One of the things that kept me busy in the last weeks was to take part in the mission to kill voting computers , once and for all.
I never imagined that building a chess board for Nedap voting computers out of paper and 2 cent coins might be necessary to preserve the last remains of democracy. But hey, it was fun and we made the point.
The reason for playing chess on a Nedap voting computer was that Mr. Groenendaal from Nedap claimed that the Nedap systems are “dedicated special purpose machines” and no ordinary computers and therefore could not be used to play chess. He also used the famous last words spoken by so many companies “Hackers have absolutely no chance.” .
Well. A few weeks later the hackers 0wned the Nedap boxes inside out. We played chess on them, we manipulated votes and we could detect what has been voted from across the street, using compromising (spurious) emissions, aka. TEMPEST. I do not recall a similar defeat for a systems vendor in the last years.
I am particularly happy that we managed to demonstrate a simple TEMPEST attack, as it is the first time (at least as far as I know) that this method was used for a “good” purpose. Normally it is used by the spooks and crooks of this world to spy on their targets. Now it becomes part of our toolkit to change things for the better.
Go and read the technical report paper , it is entertaining and may give you fresh ideas for your own pet projects.
The battle moves on to the legal department. We showed on the technical side that voting computers are not fulfilling the legal requirements for an election. The next step is to convince or, if necessary force by legal means, the government to acknowledge the technical findings and revoke the certification of voting computers.
Update: Barry has taken a look at the locks used to “secure” the Nedap computers. Words escape me…