High school election hacked by candidate who exploited weak passwords

Dumb passwords can make it all too tempting for dumb people to do dumb things.

High school election hacked by candidate

Berkeley High School in California held its first ever elections for student government last month.

Surprise surprise, as the Westport News reports, things didn’t run quite as smoothly as the school might have hoped.

One day before voting was due to close, there was a sudden surge of votes for one of the candidates running for the position of class president.

John Villavicencio, the school’s director of student activities, was suspicious that a teensy-weensy bit of electoral fraud may have taken place and - with the help of senior student Robert Ezra Stern - discovered that the candidate whose popularity was rocketing had teamed up with a pal to rig the vote by casting fake online ballots.

Villavicencio and Stern discovered that the suspicious votes had been cast en masse from the same computer, and in alphabetical order - suggesting an automated script might have been at work.

More than 500 phoney votes were submitted in favour of the candidate. The names of the candidate and their cohort have not been released, and it has not been made public whether they will suffer any disciplinary action. However, it is likely they will be compelled to apologise for his actions.

Yes, they should definitely apologise. But when I read just how the phoney votes were submitted I began to wonder if they weren’t the only ones who needed to say sorry:

The cheating candidate, a junior making his second run for class president whose name was not released, had access to a list containing students’ names and ID numbers. Voting in the election, it turned out, was done using a Google form that could be accessed using Gmail accounts issued to students by the district, with a default password that includes each student ID number.

Dumb passwords can make it all too tempting for dumb people to do dumb things.

What’s so wrong with paper ballots anyway?

Tags: , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , ,

One Response

  1. Myopia

    April 18, 2019 at 2:13 pm #

    what’s wrong with paper ballots? Easy… they create work for lazy people. Who wouldn’t want to be paid for supervising an election, only to have the work over to Google??

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.