The Washington Post reports that—as part of a security test—a team of students from The University of Michigan hacked D.C.’s new Internet-based voting system. The “White Hat” hackers from Michigan compromised the system so that after a vote was cast the Web site played The University of Michigan fight song, “The Victors.”
According to the Post, Jeremy Epstein, a computer scientist working with the Common Cause good-government nonprofit on online voting issues said “the fight song is a symptom of deeper vulnerabilities. … In order to do that, they had to be able to change anything they wanted on the Web site.”
Because of the hack, Paul Stenbjorn, the Board of Elections’ chief technology officer said a portion of the Internet voting pilot—which was expected to be rolled out this month—is being temporarily scrapped.
The good news, of course, is that to ensure election integrity, D.C. took the opportunity to open its election web-site to community testing. That the vulnerability was found and exploited by a team of students from my Alma Mater is icing on the cake. That they rigged the system to play The Victors is the maraschino cherry on top. Go Blue!
The bad news—and one that every organization having a web site has to pay attention to—is that web-sites, like software everywhere, is buggy. That’s why this story is a good reminder to all organizations of the importance of effectively managing cybersecurity risk.