Drunken Robot Wins School Board Election

WMDogma

New member
Jul 28, 2009
1,374
0
0
Drunken Robot Wins School Board Election

[img_inline src="http://cdn.themis-media.com/media/global/images/library/deriv/79/79955.jpg"]
Grad students hacked an electronic voting system and elected a fictional character to prove e-voting really isn't a good idea.

Everyone's favorite drunken robot can now add "Head of Washington DC's School Board" to his resume, as a team of hackers from the University of Michigan successfully elected Futurama's Bender during a test of Washington DC's electronic voting system.

In a detailed report [https://jhalderm.com/pub/papers/dcvoting-fc12.pdf] published this past February, Professor Alex Halderman from the University of Michigan detailed how, back in 2010, the Washington DC election board announced it was going to use an e-voting system to count up absentee ballots in an upcoming election. To test the security of the system, the election board invited members of the security community and general public alike to try and hack their way into the voting system before it was to be used in the actual election.

"It was too good an opportunity to pass up," Halderman explained. "How often do you get the chance to hack a government network without the possibility of going to jail?"

Within hours of getting their hands on the e-voting software, Halderman and his team of grad students took it apart and found a vulnerable spot in the code that allowed them to write information directly to the voting system's server. From there, they were able to guess the user name and password details for the server used by the voting system, which, pathetically, were both "admin".

Furthermore, the team found that the cameras stationed to watch the voting systems were also unprotected, letting them view the facility housing the voting server to figure out the shifts and schedules of every one of its employees. In a disturbing twist of events, the team also found a PDF file containing info on every Washington DC voter involved in the upcoming election.

So with full control over the system, Halderman and his team locked out any other would-be hackers attempting to break the system, rigged all of the electronic ballots in the system to count votes towards fictional candidates (such as The Terminator's Skynet), and then set up the final sign-off screen to play the University of Michigan's football fight song.

Adding further insult to injury, it then took two days before anyone overseeing the voting system realized they had been had, and that was only after a tester checking out the system for security problems complained about the music on the sign-off screen being "annoying."

Humor aside, the Halderman's work exposes several of the issues plaguing e-voting systems, which unfortunately are active in 33 states. Security experts have regularly expressed concerns that most aren't nearly as secure as advertised and that an election stolen electronically isn't as easy to detect as someone hacking a bank. Although hopefully, future voting systems will be harder much harder to crack and hackers won't be able to rig anything just by guessing "admin".

Source: Geekologie [http://www.theregister.co.uk/2012/03/01/electronic_voting_hacked_bender/]

Permalink
 

Valagetti

Good Coffee, cheaper than prozac
Aug 20, 2010
1,112
0
0
Typo... 'Futuram's', really? And this has to be the most misleading title I've ever seen, though it is quite funny.
If this happened in New Zealand, where a surprising amount of people call themselves 'jedi', the results would be more interesting!

EDIT: yay you changed it, thats my mark on humanity, now I can die peacefully!
 

vrbtny

New member
Sep 16, 2009
1,959
0
0
Wait!! The password was admin?!!!

That's so stupid of them.

Because everyone knows that the most secure password is simply "password"
 

Craazhy

Tic-Tock and Crash
Aug 22, 2009
105
0
0
"My first order of business is to relocate all school funds and budgets to my wallet. Secondly, I'll need to investigate all the alcoholic beverages we've confiscated from the students today.

And the 'Histories and Tales of Bender the Great' class will now be mandatory with enrollment... Someone make a 'Histories and Tales of Bender the Great' class... and hire a professor."
 

Shoggoth2588

New member
Aug 31, 2009
10,250
0
0
vrbtny said:
Wait!! The password was admin?!!!

That's so stupid of them.

Because everyone knows that the most secure password is simply "password"
(this was the shortest version I could find...I think it works though so meh)

I don't vote despite being able to for...holy shit, 6 years? Anyway, I don't vote because I've never cared to and it sounds like I won't need to in future anyway thanks to suspicions that future elections will be decided by whoever can afford the most hackers. I would post the George Carlin clip about his views on voting but I try to limit myself to one youtube video per post (not counting quotes).
 
Feb 13, 2008
19,430
0
0
WMDogma said:
"It was too good an opportunity to pass up," Halderman explained. "How often do you get the chance to hack a government network without the possibility of going to jail?"
Ask Sabu [http://www.escapistmagazine.com/news/view/116173-LulzSec-Leader-Outed-As-FBI-Rat].

