Swiss government invites hackers to pen-test its e-voting system
The Swiss government will make its future e-voting system available for a public intrusion test and is now inviting companies and security researchers to have a go at it.
"Interested hackers from all over the world are welcome to attack the system," the government said in a press release. "In doing so, they will contribute to improving the system's security."
The public intrusion test (PIT) will be held between February 25 and March 2, and cash rewards ranging from $100 to $30,000 are available, as per the table below (1 CHF is roughly 1 USD):
|
Category |
Minimum compensation in CHF |
|---|---|
|
Best Practice (uncritical optimisation possibilities) |
100 |
|
Intrusion into the e-voting system |
1,000 |
|
Corrupting votes or rendering them unusable |
5,000 |
|
Successful attack on voting secrecy on the servers |
10,000 |
|
Manipulation of votes detected by the system |
20,000 |
|
Undetected manipulation of votes |
30,000 - 50,000 |
A mock e-voting session is planned on the last day of the testing period, on March 24, but participants can attack the e-voting system before that, as well.
To participate, companies and security researchers will have to sign up in advance of the PIT session's official start. Signing up will give participants the legal permission to attack the system, will ensure the cash rewards will reach those who first report an issue, and it enforces a set of rules and restrictions on participants.
For example, some of the things that PIT participants aren't allowed to do is to carry out attacks that may harm a voter's personal device or attack unrelated systems belonging to Swiss Post, the e-voting system's maker.
Swiss Post will help out by disabling some of the security defenses that normally protect the e-voting system "to enable participants to concentrate fully on attacking the core system."
Furthermore, Swiss Post will also allow PIT participants to request as many e-voting cards as they need for their tests, and have made the source code of their e-voting system available to participants on GitLab.
Swiss authorities also hired Swiss company SCRT SA as an independent third-party that will verify the vulnerability reports that participants submit, before forwarding the vulnerabilities to Swiss Post.
The Swiss government decided to hold public penetration tests of its e-voting system to boost the confidence that these systems are secure.
At the end of January, a committee of politicians and computer experts have started an initiative to have e-voting banned in Switzerland for at least five years. This group hopes to gather over 100,000 signatures over the course of the following months to start legal procedures to have e-voting banned.
The Swiss government said the e-voting system has already gone through more than 300 private testing sessions.
Officials said e-voting would make it easier for Swiss citizens living abroad to vote. The end plan is to have e-voting as an official voting method, besides poll station and postal mail voting.
source zdnet
Industry: Cyber Security News
Latest Jobs
-
- Microsoft Security Operations Analyst | Bracknell | SC Clearable | SC-200
- Reading
- N/A
-
Senior SOC Analyst Level 2 / 3. Microsoft Security stack | SC Clearable Location: Hybrid remote | Berkshire SC-200 Senior SOC Analyst Level 2 / 3 to join a specialist Managed Security Services business. You will be responsible for advanced threat hunting / triage, incident response etc with a strong focus on the Microsoft Security Stack. Key Responsibilities: Lead and resolve complex security incidents / escalations Conduct advanced threat hunting using the Microsoft Security Stack. Build, optimise and maintain workbooks, rules, analytics etc. Correlate data across Microsoft 365 Defender, Azure Defender and Sentinel. Perform root cause analysis and post-incident reporting. Aid in mentoring and upskilling Level 1 and 2 SOC analysts. Required Skills & Experience: The ability to achieve UK Security Clearance (SC) - existing clearance ideal. (Sorry no visa applications) Must have current experience working with a SOC environment Key experience must also include, but not be limited to Development and tuning of custom analytic rules. Workbook creation and dashboarding. Automation using Playbooks and SOAR integration. Kusto Query Language (KQL).
-
- Service Architect- DACH regions
- Germany
- Upto €110,000 plus bonus and benefits
-
Lead Service Architect with the authority and experience to take control of complex, multi-million-euro outsourcing bids. This role is about leading the Service/ solutioning effort, bringing structure to chaos, and driving the entire bid team to deliver winning proposals. The company area a global managed services business working with enterprise and public sector clients, across Cloud, End-User Computing, Digital Workplace, Service Desk, and Network Infrastructure. What You’ll Do: Lead Service/ solution design from qualification to contract. Control bid teams — architects, pricing, delivery, and SMEs. Break down RFPs/RFIs into actionable, costed, client-ready solutions. Present internally and to clients at decision-maker level. Run solution workshops, own the architecture, and shape the financial model. You’ll Need: Experience working as a Service architect, Service Manager or Customer Success Manager R Gravitas to lead and drive teams through high-stakes bids. Deep knowledge of managed services delivery and commercial models. Strong technical grasp: Cloud, Security, EUC, Unified Comms, Service Desk, and more. Experience leading deals across onshore, offshore, and hybrid delivery models.
-
- Deal Architect- DACH region
- Germany
- Upto €110,000 plus bonus and benefits
-
Lead Deal Architect with the authority and experience to take control of complex, multi-million-euro outsourcing bids. This role is about leading the solutioning/ Service effort, bringing structure to chaos, and driving the entire bid team to deliver winning proposals. The company is a global managed services business providing solutions to enterprise and public sector clients, across Cloud, End-User Computing, Digital Workplace, Service Desk, and Network Infrastructure. What You’ll Do: Lead the deal from qualification to contract. Control bid teams — architects, pricing, delivery, and SMEs. Break down RFPs/RFIs into actionable, costed, client-ready solutions. Present internally and to clients at decision-maker level. Run solution workshops, own the architecture, and shape the financial model. Be responsible for the service Wrap and ensuring the Service meets clients requirements You’ll Need: A back ground with IT Services Experience in a similar type of role, for example: Deal, Service, or Solution Architect in ICT outsourcing. Gravitas to lead and drive teams through high-stakes bids. Deep knowledge of managed services delivery and commercial models. Strong technical knowledge: Cloud, Security, EUC, Unified Comms, Service Desk, and more. Experience leading deals across onshore, offshore, and hybrid delivery models.
-
- Pre Sales Lead- IT Services
- Germany
- Upto €100,000 plus benefits
-
As the Pre-Sales Lead (Sales Engineer/ Solution Architect) you will drive large-scale ICT managed services and outsourcing deals (from €0.5M to €20M+). You'll work directly with Business Development and clients to design high-impact solutions across Cloud (Azure, IaaS, SaaS, PaaS), EUC, Unified Comms, Security (SIEM, PAM), Networks, and Smart Workplaces. What You’ll Do: Lead the end-to-end pre-sales cycle — from RFI/RFP to contract. Design innovative, client-specific solutions with technical & commercial impact. Present at CxO level and steer proposal strategies & financial models. Collaborate closely with Portfolio, Service Desk, Field, and Digital Workplace teams. Support deal shaping with strong knowledge of ITIL, SIAM, Automation, and cost analysis. What You’ll Bring: Have strong experience in pre-sales or solution architecture. Experience with €M+ managed service deals. Deep technical expertise in modern ICT stack and enterprise IT services. Strong German (C1) and English communication skills. Certifications: ITIL v3/v4 required; SIAM, ISO20000 desirable.