German elections inadequately protected from hacking
                 Source: Xinhua | 2017-09-08 22:17:40 | Editor: huaxia

Supporters of German Chancellor Angela Merkel attend an election rally for Germany's federal election in Fulda, Germany, on Aug. 25, 2017. Germans will elect a new federal parliament on Sept. 24. (Xinhua/Luo Huanhuan)

BERLIN, Sept.8 (Xinhua) -- The election software used by German authorities to compile and count votes contains serious security flaws, making it susceptible to hacking, a group of information technology (IT) specialists have found.

German newspaper ZEIT asked the Chaos Computer Club (CCC) to investigate the election software and reported on the findings on Thursday. According to CCC spokesperson Linus Neumann, the program was so poorly encrypted that it "should have never been used."

Martin Tschirsich, a 29-year-old postgraduate IT student at the University of Darmstadt who found the flaws, noted that while votes are still counted by hand, they are subsequently summarized and transmitted electronically. "The election is not safe. It can be hacked," he warned.

In his personal research, he identified a 30-year-old program called "PC Wahl," which is described by its developer as "the most-widely used election organization program by German administrations." Although the program is officially only available for sale to government entities as a security measure, Tschirsich succeeded in downloading the software online.

Furthermore, the 29-year-old discovered several passwords needed to access restricted features and even its source code through simple internet searches. His investigation revealed that authorities had relied on facile encryption techniques, such as the use of easy-to-guess passwords like "test."

Confronted with the prospect of hacking attempting to sabotage the voting process, officials have insisted that Germany was protected by its use of hand-written ballots at the country's 70,000 polling stations.

"The prevention of possibilities for manipulation of preliminary voting results is of the utmost priority," a spokesperson of the Federal Office for Information Security said.

A recent report by the interior ministry had predicted that "cyber attacks could attempt to manipulate election results during their transmission, inserting false voting outcomes or technically preventing the transmission of preliminary results."

The German Federal Election Commissioner (Bundeswahlleiter) responded by publicly emphasizing that the federal election was "protected from all types of manipulation attempts."

Experimenting with a previous election in the state of Hesse, Tschirsich was able to manipulate the data transmitted between communes on PC Wahl, as well as information compiled with other software by regional election government authorities.

He claimed that by following his steps, hackers could easily falsify the preliminary election results on Sept. 24 throughout Germany.

When presented with the worrying findings by ZEIT, Communal Election Commissioner Gerhard Benneman agreed that the digital system in place was "inappropriate." When pressed further on the subject, Benneman was not convinced that the loopholes in PC Wahl did not constitute a problem. He said that all it would take would be for hackers to publish false preliminary results in order to sow doubts among German voters in the integrity of their electoral system. Nevertheless, he insisted that the election results could always be verified by recounting the original paper ballots. "The final result is safe regardless," Benneman said.

PC Wahl developer Volker Berninger argued similarly, defending the security of the election system. "In the worst-case scenario, somebody could cause confusion (by following Tschirsich's hacking procedure). Wrong results would appear on the internet, but the correct results would be preserved on paper. That would lead to anger and confusion, but has no relevance otherwise," he told ZEIT.
Back to Top Close
Xinhuanet
首页 时政 国际 港澳 台湾 财经 法治 社会 纪检 体育 科技 军事 文娱 图片 视频 论坛 博客 微博

German elections inadequately protected from hacking

Source: Xinhua 2017-09-08 22:17:40

Supporters of German Chancellor Angela Merkel attend an election rally for Germany's federal election in Fulda, Germany, on Aug. 25, 2017. Germans will elect a new federal parliament on Sept. 24. (Xinhua/Luo Huanhuan)

BERLIN, Sept.8 (Xinhua) -- The election software used by German authorities to compile and count votes contains serious security flaws, making it susceptible to hacking, a group of information technology (IT) specialists have found.

German newspaper ZEIT asked the Chaos Computer Club (CCC) to investigate the election software and reported on the findings on Thursday. According to CCC spokesperson Linus Neumann, the program was so poorly encrypted that it "should have never been used."

Martin Tschirsich, a 29-year-old postgraduate IT student at the University of Darmstadt who found the flaws, noted that while votes are still counted by hand, they are subsequently summarized and transmitted electronically. "The election is not safe. It can be hacked," he warned.

In his personal research, he identified a 30-year-old program called "PC Wahl," which is described by its developer as "the most-widely used election organization program by German administrations." Although the program is officially only available for sale to government entities as a security measure, Tschirsich succeeded in downloading the software online.

Furthermore, the 29-year-old discovered several passwords needed to access restricted features and even its source code through simple internet searches. His investigation revealed that authorities had relied on facile encryption techniques, such as the use of easy-to-guess passwords like "test."

Confronted with the prospect of hacking attempting to sabotage the voting process, officials have insisted that Germany was protected by its use of hand-written ballots at the country's 70,000 polling stations.

"The prevention of possibilities for manipulation of preliminary voting results is of the utmost priority," a spokesperson of the Federal Office for Information Security said.

A recent report by the interior ministry had predicted that "cyber attacks could attempt to manipulate election results during their transmission, inserting false voting outcomes or technically preventing the transmission of preliminary results."

The German Federal Election Commissioner (Bundeswahlleiter) responded by publicly emphasizing that the federal election was "protected from all types of manipulation attempts."

Experimenting with a previous election in the state of Hesse, Tschirsich was able to manipulate the data transmitted between communes on PC Wahl, as well as information compiled with other software by regional election government authorities.

He claimed that by following his steps, hackers could easily falsify the preliminary election results on Sept. 24 throughout Germany.

When presented with the worrying findings by ZEIT, Communal Election Commissioner Gerhard Benneman agreed that the digital system in place was "inappropriate." When pressed further on the subject, Benneman was not convinced that the loopholes in PC Wahl did not constitute a problem. He said that all it would take would be for hackers to publish false preliminary results in order to sow doubts among German voters in the integrity of their electoral system. Nevertheless, he insisted that the election results could always be verified by recounting the original paper ballots. "The final result is safe regardless," Benneman said.

PC Wahl developer Volker Berninger argued similarly, defending the security of the election system. "In the worst-case scenario, somebody could cause confusion (by following Tschirsich's hacking procedure). Wrong results would appear on the internet, but the correct results would be preserved on paper. That would lead to anger and confusion, but has no relevance otherwise," he told ZEIT.
010020070750000000000000011100001365952631