Want to earn quick cash? Then accept the invite of the Swiss government, as they are offering $30,000 reward whoever can hack their e-voting system. The pen test challenge are both open for companies, groups and individuals, with the successful party earning $30,000 in cold cash.
“The e-voting system is the first Swiss system that can be fully verified. Interested hackers from all over the world are welcome to attack the system. The hacker community should try to manipulate votes, read votes cast and disable or circumvent the security measures that protect votes and security-related data. The system documentation and source code must be published before testing,” the Swiss government boasted.
The so-called: ‘Public Intrusion Test’ shall be open from February 25 to March 2, the rewards are categorized in the below table:
Registration for the Public Intrusion Test is now online, inviting all groups and interested parties to participate in the open hacking for the e-voting system. The sign-up requirement is a ‘legal permit’ for the ‘hacks’ not to become against the law, it will also be used as record keeping on who will receive cash rewards before the mock voting session on March 24.
“Interested hackers from all over the world are welcome to attack the system. In doing so, they will contribute to improving the system’s security. Swiss Post believes that only a transparent e-voting solution can be successful in the long term. By opening it up to an intrusion test, it is exposing its system to the intelligence and skill of sophisticated hackers to identify whether, when, and how its e-voting system can be compromised.,” said the Swiss government in a press release
The Swiss government is confident of the e-voting system that they will implement, the sourcecode of the system is open for audit as well by any party. The source code is available on Gitlab and in Swiss Post, for anyone to check, review and scrutinize the very software the will run the Switzerland elections.
Of course, the adaption of the e-voting system is none without its opposition. Critics and some security experts have expressed their dislike for the system, armed with the goal of gathering at least 100,000 signatures in order to persuade authorities not to proceed with e-voting. Swiss citizens are expected to be able to vote even if they are outside the country, poll stations will be available as well as postal absentee voting.
Bug bounty programs like this is not unique, as private companies such as Microsoft, Google, Facebook, Twitter and other tech giants are their second way to quash bugs in their software. It is nice to see a state is open in allowing penetration testing against the system they will use for their national election.