Swiss government invites hackers to pen-test its e-voting system
The Swiss government will make its future e-voting system available for a public intrusion test and is now inviting companies and security researchers to have a go at it.
"Interested hackers from all over the world are welcome to attack the system," the government said in a press release. "In doing so, they will contribute to improving the system's security."
The public intrusion test (PIT) will be held between February 25 and March 2, and cash rewards ranging from $100 to $30,000 are available, as per the table below (1 CHF is roughly 1 USD):
Category |
Minimum compensation in CHF |
---|---|
Best Practice (uncritical optimisation possibilities) |
100 |
Intrusion into the e-voting system |
1,000 |
Corrupting votes or rendering them unusable |
5,000 |
Successful attack on voting secrecy on the servers |
10,000 |
Manipulation of votes detected by the system |
20,000 |
Undetected manipulation of votes |
30,000 - 50,000 |
A mock e-voting session is planned on the last day of the testing period, on March 24, but participants can attack the e-voting system before that, as well.
To participate, companies and security researchers will have to sign up in advance of the PIT session's official start. Signing up will give participants the legal permission to attack the system, will ensure the cash rewards will reach those who first report an issue, and it enforces a set of rules and restrictions on participants.
For example, some of the things that PIT participants aren't allowed to do is to carry out attacks that may harm a voter's personal device or attack unrelated systems belonging to Swiss Post, the e-voting system's maker.
Swiss Post will help out by disabling some of the security defenses that normally protect the e-voting system "to enable participants to concentrate fully on attacking the core system."
Furthermore, Swiss Post will also allow PIT participants to request as many e-voting cards as they need for their tests, and have made the source code of their e-voting system available to participants on GitLab.
Swiss authorities also hired Swiss company SCRT SA as an independent third-party that will verify the vulnerability reports that participants submit, before forwarding the vulnerabilities to Swiss Post.
The Swiss government decided to hold public penetration tests of its e-voting system to boost the confidence that these systems are secure.
At the end of January, a committee of politicians and computer experts have started an initiative to have e-voting banned in Switzerland for at least five years. This group hopes to gather over 100,000 signatures over the course of the following months to start legal procedures to have e-voting banned.
The Swiss government said the e-voting system has already gone through more than 300 private testing sessions.
Officials said e-voting would make it easier for Swiss citizens living abroad to vote. The end plan is to have e-voting as an official voting method, besides poll station and postal mail voting.
source zdnet
Industry: Cyber Security News
Latest Jobs
-
- Cyber Security Senior Consultant | London | FS
- London
- Apply today
-
London | FS | Cyber Security Senior Consultant We are looking for experienced cyber security consultant with experience helping clients within the financial services industry. The role will include, but not be limited to; Conduct cyber security assessments, develop strategies, and provide advice to clients. Oversee and deliver security improvements projects. Help clients understand and comply with financial sector regulations. Provide insights and thought leadership on emerging trends in cyber security. Current experience within a client facing, cyber consulting role within Financial Services is essential. All the usual badges are nice to have, although not essential- for example; ISO27001, CISSP, CISM etc etc Sponsorship is not available for this role. Applicants must be UK based and able to travel on occasion to client site and the office in London To find out more reach out to me on 07884666351 or chris.holt@dclsearch.com
-
- Senior Penetration Tester - UK - Ability to achieve security clearance.
- United Kingdom
- To attract the right person
-
Senior Penetration tester, who has the ability to achieve security clearance. (Visa sponsorships NOT available - sorry) UK based - remote first - occasional travel. Red teaming experience desirable. The successful person needs to have a history of engaging directly with customers (consultancy experience) technical delivery of penetration tests AND report writing. Limited travel - company operates a remote first approach. Must be living in the UK. Not one of the usual names in the pen testing industry. Looking for someone highly technical but looking to grow and develop their skills. Apply here or Reach out to me on chris.holt@dclsearch.com or 07884666351 All details kept discreet
-
- Cloud Architect- German Speaker
- Hungary
- Upto €48000 per year + bonus + benefits
-
As a Senior Pre-Sales Solutions Architect, you will play a pivotal role in driving our sales success by translating complex technical solutions into compelling proposals that resonate with our clients. You will collaborate closely with our sales teams to understand customer needs, design tailored solutions, and negotiate successful deals. Responsibilities: Solution Design: Develop comprehensive technical solutions that align with customer business objectives and industry best practices. Proposal Development: Create compelling proposals, including requirements gathering questionnaires, presentation materials, and Statements of Work (SOWs). Customer Engagement: Build strong relationships with clients, understanding their technical, business, and commercial requirements. Collaboration: Work closely with sales teams, delivery teams, and third-party partners to ensure successful project execution. Pricing Strategy: Define and deliver pricing strategies that align with customer needs and company objectives. Requirements: Experience in technical pre-sales or sales support roles. Proven track record in designing and delivering successful customer solutions. Strong technical foundation in areas such as VMware, Azure, AWS, cloud computing, and data center technologies. Excellent understanding of sales principles, account management, and negotiation techniques. Ability to explain complex technical concepts clearly and concisely. Experience working in international teams and supporting clients across multiple regions. Fluency in German and English is essential. Benefits: Competitive salary and benefits package Opportunity to work on challenging and rewarding projects Collaborative and supportive work environment Potential for career growth and advancement Please note that this role is focused on supporting German clients, but will also involve global client support as needed.