Image by Amarand Agasi via Flickr Christopher Beam wrote a short article for Salon last week with an attention-getting title: Hack the Vote - Five ways hackers could tamper with the 2008 elections over at Slate. After wasting five minutes of my time reading the article I thought I would waste another five minutes of my time writing a short summary of how "hackers" can "tamper" with the elections this fall. Please note that Mr. Beam has the word "hackers" in his title but consistently refers to them as "tricksters." Mr. Beam's short list of ways hacker-tricksters (hicksters?) can sabotage the vote are:
- Fake e-mails. Seems that some hicksters (I'm starting to like it... I'm slapping a trademark on it) are actually politically-savvy phishers. He offers defending against phishers with "rapid response" getting the word out about the scam to the people most likely to get duped. I do love this little bit of genius from the article: "...Obama's donation page has a security seal at the bottom designating it an "authentic site." Notice, also, that you can easily copy the seal and post it on your own site." I actually did LOL when I read the last sentence.
- Dummy Web sites. I'm not sure how this one made it in but Mr. Beam spends a good amount of screen real estate rambling about: fake content, misspelled domain names, the Obama-Clinton XSS incident, the recent DNS flaw, and finally SQLi. His solution? Well, not much since every security professional I know is struggling with the exact same issues day-in day-out... but I'll give Mr. Beam credit for bringing some of these vulnerabilities to the general public's attention.
- Social networking. I see this potentially being an issue for Obamanics but for McCainites? Not so much. Unless you count the golf course or barbershop.
- Robo-calling. Um. Yeah, weren't they cold calling my parents to sling some serious mud back when it was Nixon vs. McGovern?
- Search-engine deoptimization. Potentially could be a problem if the hicksters are very very motivated and very very organized but his scenarios are too localized to be effective (buying ads to mislead people where to vote?). Google (and the other search engines) have gotten much better about rooting out "google bombing" and other SEO tricks and hacks (hicks?).
That's not to say these Internet tricks will upset the election—or even dent it. There are plenty of bright mischief-makers out there, but how many of them want to screw up elections? (Elect John McCain for the lulz!) And it may turn out that traditional methods of voter manipulation—such as, say, paying busloads of homeless people to pass out inaccurate sample ballots—will prove more effective. Plus, one smear campaign probably equals a thousand polling-place misinformation campaigns.
2 comments:
It's more than a little disturbing how uninformed people can apply the term "hacking" to something which is nothing more than low-tech and mostly ineffectual social engineering at best! I would imagine two effective ways to truly hack the vote would be to modify the computer systems that send out the official voter registration/reminder cards ("here's where you need to go vote this election") to randomize the voting location on the notification, but NOT the actual voting location in the system; people would show up with their proof of ID, they wouldn't be on the list, they'd bring out their voter reminder card, the official would shrug and say "huh," and that person would then be voting by provisional ballot, which aren't counted unless it's really close. Of course back during the last two Bush elections, they had (true or not) images of an animal (monkey? too lazy to look it up) wiping the security logs of a vote-auditing system (running a Microsoft O/S, of course) in less than a minute. Who doesn't like monkeys? Or you could just bribe the company that manufactures the voting machines to skew things in your favor, but who would do that? :)
I'm not convinced that those voting machines from DieBold don't come pre-rooted. I'll take a hanging chad any day over the current alternatives. Of course I am actually talking about hacking the vote and not tricking the electorate.
Post a Comment