Trojan Horse In Tally Server

Potential Gain:
To successfully alter the tabulated vote from some or all DRE’s in a county. A Trojan Horse attack would not have to explicitly reverse the recorded outcome of an election (e.g., create a republican victor in a predominantly democratic district) to be successful. It may be sufficient to simply alter a few undervotes, or reduce the margin of victory by a few votes. This would also be useful in voting events where a simple majority was not the determinate state, but where a ratio of votes (e.g., electing candidates across multiple possible positions, or as the basis for determining electoral representation) would be of enough interest to motivate the attackers.

Likelihood of Detection:
The Trojan Horse code could be detected in several places: by the vendor, by the test lab, or by an election official noticing anomalous results during a test or in a real election. A skilled programmer, however, will generally be able to hide a significant amount of dangerous code without being detected in testing. If hidden in the subroutine code of supporting Commercial Off-The-Shelf (COTS) libraries or software objects, the Trojan would not be discoverable by the test lab, as they are not expected to have access to the relevent COTS software. (See countermeasures.)

Obstacles to attack:

1. Paper Records. Each DRE generates a paper receipt with the tallies of the votes recorded. These paper records are forwarded to the tallying place as part of the official record, and should be cross-checked with the electronic tally figures. Counteractant: See Additional Roles, #4, above.
2. Subject Matter Complexity. Elections processes are too specialized to be easily understood by an outsider. Counteractant: See Additional Roles, #5, above.
3. Ballot Assembly Timeline. The dynamic nature of the ballot database might, at times, leave too small a window of opportunity for such an attack to be mounted. Counteractant: See Additional Roles, #5, above.
4. Security Process. The tally server is an important piece of hardware, kept in a secure location at all times. All physical access is controlled by authorized personnel, and all logical access is carefully controlled and monitored. (Many counties are not organized to protect a tally server or detect intrusions against their servers.)

Download file here

Related Manual Guide

• BlackBerry Tour 9630 Smartphone User Guide
• The Trojan Money Spinner
• Tutorial for MySQL An Introduction to Java Programming
• Native Queries for Persistent Objects A Design White Paper
• The OpenGL ES 2.0 Programming Guide
• Java A Tutorial for Migration from C++