Here’s how to hack an election

06.13.2018
08:34 am
Topics:
Activism
Amusing
Crime
Politics
Tags:
hackers
phreakers
2600

Election hacking has been a pretty hot topic recently. Now that we know it is possible, you know, controlling the fate of a governed body through manipulated misinformation, we must acknowledge that it could happen again. Especially in a place like Manitoba, Canada.

The term “hacker” has been around for much longer than you think. The first reported case of an unauthorized entry into a private network was conducted on June 4th, 1903—by a magician. By this point on our technological evolutionary timeline, electromagnetic waves had been discovered and were being experimented with to communicate wireless messages. Italian engineer Guglielmo Marconi had gained much international attention for his accomplishment of the first successful wireless transmission across the Atlantic ocean (2,200 miles). Marconi claimed his methods to be impenetrable and Nevil Maskelyne, the skeptic British magician, sought to prove him wrong. During a very public demonstration at the Royal Academy of Sciences, Maskelyne tapped into Marconi’s signal, which was being broadcast from Cornwall, over three-hundred miles away. The hacked messages appeared in morse code on a projector screen and consisted of several jabs at Marconi and his “secure” network. Turns out, besides magic, Maskelyne was also employed by the Eastern Telegraphic Company, whose wired system would suffer from these new innovations to communication technology.

And then came phreaking. In the 1960s, it was discovered that one could “hack” into the public phone network through the manipulation of sounds. The most notable figure of the “phone freak” movement, which predates the personal computer, was a man who went by the alias of Cap’n Crunch. Mr. Crunch got his nickname from a toy whistle that came in specially marked boxes of the sugar cereal. When blown, the whistle could emit a frequency at 2600Hz, which, it was discovered, allowed a user to tap into nexus of the AT&T phone system and place free long distance calls. More advanced techniques of phreaking soon developed, through use of “blue boxes” that were built to replicate unique tones and frequencies. Before they started Apple, Steve Jobs and Steve Wozniak sold blue boxes to the hacker community. The first example of a fictional hacker in popular culture came with the Firesign Theatre’s 1971 comedy album I Think We’re All Bozos on This Bus where the main character causes an audio-animatronic Nixon robot to malfunction by asking it surreal and confusing questions.

Phreakers unite

2600: The Hacker Quarterly was started amid the phreaker scene in 1984. The seasonal publication, edited by a guy with the Orwell-inspired pen name of Emmanuel Goldstein, has served as an important resource within the hacking community as it has evolved over the years. Rather than focusing on the deliberately destructive and malicious tactics of hackers often portrayed in the media, 2600 benefits the less illegal intentions of the “grey hat hacker,” who is merely demonstrating his/her capabilities of penetrating into an off-limits system. In our complex digital world, the publication today has taken on more of an activist approach toward our digital and personal freedoms.

More of a dark-grey hat than anything, the Autumn 2007 issue of 2600: The Hacker Quarterly contained an article about hacking an election. More specifically, hacking an election in Manitoba (of all places). The article, pretty blatantly titled “Hacking an Election,” describes what seems to be a tedious and complicated scenario in which you manipulate the governmental system and, essentially, force your way into politics. All you really need are a bunch of willing participants, or “goons” as the author refers to them. Mind you, this process is purely hypothetical. A quick web search shows that no one has yet to take the author’s advice in Manitoba, but known vulnerabilities in their voting system have encouraged authorities to take extra precaution - especially in light of recent controversies.

Learn how to overtake Manitoba’s government in the original 2600 article and transcript below:

Hacking an Election (Autumn, 2007) by Dagfari

Working in Elections Manitoba has given me time to think - after all, it’s Government work, eh?

Manitoba’s election system is designed to provide secure paper voting with easy computer enumeration and vote counting and a thick paper trail. There are, however, multiple possible ways for a candidate to rig an election - at least for him. I’ll be showing you one of them.

In case you aren’t familiar with how provincial elections work in Canada, here’s how. Each party fields a candidate to each electoral division. Thirty-three days before the actual election, the current legislative assembly issues a writ. Then, for two weeks, enumeration takes place, with people going door-to-door collecting names of eligible voters and marking them down. The names are entered into the database and handled with computers from this point on. Each returning office serves one electoral division, and each division is further broken down into various voting areas of about equal population. For example, the “Fort Whyte” division is broken down into a total of 65 voting areas. Each area consists of between 200 and 350 voters; each area has its own voting place where the actual voting occurs.

A week before elections take place advance polls begin, and the next week, Election Day. But a certain candidate, Mr. Theoretically Corrupt, has already guaranteed himself a seat in the next legislative assembly! (oh noes)

Technology:
The enumeration software here for Elections Manitoba is called VES, the Voter Enumeration System. It’s a Microsoft Access program, secured for multiple users with passwords. If you have access to the Master computer for the returning office serving that division, you have direct access to that database which, if you can edit directly, you can add voters to with no security check.

I’m sure we all know the old adage about “when an authorized user has physical access, you lose all security.” The bonus is this: at least in my RO, the Master was routinely used as an extra data entry terminal. However, this sort of direct access is entirely unnecessary for a candidate to steal the election, as we’ll see…

The Snatch:
When the writ is signed, the Corrupt Candidate’s goons get jobs as enumerators for his division. As enumerators, they are given everything they need - a badge, a pen, and a carbon copy pad of forms to fill out with each person’s address, name, phone number, and other information.

There are no checks on whether the information filled out by each enumerator is necessarily true, and so it becomes a numbers game; 65 goons (one for each voting area) fill out an extra 20 names each. For some bonus, one could add names to vacant houses or add people in such a way that will not be detected with a casual observation of the list, like matching last names with people still at the address, or looking up names of dead relatives.

That’s an extra 1,300 votes for the candidate, and that is likely enough to turn the election towards whoever is willing to do it. On voting day, these goons step into the lines at three separate voting places and work their way through each voting area.

Of course, this only gains the party the candidate is a part of one seat seat in the assembly, hardly enough to form a government or wrest power away from a majority. However, if the corrupt candidate was running against someone important - the premier of the province, for instance - or if all candidates from one party were this corrupt, then it could cause a lot of hassle/panic/disaster.

Conclusion:
Thankfully, Canadian Elections’ decentralized structure makes this sort of election-rigging hard and costly to do by itself, and there is always the risk that the voters’ count would be noticed. It’s possible for the candidates goons to fill in names for those houses that don’t have any people living in them, or houses that are under construction, but that may take away from the total number of bonus votes.

As it is though, once a name is enumerated, the voter is considered to be “in the system” and identified. All each goon needs to identify himself is something that has both his fake name and the fake-or-not address on it. Drivers’ licenses are good, but for election-stealing purposes mail is better and easier to forge.

But of course, this all for informational and analytical purposes only. Any use of this information or any other information available in an illegal or dishonest manner is no fault of mine and not something I condone as the writer. Please, do not steal Manitoba’s Elections, money, software, or anything else. Thanks.