Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

Comment on

( #3333=superdoc: print w/ replies, xml ) Need Help??
I want you to write malicious election software in Perl!

Rules:

Your program should:
  1. Present a list of candidates (feel free to fill the ballot with whatever names you like) and instructions on how to enter votes.
  2. Read votes from STDIN, according to the instructions.
  3. After voting is finished (by entering a special command, or closing STDIN), display the final vote count for each candidate.
You should strive for the following virtues of malicious election software:
Covertness

The program's source code should look completely benign. In other words, it should appear to correctly count the given votes, according to the instructions printed out, and not appear to do anything else suspicious. It should not appear intentionally obfuscated. You want this code to pass a source inspection and get included in election equipment.*

Likewise, the results of the election should be plausible. If all votes go to one candidate, or the number of votes is vastly different than what was entered, people will get suspicious!

Deviousness / Ingenuity

When executed, the program should definitely not be benign, but instead rig the election! Be creative in how you tamper with the election. Some example ideas:

  • Steal occasional votes from one candidate and give them to your preferred candidate
  • Always ensure that your favorite candidate wins by a slight margin
  • Always force a tie
  • Elect yourself as a write-in candidate
  • Include a backdoor triggered by malformed input
  • Randomly assign votes to candidates, ignoring all actual submitted votes.

It should be quite a challenge to achieve both of these virtues simultaneously. In essence, this is an obfuscation challenge, but only the malicious intent should be obfuscated; the rest of the code should look unobfuscated.

Some other devious ideas:

  • Count votes correctly when tested, except when the code is run on the day of the election (November 4 in the USA)
  • Include (apparent) integrity checks on the voting data, while still tampering with the election

Misc:

This was inspired by this obfuscation contest. You might be inspired by some of the submissions. Some of the top submissions were very good, and it's hard to see where the votes are getting screwed up, even if you know the code has a hole somewhere. That contest used C, but of course, I encourage clever ideas that are unique to Perl.

If you feel like including them, put hints and post-mortem analyses in <spoiler> tags.

Sample code:

Here is a sample program that counts votes correctly -- of course, yours shouldn't:
use strict; use warnings; my %ballot = qw( Obama 0 McCain 0 Barr 0 blokhead 0); print "Available candidates: @{[ keys %ballot ]}\n"; print "To cast a vote, type candidate's full name. End the election wi +th ^D\n"; while (<>) { chomp( my $vote = $_ ); if ( exists $ballot{$vote} ) { $ballot{$vote}++; } else { warn "Invalid candidate!\n"; } } print "Final results:\n"; printf "%10s : %d\n", $_, $ballot{$_} for sort { $ballot{$b} <=> $ballot{$a} } keys %ballot;
Feel free to deviate from my sample code in how you store the votes, expect the votes to be given in STDIN, display the results, etc..

*: You'll have to use your imagination and pretend that voting machine companies actually review their code.

blokhead


In reply to Challenge: A malicious election by blokhead

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • Outside of code tags, you may need to use entities for some characters:
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others browsing the Monastery: (8)
    As of 2014-12-27 18:42 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      Is guessing a good strategy for surviving in the IT business?





      Results (177 votes), past polls