Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hired ‘Hackers’ Try, and Fail, to Invade Brazil Vote System

More than 20 would-be hackers gathered in the Brazilian electoral authority’s headquarters in the capital this week. Their mission: infiltrate the nation’s voting system ahead of a hotly anticipated race in October.

More than 20 would-be hackers gathered in the Brazilian electoral authority’s headquarters in the capital this week. Their mission: infiltrate the nation’s voting system ahead of a hotly anticipated race in October.

Their 3-day battery of attempted assaults ended Friday and was part of planned testing that happens every election year, usually proceeding without incident or, for that matter, drawing any attention. But with President Jair Bolsonaro continuously sowing doubt about the system’s reliability, the test took on an outsized significance as the electoral authority, known as the TSE, seeks to shore up confidence in the upcoming general elections.

Analysts and members of the TSE said the test’s results were more encouraging than ever. All the experts attempting to disrupt the system — among whom were Federal Police agents and university professors in engineering, information technology, data security and computer science — had failed.

“No attack managed to alter the destination of a vote in the electronic ballot,” Julio Valente da Costa, the TSE’s secretary of information technology, told The Associated Press in an interview afterward. “The importance of this test is for us to rest assured, at least about all the technology and computing components for the elections.”

When Bolsonaro won the presidential race four years ago, he claimed he had actually secured victory in the first round, not the runoff weeks later. The former army captain has repeatedly made accusations the voting system used for three decades is vulnerable, and at times said he possesses proof fraud occurred, but has never presented any evidence.

Last year, Bolsonaro suggested the election could be canceled unless a voting reform was passed in Congress. But the proposed constitutional change did not garner enough votes.

Analysts and politicians have expressed worry that far-right Bolsonaro, who is trailing leftist former President Luiz Inácio Lula da Silva in all early polls, is laying the groundwork to follow the lead of his ally, former U.S. President Donald Trump, and reject election results.

The TSE has gone to great lengths to bring more openness to the electoral process, even inviting the armed forces to sit on its transparency commission, though the military’s role in elections is traditionally limited to carrying ballots to isolated communities and beefing up security in violent regions.

Advertisement. Scroll to continue reading.

{ Read: Vulnerabilities in Swiss E-Voting System Earn Researchers Big Bounties }

Some political and military analysts have argued the TSE’s olive branch proved to be a mistake as tensions have since escalated.

An army general who is part of a commission submitted dozens of questions to the TSE earlier this year.

“(The armed forces) are being guided to attack the process and try to discredit it,” Supreme Court Justice Luis Roberto Barroso, who presided over the TSE until February, said during a conference with a German university on March 24. His comments drew backlash from Bolsonaro’s Defense Ministry, which issued a statement saying the accusation was “a serious insult.”

Barroso’s successor at the TSE, Supreme Court Justice Luiz Edson Fachin, said Thursday the elections will be taken care of by “unarmed forces,” adding that the TSE’s declaration of voting results will be final.

Still, some analysts remain concerned.

“The armed forces today are part of Bolsonaro’s government, from a political standpoint, and they are helping the president’s efforts to corrode the institutions from the inside,” João Martins Filho, a military expert who used to lead the Brazilian Association of Defense Studies, said by phone. “That’s no small thing. It’s very dangerous.”

Last week, as the TSE prepared for its test, Bolsonaro pledged that his party will seek an external audit of the system before the first round of voting.

The TSE’s test has its origins in November, when experts selected 29 methods to hack into the voting system. Five managed to cause some interference, which was minor and didn’t affect results, the TSE said at the time. Those five plots were assessed over the three-day test this week, which showed all issues had been resolved, Sandro Nunes Vieira, a TSE member, told journalists after its completion. A commission will evaluate the results and publish an official report at the end of May.

Carlos Alberto da Silva, a professor of data security at the Federal University of Mato Grosso do Sul, was part of the group that tried to break into the system. He and a pupil had discovered a loophole in the audio output that could violate the vote’s confidentiality. On Friday, he told the AP the issue had been resolved by the TSE.

More tests will follow in August, when the TSE conducts something of an election day simulation. That’s when Brazil’s presidential campaign will be officially getting underway, although both Bolsonaro and da Silva are already holding rallies and events.

The TSE will continue conducting security tests until 15 days before the election. Since 1996, it has never once turned up evidence of mass vote fraud.

Wilson Vicente Ruggiero, a computer engineering professor at the University of Sao Paulo who is collaborating with the TSE, told the AP that “today’s process is much safer than the one of the past.”

“There’s no reason to fear the ballot or the process itself could be rigged,” Ruggiero said.

Related: Experts Warn of Dangers From Breach of Voter System Software

Related: Report Highlights Cyber Risks to US Election Systems

 

Related: False Claims on Voting Machines Obscure Real Flaws

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...