You are viewing this article in the AnnArbor.com archives. For the latest breaking news and updates in Ann Arbor and the surrounding area, see MLive.com/ann-arbor
Posted on Tue, Oct 5, 2010 : 12:34 p.m.

University of Michigan student hacks into Washington D.C. online voting system

By Nathan Bomey

A University of Michigan student apparently hacked into Washington D.C.'s new online voting system during a weeklong trial period in which the system was being tested, the Washington Post and Wired.com are reporting.

The D.C. Board of Elections and Ethics had asked outsiders to attempt to infiltrate the system. So a U-M professor promptly "unleashed his students" on the voting system, which was designed to allow military and overseas voters to cast ballots digitally, the Post reported.

Wired and the Post reported that after users cast votes through the system, the U-M fight song "The Victors" started playing -- the kind of calling card that is typical of software hackers.

In response, D.C. is reportedly scaling back its system until the security risk can be mitigated.

It was not immediately clear which professor and student were responsible for exploiting the system's security flaw. U-M is considered a global source of information technology security expertise.

Contact AnnArbor.com's Nathan Bomey at (734) 623-2587 or nathanbomey@annarbor.com. You can also follow him on Twitter or subscribe to AnnArbor.com's newsletters.

Comments

Steve Pierce

Wed, Oct 6, 2010 : 12:03 p.m.

The first paragraph gives the impression that the hack was not authorized. It should be made clearer that the DC Clerk invited anyone to test the integrity of the system. http://gawker.com/5656641/students-hack-washington-dcs-web-voting-system-to-play-college-fight-song

SonnyDog09

Wed, Oct 6, 2010 : 10:53 a.m.

kudos to the UM researchers for their work. I read the blog posting that detailed the hack, and it really irritates me that the voting system was built in such a shoddy manner. Do we know what company did the development, so I can make sure never to do business with those incompetents?

Phil Dokas

Wed, Oct 6, 2010 : 8:50 a.m.

As Dug pointed out, the Professor was J. Alex Halderman who did the work with two of his PhD students, Eric Wustrow and Scott Wolchok, along with Dawn Isabel, a UMich technical staffer. Of interest to the Ann Arbor community is the fact that Mr. Wustrow is from town, graduating from Pioneer where, coincidentally, his mom taught the computer programming classes.

Jay Allen

Wed, Oct 6, 2010 : 8:21 a.m.

Yep, those darn Republicans hacking into voting machines to fix the next election. OMG, get a clue. I suggest stop visiting the medical marijuana dispensaries as paranoia is known side effect in excessive canibus consumption. I wonder if the U of M student who was successful was sitting on a couch? And oh, BTW, hacking in "typically" is not the hard part. It is NOT leaving a footprint of where you are or who you are that is tough.

trespass

Wed, Oct 6, 2010 : 6:01 a.m.

Was it a UM student or one of our affilliated students at Shanghai Jiao Tong University who hacked Google? They have a whole college devoted to "internet security" (hacking & censorship) as well as hackers clubs. If our elections are screwed up it may not even be Americans who do it.

Cash

Wed, Oct 6, 2010 : 5:29 a.m.

"U-M is considered a global source of information technology security expertise." Again please tell me who considers U-M to be a global source of IT. This is written here as though it is a news fact. Please update with the source.

jameslucas

Wed, Oct 6, 2010 : 12:11 a.m.

The University of Michigan's fight song is called The Victors not "Hail to the Victors" as reported by AnnArbor.com, anyway Hail to the student.

StartupGeek

Tue, Oct 5, 2010 : 8:27 p.m.

Thanks Dug for the link - great post that destroyed my belief in Internet voting.

Dug

Tue, Oct 5, 2010 : 8:11 p.m.

Alex just posted the story a few minutes ago: http://www.freedom-to-tinker.com/blog/jhalderm/hacking-dc-internet-voting-pilot

David Briegel

Tue, Oct 5, 2010 : 7:43 p.m.

I figure the Republicans have been hacking in an changing the outcomes for years! Michiganpoorboy, at least someone would vote since Americans won't!!

sbbuilder

Tue, Oct 5, 2010 : 7:05 p.m.

I think this is just too cool. I'm glad that the Board of Elections decided to have their system challenged. What better than to know up front how easy it would be to penetrate and manipulate a vote. For a really scary video on a computer programmer testifying in court about writing a computer program to manipulate votes see: http://www.wimp.com/votesoftware/

Dug

Tue, Oct 5, 2010 : 6:49 p.m.

Hint: ask @jhalderm and @swolchok, who aren't in town for tomorrow's @ARBSEC, but might know something about this.;-) "U-M is considered a global source of information technology security expertise." This is sort of a funny assertion. I'd really like this to be true, but you can count the number of us speaking globally on the topic on two hands. Actively, on one.

michiganexpats.com

Tue, Oct 5, 2010 : 6:48 p.m.

Yes! That is so cool. Go blue.

Mark A.

Tue, Oct 5, 2010 : 6:44 p.m.

The people that did it were invited to talk about it at ARBSEC 18 tomorrow. Don't know if they'll be there.

perfectly lubricated weather vane

Tue, Oct 5, 2010 : 6:06 p.m.

@cinnabar7071 -- Your non-citizen friend was still several protective layers away from actually voting. Let's try to save our outrage for times when there is some actual harm done.

ypsilanti

Tue, Oct 5, 2010 : 2:38 p.m.

As they saying goes, "Vote early, vote often!"

Forever27

Tue, Oct 5, 2010 : 2 p.m.

I'm sure the people running this thing were glad it was UM students and not Notre Dame. Who would ever want to have to hear that god-awful fight song?

michiganpoorboy

Tue, Oct 5, 2010 : 1:54 p.m.

Internet voting gives every one in the world a chance to vote in our elections.

Cash

Tue, Oct 5, 2010 : 1:23 p.m.

"U-M is considered a global source of information technology security expertise." I'm not doubting you, but who considers UM to be a global source of IT?

cinnabar7071

Tue, Oct 5, 2010 : 1:08 p.m.

Who cares voting is completly corrupt. A person I know who is a non citizen beceived a voters registration card in the mail one day. I reported it to the local elections office, then all the way to the attorneys general office and not one person cared or even wanted to talk about it. In fact still waiting for a call back from Liz Braters office. I spent hours on the phone trying to find someone who would do anything about it. If AA.com wants to do a story about it my email is cinnabar7071@yahoo.com

1201SouthMain

Tue, Oct 5, 2010 : 12:49 p.m.

Leaders and Best!

Registration on or use of this site constitutes acceptance of our User Agreement and Privacy Policy

© 2013 MLive Media Group All rights reserved (About Us). The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of MLive Media Group