“It’s not every day you have an opportunity to hack a government computer without going to jail,” says U-M prof Alex Halderman.
And it’s not every day an academic paper makes news around the world. But the caper reported by Halderman and three U-M collaborators in February was irresistible: they’d elected Bender–the alcoholic, whore-mongering, chain-smoking robot from the TV show Futurama–president of the Washington, D.C., school board.
The good news is it was only a test. The District’s government was planning on using an online voting program in an actual 2010 school board election, and to demonstrate its invulnerability, they dared hackers to crack their system. Halderman, a youthful-looking U-M electrical engineering professor specializing in applied computer security, took the dare. He recruited grad students Scott Wolchok and Eric Wustrow and technical staffer Dawn Isabel to help. “All of them were instrumental in the success,” he says. “I oversaw the project, but as always, it was the students who did all the work.”
How’d they do it? “We found a way to create fake ballots that the system had to examine, and while it was doing so, we slipped a command onto their server to subvert their voting software. What we did was essentially take control of their server, and after that, we replaced all the votes with ballots of our own choosing based on who we thought the computer would vote for if it was evil: Bender, for instance.” Getting a fictional robot elected school board president wasn’t all they did. “Internet security tends to be very brittle,” says Halderman, “and once we got inside, we got a lot of access.” They not only accessed every voter’s past voting history but also made sure that in the future “everybody would be voting for our candidates no matter who they voted for.”
Halderman and his team weren’t the only ones trying to hack the system. “As far as I know there wasn’t anyone else who tried to hack the system who was participating in the test. But we did notice other incoming attack attempts from China and Iran. These were not people trying to participate in the test, but real attackers.” They shut out the bad guys by blocking the system’s password.
The U-M team left a clue behind. “We could have made it invisible until they counted the vote and found the evil robot had won,” says Halderman. “But there was not enough time before election for them to react, so we left a kind of a ‘calling card’ on the machine.
“The system had a final confirmation screen saying ‘Thank you for voting,’ and we changed that page so that after a fifteen-second delay it would play ‘The Victors.’ It took them two days to find it, and it was only because one of the testers wrote to tell them the system looks pretty good, but that the music at the end is pretty distracting.”
When the D.C. government found out, they called in Halderman’s team for a debriefing and cancelled the online portion of the vote. But thirty-three states already allow people in the military and overseas to vote online, and Halderman doubts that any of those systems are secure. “Internet voting is not something we know how to do today,” he says, “and it will be decades if ever before we get there.”
So will someone eventually hack a real election? “We’ll see,” says Halderman. “Or maybe we won’t see. Not everybody leaves a calling card.”