UPDATE: Is the online Flag Referendum easy to hack?

By   /   March 21, 2016  /   4 Comments

TDB recommends Voyager - Unlimited internet @home as fast as you can get

The tipoff line is suggesting that there is an easy way to hack the overseas voting option on the Government’s website…

Screen Shot 2016-03-15 at 5.05.03 pm

The tipoff line is suggesting that there is an easy way to hack the overseas voting option on the Government’s website

There is an online submission option and the form uses QR codes to authenticate each individual vote. It would be very easy to write a web service (small software / web application) which would generate every possible QR code configuration and submit it from individual IP addresses to the online form. Of course, this would render the referendum invalid. In security terms, this would be deemed similar to a DDOS attack.

If you submit every combination to the online form there would be no way to tell which were real vs fake

…perhaps this needs investigating before the results are declared on Thursday?

 

UPDATE: We have received this response …

No, because there are 4 billion public IPv4 addresses in the world, and
(at least) 99 billion permutations of the QR code on the Voting Paper.
Each attack would have a 1 mil/99 bil (0.00101%) chance of guessing the
“correct” QR code. An attacker would run out of IP address well before
being able to spoof 1 million votes (~the number of NZers living
overseas).

If you used all 4 billion IP addresses, you would successfully fake
around 40,000 votes. As well over 1.7 million voting papers have been
returned
(http://www.elections.org.nz/events/referendums-new-zealand-flag-0/voting-second-referendum/voting-statistics), the effect of such an attack on the outcome would probably be
negligible.

***
Want to support this work? Donate today
***
Follow us on Twitter & Facebook
***

4 Comments

  1. Chooky says:

    one thing is for sure John Key will be desperate for a win for his flag despite all the polls saying New Zealanders want to keep their existing flag

    …really if the referendum can be sabotaged then it is null and void and heads should roll

  2. There is no way I would entrust my vote to an on-line, electronic system.

    The possibility of hacking and scrutiny by our Respected & Trusted spy agencies is just too great.

    Paranoia?

    Let’s ask Kim Dotcom, Keith Locke, Phil Goff, or the 88 other New Zealanders who’ve been illegally spied on by the GCSB.

    • Chooky says:

      yes who are they?…these enemies of the state?…I expect it would be a huge embarrassment if they were named

      really the Labour Party has betrayed New Zealanders by not asking for the exposure for all to see of those named….and allowing and legitimising and extending the illegal spying on New Zealanders…

  3. Words says:

    Is the online Flag Referendum easy to hack? Yes, dead easy.