By Contributor on December 13, 2013

By Brad Friedman

We've discussed, many times over the years, the madness of Internet Voting schemes. Today we've got yet another piece of disturbing evidence that underscores why such a scheme for American democracy would be nothing short of insane.

The BRAD BLOG has highlighted how easily Internet elections can be hacked by all sorts of nefarious folks (perhaps most disturbingly, without the knowledge of election officials); how various experiments in Internet Voting have proved disastrous (Hello, Canada! Hello, Honolulu! Hello, Oscars!); and how it is simply impossible to do a true pilot test of any such Internet Voting schemes in advance, since the most dangerous tactics that bad guys might throw at an Internet-based election in order to game it are actually illegal. Because of that, good guy "white hat hackers" wouldn't be able to use those same techniques to test the security of any Internet Voting scheme before it was actually put into use in a live election.

Moreover -- and perhaps the deal-breaker when it comes to the viability of Internet Voting ever being workable in public elections -- even if the Internet Voting scheme remains secure, there is no way that the citizenry can know that was the case. Any such scheme would require faith and trust in others, which is decidedly not what our system of oversight and checks and balances in public elections is supposed to be built on. Thus, even a secured Internet Voting scheme would seriously undermine the basic tenets of, and overall confidence in, American democracy.

Now, Kim Zetter at Wired's "Threat Level" blog offers yet another reason why the Internet, as it currently exists, is simply unfit to serve as a means for secure online voting. Her recently published article, which doesn't focus on voting, is alarmingly headlined "Someone's Been Siphoning Data Through a Huge Security Hole in the Internet".

And no, in this case, it's not the NSA. At least as far as we know.

Zetter details a "huge security hole" indeed, one which, as she documents, was found to have been used earlier this year to re-route "vast amounts" of U.S. Internet data all the way out to Belarus and Iceland, where it was intercepted in a classic "man-in-the-middle" fashion, before being sent on to its intended receiver. During the hijack attack, the senders and receivers of the Internet data were none the wiser, just as would likely be the case if the same gaping security hole in the Internet's existing architecture was used to hijack votes cast over the Internet, change them, and then send them on to the server of the intended election official recipient...

Here's the lede of Zetter's piece:

In 2008, two security researchers at the DefCon hacker conference demonstrated a massive security vulnerability in the worldwide internet traffic-routing system -- a vulnerability so severe that it could allow intelligence agencies, corporate spies or criminals to intercept massive amounts of data, or even tamper with it on the fly.

The traffic hijack, they showed, could be done in such a way that no one would notice because the attackers could simply re-route the traffic to a router they controlled, then forward it to its intended destination once they were done with it, leaving no one the wiser about what had occurred.

Now, five years later, this is exactly what has happened. Earlier this year, researchers say, someone mysteriously hijacked internet traffic headed to government agencies, corporate offices and other recipients in the U.S. and elsewhere and redirected it to Belarus and Iceland, before sending it on its way to its legitimate destinations. They did so repeatedly over several months. But luckily someone did notice.

And this may not be the first time it has occurred -- just the first time it got caught.

Analysts at Renesys, a network monitoring firm, said that over several months earlier this year someone diverted the traffic using the same vulnerability in the so-called Border Gateway Protocol, or BGP, that the two security researchers demonstrated in 2008. The BGP attack, a version of the classic man-in-the-middle exploit, allows hijackers to fool other routers into re-directing data to a system they control. When they finally send it to its correct destination, neither the sender nor recipient is aware that their data has made an unscheduled stop.

Zetter goes on to explain that the hijack attacks were found to have captured "vast amount of sensitive information," and occurred "at least 38 times...sometimes for minutes, other times for days -- and they did it in such a way that, researchers say, it couldn't have been a mistake."

In this case, the attacks were initially believed to be targeting financial information, "since traffic destined for a large bank got sucked up in the diversion." But then they found "traffic intended for the foreign ministries of several countries" had been diverted as well as data from a "large VoIP [Voice over IP, Internet telephone] provider in the U.S., and ISPs that process the internet communications of thousands of customers."

Read the full story for much more on the disturbing technical details, but essentially the exploit takes advantage of an Internet infrastructure "feature" that allows anyone with the access to a BGP router to spoof the normal path of Internet traffic to take a longer trip before arriving at its intended location. Zetter's explains it this way [emphasis added]:

BGP eavesdropping has long been a known weakness, but no one is known to have intentionally exploited it like this until now. The technique doesn't attack a bug or flaw in BGP, but simply takes advantage of the fact that BGP's architecture is based on trust.

