We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Science

TPM PhD student hacks CDA voting page

CDA members who voted for a new party leader will have to vote again after TPM PhD student Jordy San José Sanchez exposed a leak in the political party’s voting webpage.

The original voting page on the CDA website. (Picture: CDA)

“It was actually quite simple,” says PhD student Jordy San José Sanchez (Faculty of Technology, Policy and Management) about his discovery. The website of the Christian Democratic Party (CDA) to vote for the party leader is open to the public. Visitors just needed to enter a seven digit numerical code (it said ‘0000000’),  after which they could vote for Hugo de Jonge, Mona Keijzer or Pieter Omtzigt as party leader.

San José Sanchez wrote a small programme that generated seven digit codes and released it on the voting page. After he found a matching code three times, and could vote thrice, the PhD student contacted his professor, Prof. Michel van Eeten (Cyber Security). He also informed the CDA of the leak.

Again
The party then decided to re-run the election because it could not guarantee that the election had been fair. “We want to be sure that the election was fair, and we cannot guarantee that now,” said party Chairman Rutger Ploum to the NOS. CDA members will, again, be able to cast their votes from Thursday to Saturday morning.

Postal code
What’s different now? Former naval officer and econometrician San José Sanchez sees some differences. The seven zeros have disappeared from the code window. Voters now also have to enter their member number and their postal code. Huh? Voting is anonymous, isn’t it? The postal code is checked afterwards by a notary, reports the website, ‘so the anonymity of the voter is again guaranteed’. A Captcha has also been added to the page which makes it more difficult to fill in the form automatically because objects from a series of photos need to be recognised. The NOS reports that the CDA has hired the security company Fox-IT.

String
San José Sanchez finds it strange that the CDA is still using the same seven digit voting codes, because it cannot be excluded that someone traced the codes on the previous website. Does he have a better idea? Sending an individual long random string of 20 digits and numbers to each member by email and have them enter it as password, the PhD candidate suggests .

Jordy%20San%20Jose%20Sanchez.png

Jordy San José Sanchez investigates the use of artificial intelligence to detect cyber attacks. (Photo: private collection)

 

Editor in chief Saskia Bonger

Do you have a question or comment about this article?

s.m.bonger@tudelft.nl

Related

Comments are closed.