White-Hat Hackers Expose Security Gaps in German Voting Software

  • Chaos Computer Club shows how election process could be hacked
  • Group finds passwords online, warns results could be corrupted

While Germans hand in paper ballots that are hand-counted, the results are collected and disseminated electronically

Photographer: Jens Schlueter/Getty Images

Hackers could tamper with Germany’s election results because the country is relying on poorly protected software, according to German tech watchdog Chaos Computer Club.

While Germans hand in paper ballots that are hand-counted, the results are collected and disseminated electronically, including with a software called PC-Wahl that can be manipulated, CCC said in a report released Thursday. CCC found passwords online and easily figured out others -- one was “test.” The group said the software isn’t secure because it uses an older encryption method with a single secret key, rather than newer and more-secure “asymmetrical” combinations.

Hackers could “influence the transmitted voting result data on a nationwide level,” CCC wrote in the report. It urged the German government to modernize its software to protect the Sept. 24 election.

Germany’s top technology security agency, the BSI, has contacted election authorities across the country in response and has asked the developer of PC-Wahl to improve the security of its software, the agency said Thursday in an emailed statement.

Germany has seen a range of intrusions in past years, including a breach of its parliamentary network in 2015, when criminals stole 16 gigabytes of data. Security firm Trend Micro Inc. has linked the Bundestag attack and others to Pawn Storm, a group with ties to Russia. That’s fueled concern that hackers will try to disrupt the elections in which Chancellor Angela Merkel, Russian President Vladimir Putin’s strongest critic in Europe, is seeking a fourth term.

German authorities would eventually detect any tampering with the transmission of the results as the actual votes are counted by hand, yet the discrepancy would undermine confidence in the overall election, CCC said.

CCC is a hacker collective that has uncovered security gaps before. Germany’s Federal Constitutional Court struck down the nation’s use of voting computers -- deemed super-safe -- after CCC members in 2006 exposed the machines as vulnerable to tampering, in part by reprogramming them to play chess.

German newspaper Die Zeit reported the hack earlier Thursday.

— With assistance by Vernon Silver

    Before it's here, it's on the Bloomberg Terminal. LEARN MORE