To make it easy for e-mail traffic from an ISP in California to reach customers of an ISP in Spain, networks for these providers and others communicate through BGP routers. Each router distributes so-called announcements indicating which IP addresses they're in the best position to deliver traffic to, for the quickest, most efficient route. But BGP routers assume that when another router says it's the best path to a specific block of IP addresses, it's telling the truth. That gullibility makes it easy for eavesdroppers to fool routers into sending them traffic they shouldn't get.


To intercept data, anyone with a BGP router or control of a BGP router could send out an announcement for a range of IP addresses he wished to target that was narrower than the chunk advertised by other network routers. The announcement would take just minutes to propagate worldwide and, just like that, data that should have headed to those networks would begin arriving to the eavesdropper's router instead.

What makes this exploit particularly disturbing is that no one may ever even know that it occurred. In a blog post by Renesys cited by Zetter, the firm warns: "What makes a man-in-the-middle routing attack different from a simple route hijack? Simply put, the traffic keeps flowing and everything looks fine to the recipient...It's possible to drag specific internet traffic halfway around the world, inspect it, modify it if desired, and send it on its way."

A similar BGP hijack is said to have taken place in 2010, when according to a report from the US-China Economic and Security Review Commission "For about 18 minutes on April 8, 2010, China Telecom advertised erroneous network traffic routes that instructed US and other foreign Internet traffic to travel through Chinese servers. Other servers around the world quickly adopted these paths, routing all traffic to about 15 percent of the Internet's destinations through servers located in China."

In that case, as the report details, the incident affected traffic to and from U.S. government and military sites, "including those for the Senate, the army, the navy, the marine corps, the air force, the office of secretary of Defense, the National Aeronautics and Space Administration, the Department of Commerce, the National Oceanic and Atmospheric Administration, and many others." Some commercial traffic from Yahoo!, Microsoft and IBM were also said to have been affected.

A computer security expert we spoke with about that BGP rerouting incident was dubious about the explanation that the traffic diversion was done accidentally, as claimed by China.

Such an attack is, obviously, a horrifying possibility for an Internet-based election, and there seems to be no way to block the ability for such an attack to be carried out, given the way the Internet itself is currently set up to operate. To affect an election, rerouting by such an attack would only one need to be run during hours that the polls are open, or even just a portion of that time. Since this exploit targets specific IP addresses, it could, theoretically, target only the computers used for voting at the polls, or in very specific areas.

Data from Internet votes cast at a precinct (or from a smart phone, or whatever other sort of scheme these Internet Voting loons seem to keep dreaming up) could be hijacked, modified, and then sent to the official election server without anybody ever knowing anything had happened. Since we have secret ballots in U.S. elections, it would be largely impossible to compare the original votes to the ones that were ultimately recorded.

While Internet Voting companies enjoy bragging about things like "military-grade encryption" of data -- or whatever nonsense these election profiteers use to fool gullible lawmakers and others into believing that online elections can be carried out securely -- we've seen enough information about encryption keys being stolen or broken or, thanks to leaks by Edward Snowden and others, the government itself "legally" securing their own access to such keys in order to decrypt (and then modify) just about anything they like...Not that any government entity, someone else's or our own, would have any interest in modifying the results of a U.S. election or anything.

Of course, rather than unencrypt and modify the data, which is more complicated, the data could also simply be deleted, rather than passed on to its final destination at all.

Nobody knows who was behind the particular hijacks described in the Wired piece, and it may be impossible to ever identify the culprits since, according to Renesys' analysis cited by Zetter, while "systems in Belarus and Iceland initiated the hijacks, it's possible that those systems were hijacked by a third party that simply used them as a proxy for the attacks."

Again, this is not something easily "fixed" on the Internet. It's a feature of the architecture, not a bug. So there seems to be little that could be done to change or correct it before voting was carried out over that same Internet, as many of those profiteers -- and too many Democrats and Republicans -- continue to call for.

When reached for comment by The BRAD BLOG, electronic voting expert Dr. Barbara Simons, a former IBM research, past President of the Association for Computing Machinery [ACM] President and co-author of Broken Ballots: Will Your Vote Count?, shared similar concerns to ours about this type of exploit used to tamper with an Internet election.

