then to use only a paper clip. Ridiculous, but the TSE do not care.
    • There is no way for you to verify that the paper ballot you are using is an actual legitimate ballot. I suppose you could call some city department and have them certify the ballot, but you could do the same thing for the voting machines. Electronic voting is not necessarily undemocratic. It's only undemocratic if it's being used in an undemocratic way. You could abuse paper ballots the exact same way you could abuse electronic machines.

      The only real difference here is that no one has tried to sell the
    • A paper ballot vote is completely observable and does not require trust

      I beg to disagree. Apart from things like hanging chads and butterfly ballots [wikipedia.org], which can be corrected by proper voter instruction, paper ballots are subject from a large number of possible frauds, ranging from relatively unsophisticated methods like ballot stuffing to more advanced methods like ballots numbered with invisible ink.

      Besides, as every corrupt politician knows, the best way is not to commit fraud at the ballot itself, but at

      • Re: (Score:1, Insightful)

        by Anonymous Coward

        I see that your experience with the process is from an environment which has already abandoned the democratic system of using a pen to make a cross in front of the name of the candidate or party of your choice and putting the ballot in a ballot box that is under public supervision. That box is usually opened at the end of the day, also under public supervision, and the votes are counted (again, in public). An electronic voting system may be an improvement on the very flawed system that you associate with pa

        • by mangu (126918)

          the democratic system of using a pen to make a cross in front of the name of the candidate or party of your choice

          Don't you mean after [dccofc.org] the candidate's name?

          That box is usually opened at the end of the day, also under public supervision, and the votes are counted (again, in public)

          Yes, and being in public means no mistake is possible [wikipedia.org], right?

  • by Sir_Lewk (967686) <sirlewk.gmail@com> on Sunday November 15, 2009 @02:18AM (#30104550)

    Cracking contests are warning sign number 9 on Bruce Schneier's list of security snake oil warnings. [schneier.com]

    Warning Sign #9: Cracking contests.

    I wrote about this at length last December: . For now, suffice it to say that cracking contests are no guarantee of security, and often mean that the designers don't understand what it means to show that a product is secure.

    • by Narpak (961733) on Sunday November 15, 2009 @02:52AM (#30104658)
      Yet I find the concept of actively encouraging people to hack your system, through for instance competitions, far more comforting than insisting that the only security is total secrecy. Particularly in the field of electronic voting systems.
      • Yes, inviting attempts to crack the systems, but trumpeting the fact that nobody publicized a successful crack isn't reassuring. Consider the rewards. Win cracking context: $MONEY. Manipulate election: $POWER + $BIG_MONEY.
    • Re: (Score:1, Flamebait)

      by Nathrael (1251426)
      And in addition - who knows, maybe they actually *did* find something and "just" don't want to disclose their findings, instead preferring to use the exploits themselves. Latin America is a rather less-than-stable political climate, after all.
      • Re: (Score:2, Informative)

        by BoppreH (1520463)
        Given the low prize, it's highly possible.

        But Brazil does have a stable political climate. Lot's of claims of corruption, but everything have been on its tracks for so long that is boring.
      • Re: (Score:1, Informative)

        by Anonymous Coward

        Latin America is a rather less-than-stable political climate, after all.

        You shouldn't generalize. Florida [wikipedia.org] may be part of Latin America by now, but it's certainly not in Brazil.

    • by Yvanhoe (564877) on Sunday November 15, 2009 @07:26AM (#30104932) Journal
      I would also add that having an uncrackable machine from an exterior attacker says nothing about the ability of a government to tamper an election.
      • Re: (Score:1, Interesting)

        by Anonymous Coward
        Yeah. On other side, in a famous powerfull contry, To tamper a election you have to only cause problems and delays when couting the papers, so you can have a court to rule at your favor, at some famous state, at a re-election of an beloved guy.
        So in this case you don't have to do a risky count.
    • Re: (Score:3, Insightful)

      except that if you read the arcticles, you'll see that it was more an auditing proccess done by several diferent professionals than an actual contest.

    • by swillden (191260)

      Cracking contests are warning sign number 9 on Bruce Schneier's list of security snake oil warnings. [schneier.com]

      Warning Sign #9: Cracking contests.

