Jump to content

Please read the following announcement about thanks posts and their replacement; the like / thanks button.




Welcome to nsane.forums


Sign In  Log in with Facebook Log in with Twitter

Create Account
Welcome to nsane.forums, like most online communities you need to register to view parts of our community or to make contributions, but don't worry: this is a free and simple process that requires minimal information. Be a part of nsane.forums by signing in or creating an account.
  • Access special members only forums
  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates
 
Guest Message by DevFuse

Photo
- - - - -

Hackers Elect Futurama's Bender to the Washington DC School Board


This topic has been archived. This means that you cannot reply to this topic.
5 replies to this topic

#1 News Hound

News Hound

    ViP Member

  • Veteran
  • 9,540 posts
  • Gender:Male

  • Nepal

Posted 02 March 2012 - 02:39 PM

University of Michigan researchers hack the Washington DC electronic voting system, and elect Bender, the drunk robot from Futurama, as school board president.

Posted Image
Bender as featured in 'Futurama: Bender’s Big Score.

Electronic voting has earned a pretty bad reputation for being insecure and completely unreliable. Well, get ready to add another entry to e-voting's list of woes.

One Bender Bending Rodríguez was elected to the 2010 school board in Washington DC. A team of hackers from the University of Michigan got Bender elected as a write-in candidate who stole every vote from the real candidates. Bender, of course, is a cartoon character from the TV series Futurama.

This was not some nefarious attack from a group of rouge hackers: The DC school board actually dared hackers to crack its new Web-based absentee voting system four days ahead of the real election. University of Michigan professor Alexander Halderman, along with two graduate students, did the deed within a few hours.

After looking over the e-voting system's Ruby on Rails software framework, Halderman’s team discovered that they could use a shell injection vulnerability to get into the system. This allowed them to retrieve the “public key," which is used to encrypt the ballots. With the public key in hand, the hackers were able to change every ballot already in the system and replace any subsequent real ballots with fakes.

While the hackers were mucking about the system’s server, they discovered other files that were not ballot-related in the /tmp/ directory. Among them was a 937-page PDF containing instructions to individual voters as well as authentication codes for every voter. If someone with malicious intent got their hands on these codes, they could use them to cast ballots as a real voter.

The researchers also managed to hack into the network, allowing them to gain access to other systems within the building. The team was able to get into the surveillance system, which gave them access to the security cameras. This allowed them to time their attacks so that the technicians would not notice the additional server activity.

When the team tried to get into the terminal server, they noticed there was an attack coming from Iran; they traced the IP address to the Persian Gulf University. The team realized the Iranians were getting in with one of the default admin logins (user: admin, password: admin). To stop the outside attacks the team blocked the offending IP address with iptables (a piece of software for server admins) and replaced the admin password with something more challenging. The team also blocked similar attacks launched from New Jersey, India, and China.

For the team’s pièce de résistance, the researchers replaced the “Thank you for voting" note with “Owned,” and programed the site to start playing the University Of Michigan's Fight Song “Hail To The Victors!” 15 seconds later. Despite all this, the system administrators did not notice anything strange until two days later.

Halderman’s closing statements on e-voting are that a single flaw in the configuration of the system could be fatal, and secure Internet -based voting won’t be ready until there are significant fundamental advances in computer security. Be sure to check out the full paper on Attacking the Washington, D.C. Internet Voting System.

Posted Image View: Original Article

#2 PrEzi

PrEzi

    Advanced Member

  • Members
  • PipPipPip
  • 211 posts
  • Gender:Male

  • Germany

Posted 03 March 2012 - 04:06 AM

Heh.... e-vote... my @ss.
They did a good thing and they owned the admins...
BTW - who would be stupid enough not to change the default admin passwd ??

-=PrEzi=-

 


#3 Frosticles

Frosticles

    Senior Member

  • Members
  • PipPipPipPip
  • 282 posts

  • United Kingdom

Posted 03 March 2012 - 04:54 AM

Haha XD, i wonder if the people in that university are gonna get in trouble.

#4 Martyr

Martyr

    ViP Member

  • ViP
  • 1,633 posts
  • Gender:Male
  • Location:Egypt
  • Interests:Freedom

  • Egypt

Posted 03 March 2012 - 07:41 AM

It makes me wonder if they still can't make an e-voting system that's secure, then what about online banking? Are they actually secure?..

Fact 1: Israel is NOT a country, it's an occupational colony on Palestinian soil.

Fact 2: Don't be fooled, what's happening in Egypt now is nothing less than a MILITARY COUP.

Fact 3: The anti-coup protestors are good, honest people and they are UNARMED, don't believe the lies!

 

2rxe0sl.jpg


#5 majithia23

majithia23

    ViP Member

  • Moderators
  • 1,990 posts
  • Gender:Male
  • Location:in front ...
  • Interests:technology,
    gadgets,
    reading,
    driving,
    running,
    cartoons,
    cooking,
    music,
    n being my self !!

  • India

Posted 03 March 2012 - 01:55 PM

lol ...

bite my shiny metal a@@ !

#6 shought

shought

    ViP Member

  • Administrator
  • 11,776 posts
  • Gender:Male
  • Location:Anywhere you can imagine

  • Netherlands

Posted 03 March 2012 - 01:59 PM

It makes me wonder if they still can't make an e-voting system that's secure, then what about online banking? Are they actually secure?..

It's really not impossible to make a server which cannot be breached. It just takes time, effort and there's a trade-off on usability.

'Viam interdum tantum deerrāntēs invenīre possunt.'
Posted Image
How to work with 'sharecodes' - Infected fix? - Forum Rules - Frontpage FAQ