Michigan prof explains how D.C. online voting system was hacked

UPDATED 8:50 P.M.

The University of Michigan computer science professor who led the team that successfully infiltrated an Internet voting trial held by the D.C. Board of Elections and Ethics has stepped forward to describe how he did it.

In a post to the "Freedom to Tinker" blog this morning, J. Alex Halderman explains that not long after the elections board started a test period last week, his team quickly "found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters' secret ballots."

The researchers, once inside, changed the ballots that had already been cast to select their preferred write-in candidates -- famous real and fictional computers, including HAL 900 of "2001: A Space Odyssey" and the Master Control Program from "Tron." They also installed a "back door" that allowed them to view votes that came in. And, yes, they left a "calling card" in the form of the Michigan fight song.

Halderman writes: "Stealthiness wasn't our main objective, and our demonstration had a much greater footprint inside the system than a real attack would need." Still, the hackers had access for two days before the intrusion was detected and the test was ended. They plan to submit a paper on the attack.

Paul Stenbjorn, the BOEE's chief technology officer, said Monday that the programming issue that allowed the Michigan team access was quickly identified and closed. But the board, he said, decided to scale back the Internet voting pilot, which was to go live for about 900 overseas voters this week, in an "abundance of caution."

Halderman writes that the problem they found isn't the issue so much as the problems that are yet to be found: "The specific vulnerability that we exploited is simple to fix, but it will be vastly more difficult to make the system secure. We've found a number of other problems in the system, and everything we've seen suggests that the design is brittle: one small mistake can completely compromise its security. .... If this particular problem had not existed, I'm confident that we would have found another way to attack the system."

UPDATE, 8:50 P.M.: Earlier today, Stenbjorn posted a full response to the hacking. An excerpt:

"Our public test [has] been hacked. Which you would think would have been an objectively bad thing for the BOEE. You'd think wrong. ... When Alex Halderman and his students successfully hacked the system, we learned many valuable lessons about the security issues with the file upload mechanisms used in this software. More importantly, however, we achieved a collaborative engagement with the computer science community that was working with elections officials in the early stages of developing a better model for future deployment. ... We will continue this project and hope this interaction will serve as a model for future releases. We will stand up new revisions and invite the computer science community not only to attempt to hack the system, but come develop it with us."

I spoke to Halderman earlier today. He said he's "concerned" that BOEE intends to continue with the project. "I don't think yet that they're approaching it with the appropriate seriousness," he said.

He added: "Voting over the Internet is just so far from a good idea using today's technology that it's a little bit startling to me that jurisdictions are seriously considering it."