Dutch Minister Ditches Election Software Over Hacking Fears

Dutch Minister Ditches Election Software Over Hacking Fears

The Dutch government has decided to revert to manual vote counting and processing in the upcoming March parliamentary elections, in a bid to thwart any potential attempts by hackers to influence the result.

Interior minister Ronald Plasterk announced the decision on Wednesday after local reports claimed the software used for the past eight years is riddled with security holes.

RTL Nieuws enlisted the help of security expert Sijmen Ruwhof to analyze the voting system.

Voting machines have been banned in the Netherlands since 2009, with votes now cast on paper and counted by hand. However, the result was then typically entered into a computer program – Ondersteunende Software Verkiezingen (OSV) – which generated files containing the total votes cast in each district.

“If nobody questions the (digital) results of the election, no final paper audit is performed to see if the analog and digital vote count is the same,” explained Ruwhof.

“I immediately realized that this optional final paper audit forms a critical weakness in our current voting system (risk #1 critical). It means that our pencil-and-paper voting is basically security theater in its current implementation. Because when analog voting results are inserted into computers, which subsequently calculate the results, we are still, effectively, using electronic voting.”

After just a cursory inspection, the researcher was able to find out more vulnerabilities in the system, including the fact that OSV can be installed on any machine – even ones running outdated OSes like Windows XP.

OSV stores results in an unencrypted XML file, and voting results are transferred via unencrypted USB sticks or unencrypted email over the internet.

In total, Ruwhof highlighted 25 potential vulnerabilities in the Dutch voting system, but there could be many more.

Like many European countries, the Netherlands is fearful of attempts to influence the outcome of its elections by the Russian government.

However, despite some reports, the Kremlin was actually focused not on hacking US election systems but on releasing sensitive political information in the run up to the presidential election, in a bid to change voting behavior and undermine the democratic process.

That’s not to say Kremlin agents wouldn’t try to hack voting machines in country with a more homogeneous election system than the United States.

Source: Information Security Magazine