Brazilian Hacking Attempts Fail To Break Brazilian E-Voting, But Do Improve The Process

from the how-hard-was-that dept

Tue, Nov 17th 2009 1:09am — Mike Masnick

We pointed out recently that Brazil was allowing groups of hackers and security experts to hack their e-voting machines, something that the e-voting industry has always resisted angrily. The e-voting companies have never been able to adequately explain why experts shouldn't be able to try to hack the machines, and all it did was lead to more distrust over the machines. However, the Brazil test has been concluded, and there's some good news: no one was able to crack the machines. However, with all the hack attacks, officials did learn a few things that are helping them to improve the overall process with the machines. It's really amazing that we still don't have something similar happening in the US.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: brazil, evoting, hacking, security

16 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Tor (profile), 17 Nov 2009 @ 1:14am

Security vs. obscurity
Let me quote the introduction of Applied Cryptography by Bruce Schneier:

"If I take a letter, lock it in a safe, hide the safe somewhere in New York, then tell you to read the letter, that's not security. Thats obscurity. On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications of the safe and a hundred identical safes with their combinations so that you and the worlds best safecrackers can study the locking mechanism - and you still can't open the safe and read the letter - thats security."

The E-voting industry clearly seems to favour obscurity over security. It's good to see some of their customers challenge that view.
[ link to this | view in chronology ]
- Harshal (profile), 17 Nov 2009 @ 2:28am
  
  Re: Security vs. obscurity
  That's exactly right.
  [ link to this | view in chronology ]
Anonymous Coward, 17 Nov 2009 @ 2:03am

Let's try something new.

Bt2YASUBITAhITAhLZ30gaatx5SIoeCBiIvy8MAtlObFzhnNZKGkJ3dCuU57iS0sE1A8Oi9iLI3u
fSuQIsiS

Sh ould be easy.
[ link to this | view in chronology ]
Anonymous Coward, 17 Nov 2009 @ 2:34am

Amazing!

ZyLYTgNU4ioY1gxZRpt/swXLqdZBsnVR+6BH9spw0iBLI99sajGXtKWDaePTue3al+1+M2KpDOsR
YRoohInpdc 6SFBg2scNvFx+t9yPm/0U/2rMSjcPY+cZQampV9ERz1deK5dERArh/8tXPAe7sJb63
mSUo4EGlgN0iEpoG/vMofFOokZB9lnL1 7ELHt7WjybrAtpm2gFDh6xDkMHhncMv4Kv4nYbFh3WLW
iv8aRyyyH5xqE7qC3JUB8O6HEf15Ui3cZC6Pa9ob6HkpwYEzOT6wNV /RtGGCXzImAdwgS7SC+IKm
ID913Fy94KnB+GXhw1+oYuooOyqdcgPkO0lEyOERM2YGqRTwg0CeYujeZAI+wkwIcJc3C6G4w3x3
ojxUwMIFo8Lx7rNANALSSuwrA3iKenLZZad19iNYMtMSf2QXwZY0z+37PS4cSdD7ttt1NQQ5zEei
dZnRSoeiIimML3pF1NDz PHRAWSULIesAqyMbmQrnQQKO0i3iid28f5kmhEn3nbi1iKOUtB9kWROZ
Ek+OJVSNyTHM426LrBY5dcA4/jeKL2U6leuaQXNlCS lMk56cVOOLS8/pqtYOzg6AlL98ni9uj0P0
m0DxR/iz+1Ariz95XY+xg8PgQebwlD3MeIp6ctllp3VS8ZI2U6LrarBRGZ3jkTD2 fDCLtVbs//5x
+gjqjeK106CdXzoYu/w5gJGsPofaZetfDklZ/9ZuTW9Dty26JApx/QH2eEYsIyB7UbJ3xa8Y6vrH
R6LLkQCB QgjkRUuG+DUKYqDreeeCGiMWvxCH7Ch7ZV3QzStJ4DxKaUdk53BUdTfsnyc3jhLBwSai
+lSTv/QOChWpqvE8l+km7GOMtFNYFk zu8lEfmtQydEYhh2Ok/TTXWyyRTXuMF4Vwp77VfrZEHHU7
xOlJ75/R72wHOsz+DzhUmA63HNbgBqGs0gHQ0bCO3ZTFMx+O3WhE EVQzBhY=
[ link to this | view in chronology ]
MaGioZal, 17 Nov 2009 @ 2:47am

