Jump to content

The Community Guidelines have been updated.

Welcome to nsane.forums

Sign In  Log in with Facebook Log in with Twitter

Create Account
Welcome to nsane.forums, like most online communities you need to register to view parts of our community or to make contributions, but don't worry: this is a free and simple process that requires minimal information. Be a part of nsane.forums by signing in or creating an account.
  • Access special members only forums
  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates
Guest Message by DevFuse

- - - - -

Hackers Elect Futurama's Bender to the Washington DC School Board

This topic has been archived. This means that you cannot reply to this topic.
5 replies to this topic

#1 News Hound

News Hound

    I like news.

  • Veteran
  • 9,540 posts

Posted 02 March 2012 - 02:39 PM

University of Michigan researchers hack the Washington DC electronic voting system, and elect Bender, the drunk robot from Futurama, as school board president.

Posted Image
Bender as featured in 'Futurama: Bender’s Big Score.

Electronic voting has earned a pretty bad reputation for being insecure and completely unreliable. Well, get ready to add another entry to e-voting's list of woes.

One Bender Bending Rodríguez was elected to the 2010 school board in Washington DC. A team of hackers from the University of Michigan got Bender elected as a write-in candidate who stole every vote from the real candidates. Bender, of course, is a cartoon character from the TV series Futurama.

This was not some nefarious attack from a group of rouge hackers: The DC school board actually dared hackers to crack its new Web-based absentee voting system four days ahead of the real election. University of Michigan professor Alexander Halderman, along with two graduate students, did the deed within a few hours.

After looking over the e-voting system's Ruby on Rails software framework, Halderman’s team discovered that they could use a shell injection vulnerability to get into the system. This allowed them to retrieve the “public key," which is used to encrypt the ballots. With the public key in hand, the hackers were able to change every ballot already in the system and replace any subsequent real ballots with fakes.

While the hackers were mucking about the system’s server, they discovered other files that were not ballot-related in the /tmp/ directory. Among them was a 937-page PDF containing instructions to individual voters as well as authentication codes for every voter. If someone with malicious intent got their hands on these codes, they could use them to cast ballots as a real voter.

The researchers also managed to hack into the network, allowing them to gain access to other systems within the building. The team was able to get into the surveillance system, which gave them access to the security cameras. This allowed them to time their attacks so that the technicians would not notice the additional server activity.

When the team tried to get into the terminal server, they noticed there was an attack coming from Iran; they traced the IP address to the Persian Gulf University. The team realized the Iranians were getting in with one of the default admin logins (user: admin, password: admin). To stop the outside attacks the team blocked the offending IP address with iptables (a piece of software for server admins) and replaced the admin password with something more challenging. The team also blocked similar attacks launched from New Jersey, India, and China.

For the team’s pièce de résistance, the researchers replaced the “Thank you for voting" note with “Owned,” and programed the site to start playing the University Of Michigan's Fight Song “Hail To The Victors!” 15 seconds later. Despite all this, the system administrators did not notice anything strange until two days later.

Halderman’s closing statements on e-voting are that a single flaw in the configuration of the system could be fatal, and secure Internet -based voting won’t be ready until there are significant fundamental advances in computer security. Be sure to check out the full paper on Attacking the Washington, D.C. Internet Voting System.

Posted Image View: Original Article

#2 PrEzi


    Advanced Member

  • Members
  • PipPipPip
  • 249 posts

Posted 03 March 2012 - 04:06 AM

Heh.... e-vote... my @ss.
They did a good thing and they owned the admins...
BTW - who would be stupid enough not to change the default admin passwd ??



#3 Frosticles


    Senior Member

  • Members
  • PipPipPipPip
  • 282 posts

Posted 03 March 2012 - 04:54 AM

Haha XD, i wonder if the people in that university are gonna get in trouble.

#4 Martyr



  • ViP
  • 1,633 posts

Posted 03 March 2012 - 07:41 AM

It makes me wonder if they still can't make an e-voting system that's secure, then what about online banking? Are they actually secure?..

#5 majithia23


    ViP Member

  • Moderators
  • 1,995 posts

Posted 03 March 2012 - 01:55 PM

lol ...

bite my shiny metal a@@ !

#6 shought



  • Administrator
  • 11,956 posts

Posted 03 March 2012 - 01:59 PM

It makes me wonder if they still can't make an e-voting system that's secure, then what about online banking? Are they actually secure?..

It's really not impossible to make a server which cannot be breached. It just takes time, effort and there's a trade-off on usability.

'Viam interdum tantum deerrāntēs invenīre possunt.'
Posted Image
How to work with 'sharecodes' - Infected fix? - Forum Rules - Frontpage FAQ