The Internet is pervasive in modern society, and its easy access and broad implementation has led to a disconnect between the public perception of risks on the Internet and the reality that the Internet is a very unsafe environment.
The following questions and answers address some of the security concerns that relate to security issues involving returning electronic marked ballots over the Internet.
Frequently Asked Questions
1. I'm on the Internet all of the time and I've never had a virus. What's the big deal?
Answer: It is possible that you do not have a virus, but it is more likely that you have a virus or other malware and do not know it. The presently known Botnets utilize virus-like software that is generally non-destructive to the infected host. These infected "Bots" may simply steal cycles (secretly use inactive resources) when your computer is under-utilized, or may interfere with your performance, but not disable or create enough delay to cause concern to the user.
If you do not, in fact, have a virus, it is likely because you are not a uniquely important target. Present Botnets target unsuspecting users, often leveraging specific partner websites and other unsuspecting venues where users share content, such as peer-to-peer networks and electronic greeting card sites.
Regardless of whether or not you are infected, some experts estimate that approximately fifty percent of all Internet-connected computers are infected with some variety of Botnet software.
2. What is a Botnet?
Answer: "Bots" are Internet-connected computers that are infected with malicious software/malware. A botnet is "...a collection of compromised computers [bots] that are controlled by a single entity." The bot-herder designed and created the bot software with a purpose that they will accomplish through the coordinated action of the botnet.
As with any malware, it is impossible to know for sure whether or not a computer is infected with bot-related malware. Bots are particularly sinister malware that may lay dormant for months before executing its assigned, coordinated task.
3. What impact could a Botnet have on an electronic ballot return system?
Answer: Any propagating malware could pose a threat to an Internet-based voting system, by changing votes, denying service, or causing voter confusion. Since botnets are under active control, they pose particularly challenging threats that could accomplish a common goal through different mechanisms, for example by having some of the bots add votes for the preferred candidate while other bots could delete votes for the opposing candidate, while still other bots would omit the race from the ballot for constituencies that may favor the opponent.
4. Do Botnets exist today?
Answer: Yes, they do. USA Today claims that as of March 2008:
On a typical day, 40% of the 800 million computers connected to the Internet are bots engaged in distributing e-mail spam, stealing sensitive data typed at banking and shopping websites, bombarding websites as part of extortionist denial-of-service attacks, and spreading fresh infections.
Wired.com reports that botnets infected twelve million new hosts in the first five months of 2009. Botnets are a real threat to any application on the Internet today that provides opportunity for return on the bot-herder's investment.
5. Big companies like Ebay and Amazon run their entire business on the Internet. How could they survive if the Internet weren't secure?
Answer: First, these large organizations have expansive security budgets. They employ highly qualified information security specialists and they engineer security into their systems. Unfortunately, the marketplace for voting systems has not, to date, supported that level.
Even with expansive security budgets, significant security breaches are occasionally reported in these companies. Many others likely go unreported, and it is impossible to know how many go undetected. The bottom line for these companies is that they can absorb some level of loss due to malicious attackers as long as the system returns sufficient profit. Voting systems have no such flexibility for error or malice and no tolerance for undetected error. Electoral integrity is at the core of our governmental system.
6. Don't commercial virus scanners prevent viruses and malware?
Answer: Virus scanners, whether commercial or freeware, can help defend computers from virus and other malware infection, but there effectiveness is practically and theoretically limited. Virus scanners are most effective at protecting against known malware, but they are much less likely to detect or prevent new attacks that have not been reported to the virus designer. Worse yet, malware infection may occur through channels or actions that virus scanners do not monitor, such as web page interactions or dangerous actions by the user. Finally, virus scanners only work if they are well maintained and kept up to date. Many users do not keep them updated.
Some percentage of protected computers will become infected by malware in spite of the quality of the virus software that they employ.
7. Can't law enforcement of the FBI protect federal elections on the Internet?
Answer: While they are rapidly expanding their anti-cybercrime capabilities, law enforcement is ill-equipped to deal with the volume of illegal computer activity that demands their resources. Illegal content, such as pornography and solicitations for illegal substance sale alone is overwhelming.
8. Doesn't everyone have antivirus software and keep their private computers maintained with up to date software?
Answer: Many recently purchased computers are designed to prompt users to update software or to update automatically. Unfortunately, the vast majority of privately owned computers require active user participation in the software update process and users are notoriously unreliable in this task. It is safe to say that fewer than half of the computers on the Internet have virus scanners and up to date software.
9. I do electronic banking all of the time. Isn't it secure?
Answer: It may well be that your banking system is sufficiently secure that you should not worry about your banking transactions, particularly for small amounts. On the other hand, data losses occur frequently through banking and credit card transactions, so even though electronic financial losses are not widely reported, it is reasonable to believe that they occur in similar proportion to identity losses. Information security specialists will pretty uniformly recommend against conducting large financial transactions from a private computer.
There two other important distinctions between Internet-based banking applications and Internet-based voting applications:
1. Banks invest significant resources in looking for anomalous transactions that can be verified by physical records. The ability to audit voting transactions is severely limited because of the requirement to separate ballots from voters.
2. Banks have a legal obligation to reimburse customers in many cases for fraud. This property cannot be replicated in voting systems.
10. I assumed that software vendors couldn't stay in business if they didn't produce quality software. Why are voting system vendors any different?
Answer: There are many competing factors that determine commercial viability. Much of the existing voting system software was originally written five, ten, or even twenty years ago. Some of it was written by companies that were bought out.
11. I found a lot of Internet Voting vendors on the web. How do they stay in business if they don't conduct secure elections?
Answer: There are many environments, such as organizational elections, where Internet voting is entirely suitable because there is very little incentive for intruders to expend the effort necessary to carry out an attack, or to take the risk of being caught.
Just to emphasize, all Internet elections using privately owned computers are susceptible to malware attacks, even those held by companies or organizations.
12. Aren't Botnets and other attacks so sophisticated that only real computer experts could carry them out?
Answer: Great question and the answer, unfortunately, is "no". One of the things that the Internet does best is to allow individuals with mutual interests to easily interact and share ideas. This includes computer experts, and computer hackers. There are communities on the Internet that are dedicated to breaking security mechanisms. When they find a vulnerability or a process that can circumvent some security mechanism, they share that information. Worse yet, they may even create and distribute a tool that accomplishes the attack that they developed.
So, while there may be many sophisticated steps necessary to accomplish an end to end attack, attackers, even attackers that are not very sophisticated, may be able to string together tools that were written by very sophisticated attackers to accomplish most or all of their work.
13. What is a DDoS attack?
Answer: A Distributed Denial of Service attack employs a large number of malware-infected hosts (called zombies) to conducted a synchronized flooding attack on a target host or network. The "flood" of messages is intended to overwhelm the target system and prevent them from accomplishing their intended purpose.
If successfully employed, DDoS attacks could stifle voters trying to cast their ballot over an attacked network.
14. I haven't heard about DDoS attacks recently. Have they been largely mitigated?
Answer: While there has been progress made on defending against Denial of Service attacks in general, there is no silver bullet that can prevent them.
15. What is a Man in the Middle attack and is it a real threat, or just something from a textbook?
Answer: A Man in the Middle (MitM) is a simple attack structure where a malicious or compromised computer acts like a customer to a service host and as a service host to a customer at the same time. It is a very effective attack approach and many MitM attacks are widespread on the Internet today.
16. What is the difference between a "zombie" and a "bot"?
Answer: It is a subtle difference, if there is one at all. The term "zombie" generally refers to a malware-infected computer that lays dormant awaiting some some signal before delivering its malicious payload. A "bot", similarly, is software on a malware-infected computer. Its mission may be more active than a zombie, for example to find other bots and establish communication channels in preparation for the ultimate botnet mission that it is designed and instructed to carry out.