Some 61.5 million German citizens are allowed to vote on September 24th in what should be a transparent process. But while ballots are counted by hand in the beginning, the results could be endangered when the votes from all the constituencies are calculated, reported die Zeit on Thursday.
The discovery was made by IT scientist Martin Tschirsich. The 29-year-old from Hesse had found out that PC Wahl can theoretically be manipulated by hackers. PC Wahl is the name of the software that is often used during national elections.
“At some point, the results need to be typed in somewhere. And from then on, a lot of things can happen digitally” where attackers could potentially undermine PC Wahl users, Tschirsich told Spiegel Online.
Each state in Germany has its own rules on how individual results in preliminary voting processes are transmitted, including methods via telephone, fax or software. The software which is used also varies from state to state.
Experts from the Chaos Computer Club (CCC) – a Europe-based association of hackers – backed Tschirsich’s findings and were able to track the flaws and uncover additional vulnerabilities.
“The number of possible attacks and the severity of the vulnerabilities exceed our worst fears,” said CCC spokesman Linus Neumann.
But the manufacturer of PC Wahl denies that its software is unsafe, reported Spiegel Online.
Others argue it isn’t that easy to manipulate election results, particularly the final result.
President of the Federal Statistical Office (Destatis) Dieter Sarreither, who is in charge of collecting the results from each state in the Bundestag election, says manipulation of preliminary election findings is “extremely unlikely.” Manipulation of the official result is moreover “impossible.”
“If the final result was manipulated, it would be discovered immediately,” Tschirsich conceded.
Hackers have preyed on weaknesses in official computer systems in the recent past.
In 2015, hackers who got into the German parliament’s computer system via so-called phishing emails were able to spy on the network for weeks.
IT experts had no choice but to go offline for several days. All systems were shut down and since then, they’ve been redesigned and made more secure.