Russia: Cryptanalytic Vulnerabilities in the Opposition’s Online Elections · Global Voices
Kevin Rothrock

Last weekend, Russia's political opposition held elections for its first-ever “Coordinating Council.” While there were some detractors who criticized the voting process and the results, many (if not most) in the protest movement welcomed the Council as a triumph of cooperation and mobilization. Rather than wait for the first scheduled meeting on October 27, the opposition's informal leader, Alexey Navalny, gathered fellow council members in a Facebook group on October 24, and rallied a majority to issue the Council's first official statement [ru]. That announcement broadly declared the opposition's objections to “repressions and torture,” specifically addressing the alleged mistreatment of Leonid Razvozzhaev, whom Russian police seized in Ukraine last week and transported to Moscow.
It's only natural that oppositionists are pressing on with the Coordinating Council, already deciding its positions in the debates of the day. For all its disturbing qualities, though, the Razvozzhaev case is hard to see as anything but another flash in the pan that is Russian politics. It's the latest in a series of events that are often described “Putin tightening the screws.” (This has been a familiar theme in Putin's third presidency, and one that he mocked [ru] immediately after winning reelection.) In the near and distant future, the Council will undoubtedly take a great many other stances on similar burning questions.
Leonid Volkov, screenshot from YouTube, 22 October 2012.
In a sense, this is business as usual for the protest movement. Given that Global Voices is committed to studying and amplifying the voices of civic society, we at RuNet Echo will continue to track the Coordinating Council's coming skirmishes with torture, repressions, and other injustices. Today, however, I'd like to turn back the clock to last weekend to review the issue of security in the online elections that made the Council a reality.
Cyber security, or a lack thereof
In an October 1 LiveJournal post [ru], the opposition's elections commissioner, Leonid Volkov, assured voters that “malicious persons” would be unable to access their private information. His promise was concrete:
Мы добиваемся этого единственным возможным способом — мы вообще не храним персональные данные ни в каком виде. Сразу после регистрации, каждый избиратель представляется в базе данных ЦВК с помощью уникального кода, который вычисляется по его ФИО и дате рождения, но восстановить исходные персональные данные избирателя с помощью этого кода невозможно.
We achieve this in the only way possible — we don't store personal data in any form. Immediately after registration, every voter is logged in the Commission's database by a unique code that is computed using his full name and date of birth, but it's impossible to restore this data using that code.
Before explaining what this means, it's worth reviewing Volkov's comments [ru] about telephone data, issued a week earlier:
Во-первых, мы вообще не храним никаких персональных данных. Это единственный, самый верный, надежный, и абсолютно безупречный способ борьбы с их утечкой. ФИО, даты рождения и телефоны необратимым образом преобразуются в хэш-значения, и хранятся только эти самые хэш-значения; обратно вычислить по ним какие-либо личные данные участников голосования невозможно. База номеров телефонов хранится в зашифрованном виде и отдельно от реестра хэш-кодов избирателей. (Из-за этого вы, дорогие избиратели, по сто раз в день жалуетесь, что уведомления о верификации не приходят на сотовый телефон, а проверять свой статус верификации надо в личном кабинете. Проблема в том, что мы не знаем, какой телефон соответствует какому избирателю! Послать СМСку всем избирателям одновременно мы можем, а именно вам лично в руки – нет).
First, we don't store any personal data whatsoever. This is the only, most reliable, trustworthy, and absolutely perfect way to fight leaks. Full names, birth dates, and telephone numbers are irreversibly converted to hash values and stored only as these hash values — it's impossible to restore voters’ personal data. The phone-numbers database is stored in encrypted form, separate from the hash-codes registry of voters. (Because of this, you, my dear voters, are complaining 100 times a day that verification notifications don't arrive to your mobile phones, and that [you instead have] to check your status from your office. The problem is that we don't know which phone number belongs to what voter! We are able to send a mass SMS to all voters simultaneously, but not to you personally.)
Volkov's security measures are technical and convoluted, but here's what is important to grasp: he apparently understood cryptographic hash functions as an impenetrable defense against hacks bent on deciphering voters’ personal information. Furthermore, Volkov claims that voters’ phone numbers were permanently severed from any identifying data.
The phone numbers leak
In an October 24 blog post [ru], Volkov tried to clear the air with a long explanation of how the Elections Commission combated [ru] the threat from MMM “zombies.” (For background on this story, see here.) RuNet Echo's Andrey Tselikov has covered the general contours of that counteroffensive, but there is one tactic we've yet to discuss.
At some point during the voting, Volkov quite foolishly decided to feed the Commission's database of phone numbers into an algorithm that tested the MMM website's password-recovery system. In other words, he tested voters’ private data to see if it would trigger proof that some of them were in fact MMM members.
Moments after Volkov revealed this operation, California-based IT specialist Ilya Kuleshov commented [ru] on the blog post, pointing out that MMM could now review its own weblogs to discover the telephone contact information for the entire electorate (which Volkov essentially “handed over” by mistake). Kuleshov (whose own Facebook page indicates support for the Coordinating Council) asked worriedly, “Leonid, I hope you only checked the suspicious individuals and not every single voter?”
Volkov's response came just seconds later, and it was not likely a great comfort to his readers. It read:
прогнали довольно много, это, на самом деле, известный наш косяк, он будет отражен в независимом заключении технического аудита как одна из наших больших ошибок :(
We checked quite a lot [of numbers], and this is in fact our most notorious screw-up, and it will be reflected in the independent findings of a technical audit as one of our biggest mistakes :(
Indeed, nationalist Sergei Nesterovich recently published an informal audit (retweeted [ru] by Volkov), which faulted the Elections Commission for this very slip-up, declaring [ru]:
К сожалению, оказался или нет, мы сможем узнать только в результате действий этих лиц, […]. Есть небольшая надежда на то, что эти люди – идиоты, и не смогут воспользоваться сделанным им подарком.
Unfortunately, we can only know whether or not [the MMMers obtained the data by waiting to see what they do now] […]. There is a small hope that these people are idiots and will be unable to use what's been gifted to them.
On October 25, Volkov's personal hate blogger, Andrei Sporov, seized on the MMM-telephones foul-up to make his latest case [ru] that the opposition's elections were carried out by a “liar” and a “dilettante.” Several times in the past [ru], Sporov has criticized Volkov's security measures (particularly his unshakeable faith in the “irreversibility” of cryptographic hash functions) as foolish and easily defeated. In a post in late September, for instance, Sporov listed the weaknesses of Volkov's encryption methods, leading commenter livestant to conclude [ru] that a brute-force cryptanalytic attack launched from a single puny laptop could decipher the entire electorate's personal data in just six months’ time.
Irrelevant or unsafe?
About now you might be asking yourself, “But didn't Volkov promise to destroy all voters’ personal data?” Indeed, blogger livestant ultimately concludes that the only data one could likely learn from such hacking would be “whether [a particular individual] did or didn't participate in these elections.”
Alas, dear readers, I have a different question for you. If the telephone numbers were supposedly divorced from all identifying personal data, why did Volkov test the database of phone numbers against MMM's user base? If the Commission was incapable of “knowing which phone number belongs to what voter,” what use could this risky test have been at all? Either his interest was purely academic (e.g., “what is the rough percentage of the electorate that used MMM-registered phone numbers?”), or the Commission actually does have a way of reintegrating personal data after the voter registration process.
If you're having any trouble understanding the ins and outs of this issue, you're not alone. As the Coordinating Council — now populated and active — marches forward, the controversies surrounding its election will fade into history. This, anyway, is part of that history's record.