Single hacker could bring down German elections with ‘one click’ – cyber security researchers

Single hacker could bring down German elections with ‘one click’ – cyber security researchers
The upcoming federal elections in Germany later in September are extremely vulnerable to hacking according to multiple cyber security researchers, who claim that even with prior warning, the elections could become a "total loss."

“The number of possible attacks and the severity of the vulnerabilities exceed our worst fears,"said Linus Neumann, spokesperson for the white hat hacking group the Chaos Computer Club (CCC).

Neumann claims that a sophisticated hack is not even necessary, citing a "one-click compromise" to manipulate results.

In federal elections in Germany, votes are cast using pen and paper and are then initially counted by hand but results could be manipulated by hackers as the totals from each constituency are broadcast and tallied up at a national level, predominantly using a piece of software known as PC Wahl.

Martin Tschirsich, a 29-year-old IT scientist, discovered a glaring vulnerability in the PC Wahl software.

“At some point, the results need to be typed in somewhere. And from then on, a lot of things can happen digitally," Tschirsich told Spiegel Online.

The final results are said to be more difficult to tamper with, although the preliminary figures can be falsified, creating a false impression.

"If the final result was manipulated, it would be discovered immediately," Tschirsich conceded.

While each state has its own specific preliminary voting rules and employs various methods to transmit them using the PC Wahl or equivalent software, telephone or even fax, the president of the Federal Statistical Office (Destatis), Dieter Sarreither, claims such manipulation would be "extremely unlikely," reports The Local.

Despite the advanced warning, as 61.5 million eligible voters go to the polls at approximately 70,000 polling stations across the country on September 24, the integrity of Germany’s quasi-digital voting system has been severely undermined before a single vote has been cast.

The CCC pulled no punches in their independent analysis of Tschirsich’s claims, asserting that there are "a number of security problems and multiple practicable attack scenarios" in which "a state-funded team of hackers is not even necessary" to change the "vote totals across electoral district and state boundaries."

A separate analysis carried out in the Netherlands on its voting software, IVU.elect, yielded similarly damning results, the CCC said.  

"It is simply not the right millenium to quietly ignore IT-security problems in voting… Effective protective measures have been available for decades, there is no conceivable reason not to use them,” Neumann said.