Large scale fraud discovered when hacking student accounts in Student Council elections and voluntarily voting online


Arnaud Jaegers

In a high school where students were able to vote for student council elections using the e-mail address given at the time of admission, an unfair vote was given to two candidates who were elected as student president and vice chairman. It was discovered that it was being done.

Berkeley high student tried to rig his own election, exposing flaw in district's cybersecurity — Berkeleyside

According to Berkeleyside, the unfair vote was taken at Berkeley High School in California. John Villavicencio, director of student activities, checks the transition of voting results, suspects of fraud, and checks the contents of the votes with REStern, a school board member. I got the conviction that fraud was done.

This is a graph created by Stern that shows the transition of the number of votes for 4 days. The two surveys show that many of the students have voted for “at lunch” and “after school,” which is a graph that actually shows that tendency, but only one out of seven candidates has a period The number of votes from the center of is showing a strange growth.

The cause of the fraud was the 'Berkeley Unified School District (BUSD)' account, which is given when you enter Berkeley's secondary school / high school. The e-mail address of the BUSD account is a combination of first name and last name, and the default password is 'Berkeley' combined with the student number. If you have not changed the password, a third party can obtain the name and the student number. It seems that it was accessible.

An example of a poll that took place on Friday, as Stern showed. Students who have nothing in common other than 'Alphabetical order when names come back and forth' vote for the same candidate with almost no gap.

As a result, the wrongdoer is disqualified, and the vote of the person who used the account is canceled and the vote is re-voted. Again, Junior Lexie Tesch is the student president, and Daijah Conerly is the vice chairman. it was done.

Although there has been a call to change the password during the orientation, Mr. Tesch himself, who became the new chairman, had neglected to change the password until just before the election. 'If I did not change it, my vote It might have been hacked too, 'he says.

in Note, Posted by logc_nt