Single hacker could bring down German elections with ‘one click’ – cyber security researchers
“The number of possible attacks and the severity of the vulnerabilities exceed our worst fears,"said Linus Neumann, spokesperson for the white hat hacking group the Chaos Computer Club (CCC).
Neumann claims that a sophisticated hack is not even necessary, citing a "one-click compromise" to manipulate results.
Germany says Russia could interfere in upcoming election https://t.co/LTRy0CgS2x— RT (@RT_com) September 3, 2017
In federal elections in Germany, votes are cast using pen and paper and are then initially counted by hand but results could be manipulated by hackers as the totals from each constituency are broadcast and tallied up at a national level, predominantly using a piece of software known as PC Wahl.
Martin Tschirsich, a 29-year-old IT scientist, discovered a glaring vulnerability in the PC Wahl software.
“At some point, the results need to be typed in somewhere. And from then on, a lot of things can happen digitally," Tschirsich told Spiegel Online.
The final results are said to be more difficult to tamper with, although the preliminary figures can be falsified, creating a false impression.
"If the final result was manipulated, it would be discovered immediately," Tschirsich conceded.
While each state has its own specific preliminary voting rules and employs various methods to transmit them using the PC Wahl or equivalent software, telephone or even fax, the president of the Federal Statistical Office (Destatis), Dieter Sarreither, claims such manipulation would be "extremely unlikely," reports The Local.
Scottish Parliament targeted in ongoing cyberattack https://t.co/PKCu96hdmy— RT (@RT_com) August 16, 2017
Despite the advanced warning, as 61.5 million eligible voters go to the polls at approximately 70,000 polling stations across the country on September 24, the integrity of Germany’s quasi-digital voting system has been severely undermined before a single vote has been cast.
The CCC pulled no punches in their independent analysis of Tschirsich’s claims, asserting that there are "a number of security problems and multiple practicable attack scenarios" in which "a state-funded team of hackers is not even necessary" to change the "vote totals across electoral district and state boundaries."
A separate analysis carried out in the Netherlands on its voting software, IVU.elect, yielded similarly damning results, the CCC said.
"It is simply not the right millenium to quietly ignore IT-security problems in voting… Effective protective measures have been available for decades, there is no conceivable reason not to use them,” Neumann said.