Example of Tampering
An example of vote tampering would involve the voter making the selections, but with the attacker intercepting the final ballot when submitting it. The ballot could be recorded after a few items were changed, and it would be difficult to find any traces of which votes had been modified. Diebold systems are used in several states, including Georgia, Maryland, Utah, Nevada, New Jersey, Pennsylvania, Indiana and Texas.Last fall, a Washington, D.C., district system invited a team from the University of Michigan's College of Engineering to try to breach its pilot of an online voting system. It took the team only 3 hours to find a SQL injection flaw to take over the server, change ballot results, cause the site to broadcast the university's fight song when someone accessed the site, and find personal information of voters registered on the system. There have been several opportunities for cyber-attackers intent on influencing the political process in recent weeks around the world. During the Russian elections earlier this month, popular Russian media Websites such as the Moscow Echo radio station, election monitoring group Golos and the LiveJournal blogging service were knocked offline by distributed denial of service (DDoS) attacks. A botnet using a piece of malware was behind some of the DDoS attacks, according to Sebastien Duquette, a researcher at ESET. The DDoS attacks targeted Websites that were discussing election fraud and other political violations, Moscow Echo's editor in chief claimed. It's a plausible scenario as "true political activism is a strong and real motivator for Internet DDoS attack activity," Mike Paquette, chief strategy officer of Corero Network Security, told eWEEK. "It is not hard to imagine that fringe groups, loosely associated with one political party, might employ these cyber-attacks to generally, or specifically, help their party in certain elections." DDoS attacks aren't just a tool for protesters, as the establishment can use it just as effectively. In Russia, DDoS was used "as a mechanism of propaganda, censorship, information withholding and unfair political advantage," Paquette said. Three of the top seven leaders in South Korea's ruling Grand National Party quit their posts for allegedly tampering with national elections in late October, the Wall Street Journal reported earlier this month. South Korea's cyber-terrorism police arrested a legislative aide to a top ruling politician after finding evidence that he launched the DDoS attack on the National Election Commission's Website on election day. The attack prevented young voters from being able to find their polling places, and may have suppressed voter turnout among the demographic that traditionally favor opposition parties, according to the report.
"In light of the rapidly approaching 2012 U.S. Presidential Election, it seems there may be a need to give serious attention to securing our election technology," Cameron Camp, security researcher at ESET, wrote on the company blog. "Unscrupulous, well-heeled bad actors" can easily gather together a group of hackers, especially if they are politically motivated, to tamper with votes and swing elections, Camp said.