"I guess it's time for me to explain how I found you," Kevin said. "I bugged your shoes, Dr. Penninger."From the paper:
"You put listening devices into my shoes?"
"Yeah. Nothing to it. And I wasn't the only guy on the job, either. Your shoes had six other bugs planted inside the heels and seams. Very nice devices, too--I figured them to be planted by players a lot heavier than I am. I could have removed them all, but I figured ... hey, this many? There must be some kind of gentlemen's agreement going on here. I'll do better if I just stand in line."
Internet voting exposes what might otherwise be a small, local race of little global significance to attackers from around the globe, who may act for a wide range of reasons varying from politics to financial gain to sheer malice. In addition to compromising the central voting server as we did, attackers can launch denial-of-service attacks aimed at disrupting the election, they can redirect voters to fake voting sites, and they can conduct widespread attacks on voters’ client machines. These threats correspond to some of the most difficult unsolved problems in Internet security and are unlikely to be overcome soon.Perhaps the most entertaining detail in the paper:
We found a pair of webcams on the DVBM network — both publicly accessible without any password — that showed views of the server room that housed the pilot. As shown in Figure 4, one camera pointed at the entrance to the room, and we were able to observe several people enter and leave, including a security guard, several officials, and IT staff. The second camera was directed at a rack of servers.Includes before-and-after images from the webcams.
These webcams may have been intended to increase security by allowing remote surveillance of the server room, but in practice, since they were unsecured, they had the potential to leak information that would be extremely useful to attackers. Malicious intruders viewing the cameras could learn which server architectures were deployed, identify individuals with access to the facility in order to mount social engineering attacks, and learn the pattern of security patrols in the server room. We used them to gauge whether the network administrators had discovered our attacks — when they did, their body language became noticeably more agitated.
« Older Neil Gaiman writes a poem about nudity (in collabo... | Rambo Amadeus - Euro Neuro... Newer »
This thread has been archived and is closed to new comments