A correspondent from Swedish national radio traveled to The Netherlands to interview me about my research about how I could hack the Dutch elections that were held in March 2017:
As this radio show is presented in Swedish, a local friend of my there was so kind enough to make a transcript of the interview in English:
Sijmen: Have you ever met a hacker before?
Radio host: I don’t think so. [“Have you ever met a hacker before?” is what Sijmen Ruwhof wonders, and smiles.]
Radio host: [On the surface his apartment looks like any other bachelor’s apartment, a grey cat strokes against our legs, and appears to be a bit annoyed of the sound from the building construction on the other side]
Sijmen: This is going to be the same kind of style they have over there.. nice houses.
Radio host: [The only thing that reveals that a hacker lives here, are four computers on a table near the window.]
Sijmen: Yeah, I work as an ethical hacker, breaking into computer systems.
Radio host: [Yep, Sijmen Ruwhof calls himself an “ethical hacker”, or a white-hat as it’s also called. He hacks companies or individuals, and then shows them how to protect themselves against other hackers.. the unethical black-hats. A kind of war rages out there on the internet”, he says.]
Sijmen: Yeah, absolutely. We’re out of control. It’s war on the internet.
Radio host: [People are mostly completely unaware of this war. A couple of days before we met, Sijmen was at home at a rich Dutch family that had their internet closed down because the internet provider saw that their hard drive was attacking other peoples web sites. The family were surprised, of course.]
Sijmen: That hard disk was infected by a virus, and that hard disk was attacking websites on the internet. And when I analysed his laptop, I found that his laptop was infected with another virus so I went further and they had a camera system at home, and I quickly found out that this camera system could be easily hacked. I could just view all the cameras via the internet
Radio host: [Sijmen also took the opportunity to hack the family’s burglar alarm with cameras around in the house, to show that anybody can view them through the internet.]
Sijmen: So the guy was really shocked that someone could watch him in his own house, walking naked.. Its the world we are living in at the moment.
Radio host: [Yep that’s how the world looks like now. And that’s what the hacker Sijmen Ruwhof does for a living – to protect people against (these kinds of things) And sometimes he hacks something big to make a point, like lately, the Dutch election.]
Sijmen: Yeah , some weeks ago I looked at the Dutch election software and saw that it was very vulnerable.
– music plays –
Sijmen: Here is one of the videos…
Radio host: [Sijmen Ruwhof says it took him about 2 hours to conclude that the software which counts the votes in Dutch elections for the past 8 years was full of security issues]
Sijmen: You will see here some technical details.
Radio host: [The voting authority had also made it easy for hackers, by providing instruction videos for the vote counting software on YouTube, where important technical information is revealed]
Sijmen: What you can also see here, is another leak.
Radio host: [On top of that, it turns out that election districts used completely ordinary office computers that were connected to the internet, to sum up the results of the vote counting and then they send the numbers to the central vote authority in completely ordinary unencrypted e-mails, says Sijmen Ruwhof.]
Sijmen: And I was like: “what!?”. Are they going to send the election results by e-mail over the internet, unencrypted, unsecured. Especially for a state sponsored hacker like Russia or United States it’s very easy for them to intercept an e-mail and change the results of that e-mail.
Radio host: [For a state sponsored hacker from for example Russia or the USA, it would be very easy to change the results in those mails, says Sijmen Ruwhof. He could have hacked his way into a computer and do that, himself.]
Sijmen: If you take Amsterdam, Rotterdam or Utrecht in the Netherlands… big cities. I would hack their laptops that they normally use for day to day usage and tamper the results. Change the data files on these systems on election day.
Radio host: [But then again, Sijmen Ruwhof is an ethical hacker, a white-hat. So instead he went to the Dutch TV channel RTL and told them about it. It became big news that the election could be hacked And the government immediately decided that all the votes were to be counted by hand this year.]
Sijmen: Yeah, two days after the Dutch minister then bans the use of the election software.
Radio host: And you’re saying they used the system for eight years. Are you confident the results you see on Tv are the actual results of those elections?
Sijmen: Well, I doubt it…
Radio host: [If Sijmen could find these security issues so quickly, then somebody else probably has done it already, he says. But if the elections these past eight years have been affected in any way? – that we will never know… There will be no recount. Three months after the elections, all the votes are destroyed. And Sijmen Ruwhof still thinks that there are shortcomings with how The Netherlands count votes. This time they did it, thanks to him, by hand. But the results were still summed up on computers, he says. Why not just use old fashioned pen and paper?]
Sijmen: Paper is of course.. messy, its big.. bulky. Paper is not an ideal solution either, but its best of both.
Radio host: So you’re a hacker spending most of your time by that computer and you’re recommending pen and paper.
Sijmen: Absolutely! Yeah!
Radio host: [All of this has of course been a big PR success for him. The hacker that forced The Netherlands to recount all the votes by hand. Right now, he himself gets exposed for a lot of hack attacks, he says, and points at the computers that stand in front of us.]
Sijmen: I added some extra measures here and there..
Radio host: So why are they attacking you?
Sijmen: To bring me down I think, it’s a strange world. Hackers are sometimes jealous.