Videos

Overview of Our Findings

Attack Demonstrations
These videos show demonstration attacks we conducted against a replica of the Estonian I-voting system as it was used in the 2013 municipal elections. These are examples of more general attack strategies, and many variants are possible.

  1. Server Malware Attack
    In this attack, malicious trojan software is inserted at the beginning of the server build sequence and filters down to infect all election servers. The trojan contains malware which exploits the counting server’s application flow to intercept the decrypted ballots and modifies them to favor a selected candidate.
  2. Client Ghost Click Attack
    In this attack, malware records the PINs that the voter uses during voting. Sometime later when the voter inserts his or her ID card, the malware launches the voting application again and simulates keystrokes to vote for the intended candidate. Here, the malware launches the voting application window on the victim’s computer for demonstration purposes.
  3. Client Ghost Click Attack (stealth)
    This attack is the same as the previous version, but the voting application window is launched on the attacker’s computer instead of the voter’s computer, so the voter would not notice the malware voting again.
  4. Client Bad Verify Attack
    In this attack, the voter is assumed to have malware running on his or her computer and a malicious version of the smartphone verification app. (There are several ways that malware could spread from one to the other.) The malware changes the vote before it is sent to the server. In order to prevent verification from failing, when the user attempts to verify the vote using the smartphone, the malicious app reports that the voter’s candidate was chosen, while the attackers intended candidate was selected.

System Setup
The process we used to set up the laboratory replica system, matching official procedures step by step.

  1. Debian ISO Burning
    The setup process begins with the Election Officials checking the integrity of the Debian installation ISOs and burning them to DVDs.
  2. Installation Build
    The election applications packages are built and burned to DVDs to be used during the installation of the election servers.
  3. HES Install
    The HES/VFS (Vote Forwarding Server) is built (OS and election application install).
  4. HTS Install
    The HTS/VSS (Vote Storage Server) is built (OS and election application install).
  5. HLR Install
    The HLR/VCS (Vote Counting Server) is built (OS and election application install).
  6. LOG Install
    The LOG server (maintains logs of the other servers) is built (OS and election application install).
  7. Election Config Creation
    The configuration files for the election (candidate list, voter list, etc) are built.
  8. HES Config
    The HES/VTS (Vote Forwarding Server) is configured with the election configuration and prepared for use.
  9. HTS Config
    The HTS/VSS (Vote Storage Server) is configured with the election configuration and prepared for use.
  10. HLR Config
    The HLR/VCS (Vote Counting Server) is configured with the election configuration and prepared for use.

Official videos from the October 2013 municipal elections
Official setup and administration steps, for comparison.

Creative Commons License
This work, unless otherwise expressly stated, is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

A security analysis of Estonia's Internet voting system by international e-voting experts.