Skip to content

The key facts about the 2024 e-voting hacker test

From 17 June to 3 July, computer specialists from all over the world put Swiss Post’s e-voting system to the test. Swiss Post registered activity from around 7,000 IP addresses, but nobody managed to break into the electronic ballot box. How does a so-called public intrusion test work, and what are the figures for this year’s test? Find out in our article. (Last modified: 13 August 2024)

     

Schild

 

In our public intrusion test, ethical hackers test an exact copy of the e-voting system’s production environment in an attempt to find security loopholes. This means that the test takes place under the same conditions as when e-voting is used in votes and elections.

 

Activity from 6,923 IP addresses

Swiss Post logged activity from 6,923 IP addresses during this year’s public intrusion test. Of these, 146 IP addresses recorded a high level of activity, with more than 50 attacks on the e-voting server throughout the duration of the test.

 

28,944 hits on the voting platform

During the intrusion test, Swiss Post tracks the attempted attacks on the system, just as it does during actual contests. It detected around 29,000 hits on the voting platform, of which 9,665 can be classified as attempted attacks.

 

Attacks from 62 countries

Swiss Post invites experts from all over the world to put its e-voting system to the test. During this year’s test, it detected hits from 62 countries. The most active participants came from 27 countries in total. The majority of attempted attacks originated in the United States of America (19 percent), followed by Switzerland and France (around 12 percent each).

 

One finding confirmed

The participating experts sent a total of four reports to Swiss Post. Of these, Swiss Post confirmed one as a finding. This had a severity rating of low (the first of four levels: “low”, “medium”, “high” and “critical”). The finding did not concern any security-related aspects. It shows an improvement in the communication between the servers, making simultaneous requests impossible. Swiss Post has implemented the improvement in the voting server.

 

4,500 francs of rewards paid out

Swiss Post paid a reward of 1,500 francs to the person who reported the finding. Because he was the first person to report a confirmed finding, he also received a bonus of 3,000 francs. Swiss Post increased its advertised rewards for e-voting security loopholes in 2024. It now pays up to 50,000 francs for critical vulnerabilities. If anyone succeeds in manipulating the electronic ballot without being detected, they will receive up to 250,000 francs.

 

Final report on the public intrusion test 2024

 

More information on public scrutiny


Swiss Post has published all the essential components and documents for its e-voting system to enable experts from all over the world to search for gaps in its security.

 

The Swiss Confederation also has each new version of the system tested thoroughly. The test of the latest system release has just been completed. Swiss Post’s e-voting team has analysed the reports by the independent experts and published its response report. The plan is to use the new system version for the first time during the contest on 22 September 2024. In the current release, Swiss Post has reduced dependency on third-party software, improved the user interface for the cantons and further increased the robustness of the system’s operation.

 

 

Go to the report

 

More information on the public test

Subscribe to the blog

Sign up for our E-government blog and you’ll receive regular updates on our latest blog articles, expert opinions and industry trends.

Subscribe now