Anyway, what's the worst Bender could do...

 

Wicky_42

New member
Sep 15, 2008
2,468
0
0
Lol - governments and the internet - on the one hand they're the boogyman, monitoring all your porn-watching and tracking everyone googling "anarchist's cookbook", and on the other they're inept, blundering fools, setting their usernames as 'admin', having briefcases full of classified military tech stolen at airports and leaving unencrypted census data on the seats of public transport.

Screw worrying about hackers, we've enough problems with the people with legitimate access to important computer systems!
 

Zen Toombs

New member
Nov 7, 2011
2,105
0
0
Amused Toombs is amused. Besides, I think this is a good idea. Bender seems like he'd be a good politician.

Bender Bending Rodriguez said:
Hey, the blues. The tragic sound of other people's suffering. That's kind of a pick-me-up.
 

Wintermoot

New member
Aug 20, 2009
6,563
0
0
vrbtny said:
Wait!! The password was admin?!!!

That's so stupid of them.

Because everyone knows that the most secure password is simply "password"
wasn't it "sex""god" and "love"?
OT
lol governments thinking they know computers couldn't they hire somebody who knew about computers? my A-technical school has a better password then admin!
 

Screamarie

New member
Mar 16, 2008
1,055
0
0
Bender for president!

Seriously though stories like this freak me out just a bit. I mean this is an amusing story but it just reminds me how extremely easy it can be for people to steal your shit online.
 

vrbtny

New member
Sep 16, 2009
1,959
0
0
Shoggoth2588 said:
Holy Shit that is epic. I love Spaceballs.

"I knew it, I'm surrounded by Ass-holes!!!"

But I was more thinking along the lines of Sarge's passwords from Red vs Blue.

Still, Spaceballs is just as awesome.
 

Otaku World Order

New member
Nov 24, 2011
463
0
0
I'm beginning to think our current government here in Canada would embrace this system. They've already committed voter fraud with automated phone calls, may as well screw with the actual votes.

Forget Bender, I say vote Skynet!
 

Shoggoth2588

New member
Aug 31, 2009
10,250
0
0
vrbtny said:
Shoggoth2588 said:
Holy Shit that is epic. I love Spaceballs.

"I knew it, I'm surrounded by Ass-holes!!!"

But I was more thinking along the lines of Sarge's passwords from Red vs Blue.

Still, Spaceballs is just as awesome.
...I can't believe I forgot about Red vs Blue. I've got 5 season on DVD and I know exactly what you mean. It's been a long time since I've watched that show though, to be honest but yeah: it probably would have fit better than the Spaceballs reference (though Spaceballs is an awesome movie blah blah)
 

Jodah

New member
Aug 2, 2008
2,280
0
0
Not gunna lie...I would vote for Bender Bending Rodriguez in a heartbeat!
 

squid5580

New member
Feb 20, 2008
5,106
0
0
vrbtny said:
Wait!! The password was admin?!!!

That's so stupid of them.

Because everyone knows that the most secure password is simply "password"
Ya know "admin" is actually a brilliant password (so is password for that matter). I mean seriously it would be the last thing I would choose if I were trying to hack someone because no no one could actually be stupid enough to use it and still be able to turn the power on a computer.
 

Formica Archonis

Anonymous Source
Nov 13, 2009
2,312
0
0
Security holes in a voting machine? I'm shocked [http://www.schneier.com/blog/archives/2004/11/the_problem_wit.html] I am.

squid5580 said:
Ya know "admin" is actually a brilliant password (so is password for that matter). I mean seriously it would be the last thing I would choose if I were trying to hack someone because no no one could actually be stupid enough to use it and still be able to turn the power on a computer.
Your faith in your fellow man is sweet. We'll have to break you of that.

H. L. Mencken once said "Nobody ever went broke underestimating the intelligence of the American public." and the only thing he got wrong was limiting it to a single nationality. Ahem:
http://www.schneier.com/blog/archives/2006/12/realworld_passw.html
http://amitay.us/blog/files/most_common_iphone_passcodes.php
http://www.nytimes.com/2010/01/21/technology/21password.html?_r=1

To summarize: If you want to have the best chance of guesing a password of someone you don't know in less than five tries, guess "password", "password1", and "123456", for starters. Your odds will usually be a bit under (or sometimes better than) one in one hundred.
 

illas

RAWR!!!
Apr 4, 2010
291
0
0
Personally, I might seriously vote for Bender were he an actual candidate...