      I wrote about this at length last December: . For now, suffice it to say that cracking contests are no guarantee of security, and often mean that the designers don't understand what it means to show that a product is secure.

      It should be pointed out that Schneier was talking about ciphers, not voting machines, and he was talking about companies announcing cracking contests and using the announcement as an indication of security, in lieu of actually providing enough information to allow serious review of security.

      It's the combination of secrecy and cracking contests that is the snake oil warning sign. The only way we can determine if something is secure is to have lots of smart, knowledgeable people with full access to the de

    • by Xest (935314)

      Yes, and to put it into context this is the same Brazilian government that asked it's nations botanists to do an audit of all known plant species in the country to get an idea of how many were endangered for an official report. The botanists used the criteries set by CITES - the international treaty on endangered species, to classify the status of the plants and around 3000 species were endangered.

      After delaying and delaying when no one could understand why, the government finally released the compiled list

  • Of course this doesn't really guarantee it's secure (nothing does) but it indicates they're taking security seriously. I am curious if they had full access to machines for a while before the competition, 3 days is a lot of time to try out a bunch of exploits you've worked out, but it's not a lot of time to try to find those exploits if it's the first time you've seen the system.

  • Didnt some of the American ones have hardware that changed? Slightly but differed to the original spec. Then someone finds a buffer overflow etc.. Its a minefield but then again finance companies manage to have secure machines. You just have trusted people using them. As a pc support person I couldnt touch the two pcs that made millions of pounds in transfers it was the external company that supported them.
    Also:
    If you cant trust one person - have technical representatives at each pollling station from
  • by Beryllium Sphere(tm) (193358) on Sunday November 15, 2009 @03:13AM (#30104726) Homepage Journal

    Is this exercise realistic given the need to protect against well hidden back doors, tampering by election officials, and sloppy procedures (like letting a vendor install uncertified patches just before an election)? They tested only a narrow range of dangers.

    The right way to do something like this is at design time.

    They deserve credit, though, for doing things so much better than the US.

  • Rather than focusing on the machine itself it is much more important to make sure that the results are verifiable. Here's my take:
    1) Give the voter a randomly chosen voter number.
    2) Reveal the vote for each voter number in some puclic channel. (Yes I mean print each and every one's vote in the newspaper)
    3) Extend voter's obligations to include reading the newspaper the next day.
    4) Have volunteers count the number of people entering each voting station.

    If everyone is happy with his own entry in t
    • And then how do you verify the million or so people that misread the paper or just want to cause shit and claim their vote was not counted properly? Not trying to rail on your idea, but this does present one hell of a practical problem that needs to be taken into account.
      • A receit from the voting machine would take care of that. You get a receit back from the machine stating your voter number and your vote. It does introduce the problem that you have to carry a piece of paper revelaing your vote for a while, but you only need to keep the receit until you have verified that the same voternumber+vote combo is registered in the official records. Alternatively you could hand your receit over to someone you trust. If $yourfavouritetrustworhyorg is present at the voting station, y
    • by AndrewRUK (543993)
      In addition to Mr. Freeman's points, this would weaken ballot secrecy - at present, if someone wants to find out how you voted, their only method is to ask you, and they have no way to verify your answer. With your system, they can demand your voter number and then check the newspaper.
  • by Skapare (16644) on Sunday November 15, 2009 @07:34AM (#30104956) Homepage

    If there was a strong incentive or motive, that might have made a big difference. If all you get from success in cracking is the recognition, that won't bring in all the possible methods. OTOH, if there was a genuine and significant prize, like actually taking leadership of the country, or a billion dollars, you might find the machines can be cracked.

  • If I were here, I'd have cracked the machine with a hammer

  • Just because a few people didn't find a flaw in the time the spent there doesn't mean there isn't one. If someone found a hack, someone who actually wanted to exploit it, do you actually think they would divulge that kind of information? I would keep my mouth shut and let them think it was secure. Then it would make it even easier when the time came to mess with election results.
    • It's always possible. But then again just like people think traditional voting system is secure. Very specialized software that run on top of special hardware, as I suppose this voting machines do, are similar to airplanes navigation systems or even engines of cars. What I mean is, they can be much more closely controlled than people. Call me a misanthrope(or a engineer :p) but I trust machines I understand better than people with good references to get things done the way I expect.
      • But the problem is that you cannot be sure that you are faced with the machine you understand, even if you analyzed the machine which is supposed to be there up to the last detail. That's because after all, there are still humans who have to put the machine in place, feed it with the candidates to vote on, etc. And how do you know for sure that none of them tampered with the voting machine?
        With paper ballots, you only can manipulate on the day of the election (well, in principle you could manipulate the bal