Brazilian E-Voting system
Well, you should not consider my opinion “impartial” since I am Brazilian myself…

…but anyway I think that the current Brazilian E-Voting system is one of the best in all world, miles and miles ahead of the clumsy, regionalized method of voting in the United States…
[ link to this | view in chronology ]
- Fagundes, 17 Nov 2009 @ 5:23am
  
  Re: Brazilian E-Voting system
  You should not forget that Brazilian banking system compensates a check in 1 working day (very different from the Europe, which takes longs 4 day in the best cases), keeping in mind that Brazil is a wide country in geographic terms.
  
  That is why some countries in development are showing amazing things like this example about the e-voting.
  [ link to this | view in chronology ]
Anonymous Coward, 17 Nov 2009 @ 3:13am

p5rcVnK0uac+CR1n+0ZlbXQSxFPuDWj59arQ8XyqrI/iaMxbRuz4sl09L7F6zBxMOXhsdJZVZXFy
Kny5PGBCSC8JbY5Zbt/6uY 2jLaqUqueMsCpqFzUha9HkHeeo97u/wghNhGjII84Y5QT53klypMR2
vrs7t0tvIYHbFnJPvBaPKNi/myBuMeX0m4/9oJ1qZlFS GAbNfLRXFpVXAiIV7Tuiy7q/g8gjWaIU
WV3Os9PsZbBAG2fjv8PUADCTFUIuKCnSgts1rrmbXdRl+TnZ8uY4CFds6AHr

Wh at do you think? Should I leave it at shaving cream?
[ link to this | view in chronology ]
Anonymous Coward, 17 Nov 2009 @ 5:06am

What company made these machines?
I doubt it was diebold, sequoia or es&s
[ link to this | view in chronology ]
- Fagundes, 17 Nov 2009 @ 5:25am
  
  Re:
  As far as I know, it was a Brazilian company called Procomp, but they have been purchased by Diebold (or at least they have a good slice in their shares).
  
  http://www.diebold.com.br/
  
  Cheers
  [ link to this | view in chronology ]
  - Fagundes, 17 Nov 2009 @ 5:28am
    
    Re: Re:
    http://www.diebold.com.br/M_Eleitoral.asp
    That is the specific page about the E-Voting system.
    [ link to this | view in chronology ]
Anon, 17 Nov 2009 @ 8:24am

So how many is a Brazilian anyway?
[ link to this | view in chronology ]
Anonymous Coward, 17 Nov 2009 @ 8:38am

We need an end to end user verified voting system. Scholars and researchers with Ph.D's in cryptography have spent years working on them and now we have systems that are doable, or are at least a huge improvement over what we currently have (I vote on paper and have no way to verify or audit anything).
[ link to this | view in chronology ]
joão Rossi, 17 Nov 2009 @ 9:47am

Bogus
The test was completely bogus, done by public employees designated by their bosses, using governments computers, having to tell govt what to do before hand, not being able to study the machines before hand!!!!!!!

The Brazilian voting system SUCKS!!!!!!!!!!!

And yes, it is made by DIE bold
[ link to this | view in chronology ]
Nastybutler77 (profile), 17 Nov 2009 @ 10:07am

Coming soon to a commercial near you
How long before Diebold starts touting these testing results to elections boards across the US? Not to mention useing them as a way to not have to submit to testing here. "Oh you don't need to try and crack our software; they already tried in Brazil."
[ link to this | view in chronology ]
Hardik Upadhyay (profile), 17 Nov 2009 @ 10:26pm

Hacking has always helped to enhance security
Hacking attempts are always required for the successful testing of any system.

And it will be good if the attempt is made by someone outside the system.

It is a mixed feeling but in the future much more robust system should be made so that the systems are not hacked frequently.
[ link to this | view in chronology ]
vyvyan, 18 Nov 2009 @ 2:47am

maybe someone have figured out the way and is keeping mum to use it in next election. :P
[ link to this | view in chronology ]