Simons, one of a number of world-class computer and security experts who have been long time outspoken opponents of Internet Voting schemes, agreed that "Based on what I read in [the Wired] article, it seems to me that a man-in-the-middle attack on Election Day is indeed a cause for concern."

Another computer security and voting system expert we spoke to who preferred we not use his name, noted that actually changing votes on the fly might be difficult, but deleting them entirely would not be.

"The diversion of traffic is a very serious matter for a number of reasons, but I would say that attacks on votes in transit would be low on the list. Vote traffic, done right, would be encrypted, as you point out, and so traffic diversion alone does not allow for the reading or modification of ballots," he explained via email. "It would require getting the keys as well. Also as you point out, we now know of several ways that the NSA does that (or causes weak keys to be used) so it is not impossible, but it requires both a traffic diversion and access to keys to accomplish -- a two part attack, which is much harder to pull off. However, simply throwing away ballots in transit, based on unencrypted metadata like the sender's IP address, would be absolutely easy."

Simons, who is a member of the Board of Advisors to the U.S. Election Assistance Commission (EAC) and co-authored a report in 2004 that led to the cancellation of a Dept. of Defense Internet Voting project ("Secure Electronic Registration and Vote Experiment" or SERVE) due to security concerns, notes that voting over the Internet isn't the only thing that might be affected by such an attack.

Online voter registration, she says, could potentially be corrupted by the very same type of exploit. "The risk is that a voter's address could be modified, without the voter's knowledge. This could be a serious problem in states that are primarily or exclusively vote-by-mail."

Oh, yeah. There's that too.

Photo: Flickr creative commons.

Originally published on The BRAD Blog, republished with permission.


Add new comment

By submitting this form, you accept the Mollom privacy policy.


Subscribe to The Progressive

When Californians need more water, they take it from their neighbors. Image credit: Robert Goldstrom

Tweet from @PlthomasED reads: "Education activism for equity does not have to be perfect but we should seek to rise above those we critique in word and deed"

Likely as a consequence of being a critical educator and my own proclivities as a non-joiner skeptic, I remain...

Imagine a politician so desperate to stay relevant that he runs out and takes the most contrary position possible to...

By Wendell Berry

Manifesto: The Mad Farmer Liberation Front

Love the quick profit, the annual raise,
vacation with pay. Want more 
of everything ready made. Be afraid 
to know your neighbors and to die.
And you will have a window in your head.
Not even your future will be a mystery 
any more. Your mind will be punched in a card 
and shut away in a little drawer.
When they want you to buy something 
they will call you. When they want you
to die for profit they will let you know. 
So, friends, every day do something
that won’t compute. Love the Lord. 
Love the world. Work for nothing. 
Take all that you have and be poor.
Love someone who does not deserve it. 
Denounce the government and embrace 
the flag. Hope to live in that free 
republic for which it stands. 
Give your approval to all you cannot
understand. Praise ignorance, for what man 
has not encountered he has not destroyed.
Ask the questions that have no answers. 
Invest in the millennium. Plant sequoias.
Say that your main crop is the forest
that you did not plant,
that you will not live to harvest.

Say that the leaves are harvested 
when they have rotted into the mold.
Call that profit. Prophesy such returns.
Put your faith in the two inches of humus 
that will build under the trees
every thousand years.
Listen to carrion—put your ear
close, and hear the faint chattering
of the songs that are to come. 
Expect the end of the world. Laugh. 
Laughter is immeasurable. Be joyful
though you have considered all the facts. 
So long as women do not go cheap 
for power, please women more than men.
Ask yourself: Will this satisfy 
a woman satisfied to bear a child?
Will this disturb the sleep 
of a woman near to giving birth? 
Go with your love to the fields.
Lie easy in the shade. Rest your head 
in her lap. Swear allegiance 
to what is nighest your thoughts.
As soon as the generals and the politicos 
can predict the motions of your mind, 
lose it. Leave it as a sign 
to mark the false trail, the way 
you didn’t go. Be like the fox 
who makes more tracks than necessary, 
some in the wrong direction.
Practice resurrection.

Wendell Berry is a poet, farmer, and environmentalist in Kentucky. This poem, first published in 1973, is reprinted by permission of the author and appears in his “New Collected Poems” (Counterpoint).

Public School Shakedown

Progressive Media Project