Argentina finds messenger to shoot after e-vote vuln allegations
Programmer says he was raided for Tweeting
Argentinian police have reportedly raided a programmer who went public with vulnerabilities in the electronic voting system used in Buenos Aires elections last June.
Joaquín Sorianello has told La Nacion that police raided both his home and that of a friend, looking for computers and storage devices.
Argentina's e-voting system comprises a terminal that prints out a ballot (tagged with an RFID chip), and a separate communications terminal to send votes for counting.
The flaws hit the media ten days after the election, with the most serious being SSL keys being held on an unsecured server.
As the GitHub description notes, the SSL certificates were “available through a public HTTP server, no password” and that they were obtained through wget.
“These certs are used after the election to send the result of each e-voting machine to the main computing centre where all votes are summed up.”
It seems that Sorianello is being arrested not for finding the bugs or hacking the system, but for passing on the Twitter-stream of a locked Twitter account @fraudvoter. Sorianello denied any wrongdoing to La Nacion.
He also made what appears to be a big mistake: having seen information about the flaws, Sorianello contact the company in charge of the systems to warn them.
"If I wanted to hack or do something harmful I would not have told the company", he said to La Nacion.
Sroianello Tweets as @_joac. ®