German hackers say vote software a security 'write-off'

German Chancellor Angela Merkel attends an electoral meeting in Torgau, eastern Germany. (John MacDougall,  AFP)
German Chancellor Angela Merkel attends an electoral meeting in Torgau, eastern Germany. (John MacDougall, AFP)

Berlin - German IT security experts said on Thursday that they had found "serious flaws" in the ballot software being used for the September 24 elections in which Chancellor Angela Merkel is seeking a fourth term.

The Chaos Computer Club, Europe's biggest hacker collective, said the system to count and transmit vote results lacked proper encryption and other security tools, labelling it a "write-off".

The privately developed "PC-Wahl" (PC Election) software - used for years in several of Germany's 16 states - "should never have been used," said a CCC spokesperson, Linus Neumann.

"The number of possible attack targets and the severity of vulnerabilities exceeded our worst fears," he said in comments first published by news weekly Die Zeit.

The report highlights fears about cyberattacks before and during the election in Germany, where lawmakers' PCs were crippled in a 2015 attack which security services pinned on Russia.

The CCC warned that German parliamentary election results could potentially be manipulated remotely because the software failed to meet even "the basic principles of IT security".

CCC hackers have in the past highlighted IT security flaws in high-profile cases, and their members often give expert testimony in German parliamentary hearings and court cases.

But the developer of the software, Volker Berninger, rejected the criticism, telling Die Zeit that "in the worst-case scenario, someone would create confusion".

"Some wrongful results would be published on the internet, but the correct ones would still exist on paper. This would cause anger and confusion but have no relevance."

But the CCC said any online attack would have "the potential to permanently undermine confidence in the democratic process".

"This is simply not the right millennium in which to turn a blind eye to IT security in elections," Neumann said.

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Lockdown For
DAYS
HRS
MINS
Voting Booth
Until the matric exams are over, my family is:
Please select an option Oops! Something went wrong, please try again later.
Results
Self-isolating to ensure we don't miss any exams
13% - 213 votes
Following Covid-19 safety protocols, but still going out like normal
53% - 859 votes
Business as usual, we're not worried about the virus
33% - 535 votes
Vote
ZAR/USD
16.23
(+0.67)
ZAR/GBP
21.02
(+0.59)
ZAR/EUR
18.90
(+1.01)
ZAR/AUD
11.40
(+0.88)
ZAR/JPY
0.16
(+0.82)
Gold
1877.90
(+0.05)
Silver
23.62
(+0.11)
Platinum
844.50
(+0.39)
Brent Crude
37.86
(-0.84)
Palladium
2204.58
(+0.60)
All Share
51684.70
(-0.41)
Top 40
47472.92
(-0.22)
Financial 15
9459.76
(-3.04)
Industrial 25
73439.58
(+1.04)
Resource 10
47245.91
(-1.21)
All JSE data delayed by at least 15 minutes morningstar logo