  • It usually takes more than three days to hack anything which flaws aren't by any means evident. It sure shows the voting machines are quite secure, but does that really show that they are "unhackable"?
  • by joaobranco (55662) on Sunday November 15, 2009 @08:14AM (#30105136)
    According to the newspapers, the successful attempt was on the carrying bag for the media (which I assume carries the data required). It seems lack of physical security still can happen, but the media is supposedly cryptographically signed, so replacing it would be hard in any case.
  • by PopeRatzo (965947) * on Sunday November 15, 2009 @08:23AM (#30105202) Homepage Journal

    It's funny that they'd crow about the fact that "hackers" couldn't break their security in three days. Hacking a voting machine isn't a timed athletic contest. It might take 4 days, or a week, or a year, but once it happens, the damage from a hacked election could be catastrophic for a nation.

    The problem with voting machines is that somebody has to make them, usually a private company. Private companies are after profit. Profit + elections can be a disastrous combination. The effects of private money have turned the US political system into a bad joke.

    The way to secure and fair elections is not through any proprietary technology, that's for sure.

  • Formal proof (Score:1, Insightful)

    by Anonymous Coward

    I wonder, with all the universities around, and those news about a 'formally proven' OS kernel, if a team of researchers couldn't attempt to formally prove a modular voting software system (maybe using the OS kernel that's already proven)?

    Sure, it may be troublesome, but with government funding, it's a work that can be done, and independently verified by anyone that knows how to read such proofs.

  • Before you do the attempt you have to explain what you're planning to do, and the procedures have to stay with the TSE. The real hackers don't get their hands on that voting machine, only the security companys and universities can do the tests.
  • by BoppreH (1520463) on Sunday November 15, 2009 @08:57AM (#30105404)
    It's important to note that the prize for the winner is of just R$ 5.000, a little under $ 3.000. This certainly scared most experts away.

    On a side note, you guys have just slashdotted our fucking Superior Election Court website. I hope you are happy.
    • by BRSloth (578824) *

      $3000 may be too low for you. It may be too low for my Australian standards. But, as a Brazilian who worked 10 years in the field there, R$ 5000 is about TWICE what a top software engineer is paid in a month.

      • by dskoll (99328)
        I would not enter such a contest unless the prize were at least a year's salary. The amount of effort required for a real security assessment is worth a lot more than a month's salary.
  • Sure, the 'best crackers' couldn't hack it, see? So its secure, see?

  • by Legion303 (97901) on Sunday November 15, 2009 @09:13AM (#30105530) Homepage

    More accurate: "Successful Brazilian voting machine hackers stay quiet, wait for election day."

  • While cracking the machines would prove that they are insecure, failing to crack them proves nothing. It only proves that one group of people at a particular time couldn't crack them.
  • by TheSHAD0W (258774) on Sunday November 15, 2009 @11:03AM (#30106028) Homepage

    Hackers Fail To Crack Brazilian Voting Machines

    Give them time, a brazilian is a lot of machines!
    Ba-doom-boom-tss.

  • So, the machines' backdoor cannot be used by just about any hacker? Well good to know!

    Put in a different way, that's as if you made a contest out of making people try to log through SSH into your machine, to prove that *you* can't log into it.

  • I'm Brazilian and this media statement is full os shit, why ? 1st - To try to hack it you had to submit a paper telling EVERYTHING you would try to hack... Any hacker knows that "hacking" isn't easy, and you must adjust your techniques every time, so it is virtually impossible to design a paper telling what you're going to do. Hacking isn't simply mathematics and scheduled procedures... 2nd - They would allow you very limited access to the voting machine in a controlled everinoment and on a limited time.
  • "Hackers Decline to Reveal That They Cracked Brazilian Voting Machines"

    It's almost as if they had some incentive to keep it to themselves.

When you make your mark in the world, watch out for guys with erasers. -- The Wall Street Journal

Working...