This story is funny from the standpoint of the highjinks pulled by the guys who hacked the system. It’s less amusing when you consider the information that was potentially hacked by the amateur hour on display by the politicians involved.
From the article, consider the following:
- The administrative password and account for the system were admin and admin.
- No one even realized it had been hacked for 2 days.
- The guys who hacked the system prevented or stopped 4 other attacks while they were in there- apparently no one realized these attacks were on going.
These are mistakes that most amateur network admins wouldn’t have made. And these guys wanted to conduct an election with this system. The other antics were from the “all in good fun” family.
I’ll also note that the article refers to a “public key” being lifted by the hackers and used to change the ballots. I don’t think that’s quite correct, because in encryption, a “public key” is, well, public and means just that- anyone can use it. It’s used to encrypt data so that only a corresponding “private key” can be used to decrypt the data. The idea being that every public key has one, unique private key. Therefore, I’m guessing that they were able to get the “private key” and used that to change the ballots, since the private one is the key that network admins aim to protect for encryption purposes since, if that one is made public, the encryption scheme is essentially broken.
While the rest of the mistakes were on the admins, that one is on the article writer.