Swiss Government Invites Hackers to Pen Test Their Voting System

The Swiss government is eager to ensure that its e-voting system is safe and secure for those casting their votes. To ensure that’s the case, they issued a press release looking for “Interested hackers from all over the world to attack the system.” This will be in the form of a public intrusion test or PIT session.

Public Intrusion Test

The public intrusion test (PIT) will run from February 25 until March 2 and offer cash rewards depending on what the hackers are able to do. There are a set of rules attached to this PIT, which set out the basics of the test, and the qualifying vulnerabilities.

The rewards for this test range from $100 to $30,000 based on CHF points (1 CHF point is roughly equivalent to 1 USD.)

There is set to be a mock e-voting session planned for the last day of testing on 24 March. However, hackers can attack the e-voting system before this date as well.

Registration

Anyone wanting to participate in the test has to register in advance of the PIT session. This gives the participants legal permission to attack the system and also enables them to receive rewards.

Registration also binds participants to the rules of the PIT. This ensures that only the system is targeted, and protects the rest of the Swiss Post infrastructure.

Rules

Participants of the PIT session are restricted from attacking certain areas of the infrastructure. For example, hackers are not allowed to harm a voter’s device or attack any unrelated systems belonging to Swiss Post who created the e-voting system.

However, Swiss Post will be disabling some of the e-voting security defences to allow participants to concentrate on the inner core of the system.

The Swiss government is holding public penetration tests to build confidence in the system. A committee of politicians and computer experts started an initiative at the end of January to have e-voting banned in Switzerland for at least five years. They are hoping to get over 100,000 signatures in a petition over the coming months.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil