Ethical Hackers 2, Internet Voting 0

In the fall of 2010 Washington D.C. ran a brief open test of the Internet voting system it was proposing for use in that year’s November election. It was quickly hacked by a team of graduate students from the University of Michigan, lead by Professor Alex Halderman. <summary and video>

Two days ago an international team of investigators including Professor Halderman and graduate students demonstrated attacks and articulated weaknesses in the Estonian voting system used by 20% to 25% of voters in their national elections. Information is all available at

The video summary is a great way to understand what they did.

What we found alarmed us. There were staggering gaps in procedural and operational security, and the architecture of the system leaves it open to cyberattacks from foreign powers that could alter votes or leave election outcomes in dispute. We have confirmed these attacks in our lab — they are real threats. We are urgently recommending that Estonia discontinue use of the system.

They easily demonstrated attacks on the election servers and on personal computers used for voting. They found additional means of attack that they could have demonstrated. While they applauded Estonia’s efforts at transparency, they found it both insufficient and that it exposed server passwords on the Internet during the voting period.


Leave a Reply

You must be logged in to post a comment.