Readers of this blog may be getting bored about poll automation, however there are news articles that are pertinent and give good arguments that I believe ought to be posted here.
Dennis Posadas, the Deputy Executive Director of the Philippine Congressional Commission on Science, Technology and Engineering, wrote an article entitled, “Computers can be hacked, so what?” The article details that we take a lot of technology based risks everyday, but it doesn’t mean that we shouldn’t use them. In other words, we make dozens of cost-benefit analyses each day but in the end we mostly benefit.
I am all for the automation of elections, there’s a possibility of it being a game changer and we may actually have a lot less fraud at the polls… something unheard of in my generation. However, I believe that it should be correctly implemented to minimize fraud, because if not, all those billions of pesos in taxpayer money might not go to the pockets of our corrupt officials… oops I mean, all that money will be for nought, and we’ll have the same or even more problems than we do with the un-automated version. The length of time for implementation and the logistical challenges full poll automation presents just strenghthens the case that maybe partial automation may be better.
Technology is an enabler, it can enable poll fraud to be harder, or it can actually make it easier. It all depends on the process.
Intelligent, competent and honest people should run the show (poll automation in this case). Leaders that put too much confidence and give statements that a yet implemented system cannot be hacked, borderline on ignorance, and shouldn’t be there at all… unless of course they have technical advisors that are the best the country can offer.
Re-post of earlier Comments
I am re-posting an earlier comment by dts, made by Patrick Dailey since its in the comments section and may not be seen by people who don’t check the comments.
dts said
March 21, 2009 at 10:14 am e
Comments made by
Patrick Dailey CISSP, GCFA, IT Audit and Security Consultant – Managing Director at DigiThreat Solutions
[http://www.linkedin.com/newsArticle?viewDiscussion=&articleID=29343049&gid=1851931]
From an IT project management point of view, 80,000 machines with source code, voter information data, vote data, and other information will be installed throughout the country. Additionally, the provision of transmission of data to a centralized location (presumably via Internet) will have to be procured from each location where the machines are installed. Supplies of ballot paper, training, technical support, and warehousing are all part of this project, and all aspects of this project need to be completed by May 10th, 2010 (417 days from now). The winning bidder is announced on April 27th, 2009, giving the bidder 378 days to complete all tasks.
To say that this project is ambitious would be an understatement – let’s do the math. It will require that the winning bidder install the machines, the software, and (hopefully) test an average of over 200 machines a day, travel not included. This does not account for machines that are dead on arrival. Internet access will need to be procured at locations throughout the country. Ever tried to get an Internet connection procured in a remote province? It can take months to get a reliable connection even in Metro Manila. What about remote islands that offer no Internet service whatsoever?
Logistics will also play a major role – while slightly less than 2000 mothballed counting machines from the 2004 election are sitting in four floors of storage (costing taxpayers P30 million a year), how much storage will 80,000 counting machines require? If the same size of machines and stacking capability is utilized as is the current storage, it will require 160 floors, or roughly 40 hectares, of storage space. Phasing the storage of equipment in warehouses will add to the complexity of the project, and delivery of machines and other materials to the end location to install (and coordinating with the installers) would almost require a Ph.D. in logistics, if there was such a degree. Add training and technical support to the equation, and you have an extremely difficult project. I have no reason to doubt Mr. Tolentino when he has confidence in the bidders capabilities, but this type of project would stretch many large multi-national companies. Simply put, whoever wins this project has their hands very full, and I do wish them the best of luck.
Assuming the bidder can survive the project demands and logistics, they will then have to contend with the security risks that are involved with this undertaking. While “hackers” are the “in” thing to talk about, they are a very small subset of the overall security risks. Here are some very basic IT security questions the winning bidder should be asking before even bidding on the project:
-Are there a defined information security policies and procedures for this project?
-What is the overall network architecture of this project, including systems, ports, data transmission, data locations, and other pertinent information? Where are its weak points?
-Will firewalls be a part of the architecture? What is blocked? What is allowed? What is needed?
-Are wireless technologies utilized? If so, is it secured, or can someone sit outside the precinct offices and modify the votes?
-Is SMS an option being considered, and if so, what is being done to secure SMS?
-How does the transmission of data occur? Is it encrypted? If so, how?
