Electronic-voting firm reveals hacker break-in

R. A. Hettinga rah at shipwright.com
Tue Dec 30 10:26:15 EST 2003 

<http://seattletimes.nwsource.com/cgi-bin/PrintStory.pl?document_id=2001825724&zsection_id=268448455&slug=votehere300&date=20031230>

Tuesday, December 30, 2003, 12:00 A.M. Pacific

The Seattle Times:
Electronic-voting firm reveals hacker break-in

By Monica Soto Ouchi
Seattle Times technology reporter

Bellevue-based VoteHere, which sells software designed to make electronic
voting more secure, said yesterday a hacker it thinks was politically
motivated broke into its computer system and stole nonsensitive internal
documents.

The break-in occurred in October but was only publicly acknowledged
yesterday by Chief Executive Jim Adler.

The incident occurred after the hacker exploited a vulnerability in the
company's corporate software. VoteHere was "a couple days behind" updating
a security patch, spokeswoman Stacey Fields said.

VoteHere said it identified the hacker within 24 hours of the break-in and
that it believes the person is affiliated with anti-electronic voting
organizations.

The Washington Cyber Crime Task Force - an affiliation of FBI, U.S. Secret
Service and local law enforcement - is investigating.

No one has been arrested, Fields said.

The breach comes amid growing concern about the security and reliability of
electronic voting.

Bev Harris, who runs a small Renton public-relations firm, helped energize
citizens and computer scientists concerned with the potential for election
fraud after earlier this year discovering an open, unprotected Web site
that revealed source code for Diebold voting machines.

The most vocal opponents have called for electronic-voting systems to be
backed up by voter-verifiable paper audit trails, a move adopted by
California's secretary of state.

VoteHere sells two electronic-voting products. One, encryption-security
software for electronic-voting machines, detects when ballots are
compromised by adding, deleting or changing a vote.

The other is Internet voting software for private and public elections.

Adler said the hacker didn't access sensitive materials because the
company's business model rests upon releasing its source code for all to
see.

VoteHere deploys the same encryption technology used to keep credit-card
data private during online transactions. The secret is the "key data," a
10-digit number that unlocks the information.

"We're a bunch of cryptographers that decided all the algorithms must be
public for the system to be trustworthy," Adler said.

"There's no secret in any of this."

VoteHere released some of its source code earlier this year to be
scrutinized by VerifiedVoting.org, a grass-roots organization pressing for
accountability in election systems.

David Dill, the group's founder and a Stanford University computer-science
professor, said he has yet to find a volunteer with the expertise to verify
the company's systems.

"What I think we need, before I'm confident in a system like VoteHere, is a
near consensus among experts in cryptography and election administration
that the system is trustworthy," Dill said.

"At this point, people haven't looked at it enough to gain a consensus."


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list