Swiss government invites hackers to pen-test its e-voting system
The Swiss government will make its future e-voting system available for a public intrusion test and is now inviting companies and security researchers to have a go at it.
"Interested hackers from all over the world are welcome to attack the system," the government said in a press release. "In doing so, they will contribute to improving the system's security."
The public intrusion test (PIT) will be held between February 25 and March 2, and cash rewards ranging from $100 to $30,000 are available, as per the table below (1 CHF is roughly 1 USD):
|
Category |
Minimum compensation in CHF |
|---|---|
|
Best Practice (uncritical optimisation possibilities) |
100 |
|
Intrusion into the e-voting system |
1,000 |
|
Corrupting votes or rendering them unusable |
5,000 |
|
Successful attack on voting secrecy on the servers |
10,000 |
|
Manipulation of votes detected by the system |
20,000 |
|
Undetected manipulation of votes |
30,000 - 50,000 |
A mock e-voting session is planned on the last day of the testing period, on March 24, but participants can attack the e-voting system before that, as well.
To participate, companies and security researchers will have to sign up in advance of the PIT session's official start. Signing up will give participants the legal permission to attack the system, will ensure the cash rewards will reach those who first report an issue, and it enforces a set of rules and restrictions on participants.
For example, some of the things that PIT participants aren't allowed to do is to carry out attacks that may harm a voter's personal device or attack unrelated systems belonging to Swiss Post, the e-voting system's maker.
Swiss Post will help out by disabling some of the security defenses that normally protect the e-voting system "to enable participants to concentrate fully on attacking the core system."
Furthermore, Swiss Post will also allow PIT participants to request as many e-voting cards as they need for their tests, and have made the source code of their e-voting system available to participants on GitLab.
Swiss authorities also hired Swiss company SCRT SA as an independent third-party that will verify the vulnerability reports that participants submit, before forwarding the vulnerabilities to Swiss Post.
The Swiss government decided to hold public penetration tests of its e-voting system to boost the confidence that these systems are secure.
At the end of January, a committee of politicians and computer experts have started an initiative to have e-voting banned in Switzerland for at least five years. This group hopes to gather over 100,000 signatures over the course of the following months to start legal procedures to have e-voting banned.
The Swiss government said the e-voting system has already gone through more than 300 private testing sessions.
Officials said e-voting would make it easier for Swiss citizens living abroad to vote. The end plan is to have e-voting as an official voting method, besides poll station and postal mail voting.
source zdnet
Industry: Cyber Security News
Latest Jobs
-
- Threat and Vulnerability Analyst / Penetration Tester. London
- London
- 55000
-
Threat and Vulnerability Analyst / Penetration tester needed. Threat and Vulnerability Analyst needed. Immediate opportunity. Must be able to commute to London min 2 days a week. The individual will join a highly technical team that is responsible for identifying vulnerabilities and threat in various applications / coding with a view of driving remediation and change. This is a critical role. The ability to achieve SC clearance is a must. A deeply technical Linux Redhat background with, penetration testing / code review / threat detection background is essential. Looking to hire immediately. Apply today for more information.
-
- Security Auditor / 3rd Party Assurance. London. End user
- London
- 60000
-
Security Auditor / 3rd Party Assurance. London. End user The Security Auditor / 3rd Party Assurance role has two key functions. Manage the ongoing assessment of new and existing 3rd party suppliers to ensure they meet the internal policies / controls. (Reassessment etc) Internal Auditing across business to ensure various departemnt / operations are compliant and inline with internal ISMS etc. ISO 27001 internal audit experience, creation of audit reports experinece essential. This is an internal business so broad experience across a multiple technology environment (cloud and on prem) is highly desirable. MUST be able to engage and work with senior stakeholders in an often faced pace environment. ISO27001, NIST, CISSP, CISA Risk assessment experinece needed This is a permanent role.. Blend of technical and consultative approach needed. This role will require someone to travel to London a few days a week once lock down permits and their offices fully reopen. All details kept in confidence. Apply today to find out more.
-
- Security Auditor / 3rd Party Assurance. London. End user
- London
- 60000
-
Security Auditor / 3rd Party Assurance. London. End user The Security Auditor / 3rd Party Assurance role has two key functions. Manage the ongoing assessment of new and existing 3rd party suppliers to ensure they meet the internal policies / controls. (Reassessment etc) Internal Auditing across business to ensure various departemnt / operations are compliant and inline with internal ISMS etc. ISO 27001 internal audit experience, creation of audit reports experinece essential. This is an internal business so broad experience across a multiple technology environment (cloud and on prem) is highly desirable. MUST be able to engage and work with senior stakeholders in an often faced pace environment. ISO27001, NIST, CISSP, CISA Risk assessment experinece needed This is a permanent role.. Blend of technical and consultative approach needed. This role will require someone to travel to London a few days a week once lock down permits and their offices fully reopen. All details kept in confidence. Apply today to find out more.
-
- Head of Penetration Testing, UK based, Flexible location.
- United Kingdom
- Upto £100,000 plus excellent benefits
-
Head of Penetration Testing needed to join a security consultancy that are delivering client facing penetration testing services around Web app and Infrastructure. Looking for someone hands on that is able to manage a highly skilled technical team of testers. 50-60% of the time is expected to be hands on, other duties will include, but not be limited to; leading and managing the day to day running of the team, mentoring, team upskill, recruitment, reporting, escalation, process improvement etc. Flexible location although south east is preferred. Anyone with Check / CREST experience is highly desirable. MUST be able to achieve SC clearance. UK based role. All details kept in confidence.