-Is data transmission from one location to another vulnerable to man-in-the-middle or other attacks? If you do not know what a man-in-the-middle attack is, it is probably recommended that you not bid on this project.
-What happens if there is no electricity, or there is an outage during the middle of the election? What happens if there is an Internet/telco outage? Is there a detailed continuity and/or recovery program? If so, does the introduction of people handling the data provide added risk?
-How is the centralized data secured? Is it centralized on a SQL database? If so, how secure is your SA password and how vulnerable are you to SQL injection attacks?
-What if there are discrepencies between the vote tallies at the precinct, and the vote tallies that ends up being stored at the centralized location? What happens?
Many more IT questions could and will be asked, but the IT questions go well beyond the source code of the application. The source code could be absolutely fine, but if the underlying architecture has problems, then there are significant risks. It’s like building a mansion on an unstable slope – it might look good, but will crumble at the first sign of stress.
In a case such as elections, people pose an additional risk. Some questions to ask include:
-Will all programmers, installers, and other employees undergo background checks to help ensure that they cannot be compromised by third parties?
-How are devices physically secured from being compromised? Are guards watching them? If so, do they know what to look for? Or are they part of the problem?
-What if it weren’t typical “hackers”, but a foreign government trying to ensure that their preferred candidate gets elected? If you think that is far-fetched, then why were both the campaigns of John McCain and Barack Obama hacked by a foreign entity last year while leading up to the election? Why is the Chinese government repeatedly alleged to be hacking into foreign government systems?
The project scope, risks, and huge budget make this an extremely difficult endeavor. While Mr. Tolentino makes some pretty bold statements, it’s ultimately up to the winning bidder to follow through on the assertions he has made. Our company, as I am sure many other information security companies, would love to see the finished product. However, the source code is only a small component of the overall product and project, and will not give an overall picture of the security of the 2010 elections.
Seminars and Conventions
DEFCON Philippines BeerTalk II will be on April 24, 2009 7PM at Grilla, Paseo De Roxas Avenue Branch (near Greenbelt), Makati City, Philippines
THE 2ND SOCIAL NETWORKING AND E-BUSINESS CONFERENCE 2009 will be on April 23 – 24, 2009 at the Grand Ballroom, Hotel Intercontinental, Makati City, Philippines
Tools for Man in the Middle Attacks
Middler by Jay Beale
sslstrip by Moxie Marlinspike
Tips
(The H Security) The right way to handle encryption with Firefox 3
Other InfoSec News
(SC Magazine US) Internet Explorer 8 “critical” flaw in final version
(Computerworld Philippines) New IE8 still the slowest browser
(SearchSecurity) Internet Explorer 8 includes a bevy of security features
(Computerworld) IE8 best at blocking malware sites, says Microsoft sponsored study
(The Register) A grim day for browser security at hacker contest
(The H Security) Pwn2Own 2009 ends: Smartphones & Chrome unbroken
(The Register) Newfangled rootkits survive hard disk wiping
(Security Focus) Researchers aim low to root hardware
(SC Magazine US) OWASP Security Spending Benchmarks Report published
(Computerworld Philippines) Asia’s top infocomm event continues to chart region’s IT direction
(Security Focus) China more friend than foe, says white hat
(Computerworld) In poor economy, IT pros could turn to e-crime
(Security Focus) Cybercriminals optimize search for cash
(The Register) Scareware affiliates playing search engines
(Washington Post – Security Fix) Web Fraud 2.0: Data Search Tools for ID Thieves
(The Register) Cybercrime server exposed through Google cache
(The Register) Worm breeds botnet from home routers, modems
(The H Security) Botnet based on home network routers
(The H Security) An Analysis of Conficker-C
(Computerworld) Conficker’s next move a mystery to researchers
(The H Security) Twitter XSS vulnerability
(SecurityFocus) No more bugs for free, researchers say
(The H Security) HP publishes free security tool for Flash developers
(Computerworld) Start-up unveils hybrid cloud/on-site backup service
(SearchSecurity) Diebold ATMs in Russia targeted with malware
(The H Security) Windows Trojan on Diebold ATMs
(SearchSecurity) Firms muddle security breach response, expert says
(SearchSecurity) Microsoft Threat Management Gateway has some drawbacks
InfoSec Philippines 