High school election hacked by candidate who exploited weak passwords

Graham Cluley

Vote thumb

High school election hacked by candidate

Berkeley High School in California held its first ever elections for student government last month.

Surprise surprise, as the Westport News reports, things didn’t run quite as smoothly as the school might have hoped.

One day before voting was due to close, there was a sudden surge of votes for one of the candidates running for the position of class president.

John Villavicencio, the school’s director of student activities, was suspicious that a teensy-weensy bit of electoral fraud may have taken place and – with the help of senior student Robert Ezra Stern – discovered that the candidate whose popularity was rocketing had teamed up with a pal to rig the vote by casting fake online ballots.

Villavicencio and Stern discovered that the suspicious votes had been cast en masse from the same computer, and in alphabetical order – suggesting an automated script might have been at work.

More than 500 phoney votes were submitted in favour of the candidate. The names of the candidate and their cohort have not been released, and it has not been made public whether they will suffer any disciplinary action. However, it is likely they will be compelled to apologise for his actions.

Yes, they should definitely apologise. But when I read just how the phoney votes were submitted I began to wonder if they weren’t the only ones who needed to say sorry:

The cheating candidate, a junior making his second run for class president whose name was not released, had access to a list containing students’ names and ID numbers. Voting in the election, it turned out, was done using a Google form that could be accessed using Gmail accounts issued to students by the district, with a default password that includes each student ID number.

Dumb passwords can make it all too tempting for dumb people to do dumb things.

What’s so wrong with paper ballots anyway?

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “High school election hacked by candidate who exploited weak passwords”

  1. what's wrong with paper ballots? Easy… they create work for lazy people. Who wouldn't want to be paid for supervising an election, only to have the work over to Google??

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES