Talking on Hacking ASUC Elections
Dan Silverstein is giving a talk in Soda Hall tomorrow entitled Hacking the ASUC: What Political Hacks can Learn from Hackers and Vice-Versa… Here’s a note from him with some detailed information on the talk:
Howdy,
I am presenting a talk this Tuesday, 4/25 that may be of interest to UC Berkeley community members. The talk is entitled Hacking the ASUC: What Political Hacks can Learn from Hackers and Vice-Versa, and it is co-hosted by CalLUG and the Computer Science Undergraduate Association.
The talk draws on my observations of the interaction between ASUC political hacks and hackers from the CSUA and OCF during the 2003 and 2004 ASUC elections. I have a unique vantage point because I led a team that hacked and, subsequently, helped secure the 2003 ASUC elections. The following year, I recruited and led the team that wrote the replacement election server. Members of the 2004 elections council called upon me to do this less than 24 hours before balloting opened.
Hacking the ASUC is written for non-technical audiences, but will feature elements of interest to techies, including the 2003 exploit code.
Time, Date, and Location:
6:00 PM
Tuesday, 4/25
306 Soda Hall (aka that big bathroom-green tile building on North Side)CalLUG’s announcement:
http://www.ocf.berkeley.edu/~linux/
Dead tree format flyer:
http://www.csua.berkeley.edu/~dans/misc/hacking_asuc/did_you_know.pdfPlease pass this on to anyone you feel would be interested. Cheers.
ASUC folk should really go to this, if for no other reason than to preserve some institutional memory about the 2003 election and how it was fixed. I can attest that it wouldn’t have happened without Dan, we (the judicial council) were very close to voiding the election and ordering it held in the spring semester. Dan was no small reason why we didn’t and it would be valuable to learn why.
Comment by Mike Davis — April 24, 2006 @ 8:05 pm
I appreciate Mike’s sentiments, but I certainly don’t deserve all the credit. I saw Tommaso, the 2003 Election Chair, attempting something that was equal parts foolhardy and innovative, and it looked like it was going to fall flat, at considerable cost to the students. I was in a position to put the call out to others with the skills needed to help. A lot of very cool folks from the Computer Science Undergraduate Association and the Open Computing Facility stepped up to the task.
Comment by Daniel C. Silverstein — April 24, 2006 @ 11:53 pm
Voting was supposed to begin at 9AM today, but the system is malfunctioning. I’ve turned away 8 voters so far with more on the way.
Comment by Donald — April 25, 2006 @ 8:09 am
I am abroad and would like to vote. What web address do I need to use in order to do so?
Comment by Ian — April 25, 2006 @ 10:14 am
election.asuc.org, I believe.
Comment by Beetle — April 25, 2006 @ 10:15 am
i doubt calserve will get many votes. since all their supporters tried to vote three weeks ago.
calserve voter guide
Comment by chet, the climactic CEO — April 25, 2006 @ 10:48 am
Donald, I saw folks voting, so I assume things got running eventually. When was the system working/could people start voting?
Comment by Beetle — April 25, 2006 @ 11:16 am
i just had sex in a polling place.
Comment by chet, the climactic CEO — April 25, 2006 @ 11:23 am
They figured out what the problem was by 9:30. My polling station was one of the first fixed, though by the time I left my station (10:00), there were a few still down.
Comment by Donald — April 25, 2006 @ 1:14 pm
I can attest to Dan Silverstien’s awesomeness. He really did save that Election several times over. I wouldn’t say he “hacked” the election, but he certainly hacked together a lot of stuff to help it actually work.
Comment by Tommaso Sciortino — April 25, 2006 @ 3:49 pm
Tommaso, what would you call working exploit code that implements a man in the middle attack for the 2003 election system which was written before the elections opened? I spoke about this at Defcon and Computers Freedom and Privacy, and have a 70 page tome of a writeup to attest to this.
One of the slides on my talk includes the code. I’ve told you about this before, and it’s nothing to be ashamed of. Security is really hard. You did something unprecedented with the ASUC elections, and even though it damn near blew up on takeoff, you pulled it out in the end, and that deserves mad props, even if the election server code left something to be desired.
(Dan)
Comment by Daniel C. Silverstein — April 25, 2006 @ 4:49 pm
That’s right. I forgot. I think perhaps its better to say that an exploit was found rather than the “election was hacked” since that might lead people to believe that the results of the election weren’t valid.
Comment by Tommaso Sciortino — April 26, 2006 @ 8:05 am
Fair enough. You know my flair for the dramatic. And to quote Steve Coogan playing Anthony Wilson paraphrasing John Ford, “When forced to pick between truth and legend, print the legned.”
(Dan)
Comment by Daniel C. Silverstein — April 27, 2006 @ 4:04 am