German IT security experts said Thursday that they had found “serious flaws” in the ballot software being used for the September 24 elections in which Chancellor Angela Merkel is seeking a fourth term.
The Chaos Computer Club, Europe’s biggest hacker collective, said the system to count and transmit vote results lacked proper encryption and other security tools, labelling it a “write-off”.
The privately developed “PC-Wahl” (PC Election) software — used for years in several of Germany’s 16 states — “should never have been used,” said a CCC spokesman, Linus Neumann.
“The number of possible attack targets and the severity of vulnerabilities exceeded our worst fears,” he said in comments first published by news weekly Die Zeit.
The report highlights fears about cyberattacks before and during the election in Germany, where lawmakers’ PCs were crippled in a 2015 attack which security services pinned on Russia.
The CCC warned that German parliamentary election results could potentially be manipulated remotely because the software failed to meet even “the basic principles of IT security”.
CCC hackers have in the past highlighted IT security flaws in high-profile cases, and their members often give expert testimony in German parliamentary hearings and court cases.
But the developer of the software, Volker Berninger, rejected the criticism, telling Die Zeit that “in the worst-case scenario, someone would create confusion”.
“Some wrongful results would be published on the internet, but the correct ones would still exist on paper. This would cause anger and confusion but have no relevance.”
But the CCC said any online attack would have “the potential to permanently undermine confidence in the democratic process”.
“This is simply not the right millennium in which to turn a blind eye to IT security in elections,” Neumann said.