Swiss government invites hackers to attack its e-voting platform

The global pen-test will see attackers attempt to compromise the system ahead of future elections

Graphic showing online voting, or online campaigning

The Swiss government has welcomed hackers from across the world to launch attacks against an e-voting platform to boost the system's security ahead of future elections.

The public intrusion test (PIT), scheduled for between 25 February and 24 March, will see white hat hackers attempt to penetrate and undermine the integrity of the Swiss Post's system for a 'bug bounty'.

An e-voting session is scheduled for the last day of this period, 24 March, but hackers who register with SCRT, an intrusion testing company, can begin orchestrating attacks against the platform for up to a month before.

"The e-voting system is the first Swiss system that can be fully verified. Interested hackers from all over the world are welcome to attack the system," the government said. In doing so, they will contribute to improving the system's security.

"The hacker community should try to manipulate votes, read votes cast and disable or circumvent the security measures that protect votes and security-related data. The system documentation and source code must be published before testing."

Up to 50,000 Swiss francs or CHF (38,642) is being offered to hackers who successfully manipulate votes without being detected, with 20,000 CHF (15,549) offered to those who manipulate the votes but are detected.

There are further cash rewards for a host of other attacks, including corrupting votes and rendering them unusable, intrusion into the e-voting system, and an attack on the servers.

Some attacks, such as compromising a user's browser to manipulate a vote, will not count as a vulnerability in the context of this trial because the platform's "individual verifiability" mechanism that asks voters to verify their own votes post-submission.

Switzerland has been trialling e-voting platforms in some form since 2004, but its government has labelled the current iteration developed by Swiss Post the first such system that can be fully verified.

The UK previously conducted a number of e-voting trials in the mid-noughties, only for the Electoral Commission to call for a stop to the modernisation push in 2007 because of a lack of central direction and strategy.

With the prospect of interference in elections from foreign agents and cyber criminals rising substantially in recent years, a host of European countries have similarly withdrawn their electronic voting platforms, including France in 2017.

The cyber risk against the integrity of the democratic process has been rising since Russia allegedly manipulated the 2016 US presidential election, with suggestions that military intelligence conducted a broad campaign to hack a voter registration services firm.

Supposedly leaked NSA documents said that intelligence officers used stolen credentials to run a spear-phishing campaign against voting officials around the US just days before the crucial vote on 8 November.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

SonicWall hacked via zero-day flaw in remote access tools
Security

SonicWall hacked via zero-day flaw in remote access tools

25 Jan 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021
Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
Trump pardons convicted ex-Google engineer Levandowski
intellectual property

Trump pardons convicted ex-Google engineer Levandowski

20 Jan 2021