Hack reaction caught on pwned webcams

Powered by SC Magazine
 

Internet voting system hacked.

University of Michigan researchers have used webcams in a data centre to capture the moment administrators of an internet voting system learned they had been pwned.

The researchers participated in a sanctioned attack on the voting system developed by the Washington DC Board of Elections and Ethics [pdf].

The system was designed to allow military and overseas voters registered in cast electronic ballots in a local election.

However, prior to general use, it was subjected to a "mock election" process where "anyone" was invited to probe its security.

The University researchers found a shell-injection vulnerability on the mock server after several hours examining the application source code.

"We exploited the shell injection vulnerability to carry out several attacks that illustrate the devastating effects attackers could have during a real election if they gained a similar level of access," the researchers said.

Their attack attempts went unnoticed by the intrusion detection system (IDS) device deployed in front of the web server, because it "was not configured to intercept and monitor the contents of the encrypted HTTPS connections that carried" the attacks.

The researchers retrieved the public key used to encrypt ballots on the system. The key was used to change past and future votes lodged in the system.

Although the researchers took steps to cover their tracks, they left a "calling card" in the form of a video that appeared on a modified "Thank You" page.

In addition to attacks on the system, the researchers also severely compromised the physical network infrastructure on which the system operated.

The researchers used a publicly-available network topology diagram for initial clues as to the underlying architecture.

They were able to locate a terminal server, install a JavaScript rootkit to conceal their presence and eventually crack administrator passwords for various network boxes.

Acting as admins

The researchers said they helped repudiate an SSH attack from Iran on behalf of the actual network administrators.

A review of the terminal server logs showed attempts to guess SSH login passwords.

"We realised that one of the default logins to the terminal server (user: admin, password: admin) would likely be guessed by the attacker in a short period of time, and therefore decided to protect the device from further compromise that might interfere with the voting system test," the researchers said.

"We used iptables to block the offending IP addresses and changed the admin password to something much more difficult to guess.

"We later blocked similar attacks from IP addresses in New Jersey, India, and China."

Later, the researchers were able to gain broader access to other switches on the electoral network and change usernames and passwords - "effectively locking the administrators out of their own network".

Webcam access

On the same network, the researchers found a pair of publicly-accessible webcams showing the server room that housed the pilot network.

The cameras were pointed at the entrance to the room and at the rack of server and network hardware.

Malicious users could have watched the footage to determine the types of servers used or to "learn the pattern of security patrols" in the room.

The researchers had a different purpose. "We used them to gauge whether the network administrators had discovered our attacks," the researchers said.

"When they did, their body language became noticeably more agitated."

The University said it took election officials about 36 hours to notice the attacks. The tip-off appeared to come from posts to a mailing list joking about the calling card video.

Researchers said that while election officials deserved praise for opening their system to public tests, the successful attack highlighted the challenges in putting together a robust electronic voting system.

Copyright © iTnews.com.au . All rights reserved.


Hack reaction caught on pwned webcams
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 337

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 140

Vote