We modified all the ballots that had already been cast to contain write-in votes for candidates we selected. (Although the system encrypts voted ballots, we simply discarded the encrypted files and replaced them with different ones that we encrypted using the same key.) We also rigged the system to replace future votes in the same way.
We installed a back door that let us view any ballots that voters cast after our attack. This modification recorded the votes, in unencrypted form, together with the names of the voters who cast them, violating ballot secrecy. The hack left lots of traces that an intrusion detection system should have caught. Nonetheless, it went unnoticed for two business days until Friday afternoon when several testers directed election officials to the Michigan fight song playing on their $300,000 voting system. |