Actually, the election was broken before, and the Chaos Computer Club just happened to be the only one looking closely enough, again. (German PDF)
Ten years ago, they broke the digital elections in Hamburg, which were to be based on the Digitaler Wahlstift. Because of that, and Wij vertrouwen stemcomputers niet there is actually a completely offline paper record that can be used to rebuild election results from hand.
So this time CCC looked at the electrion result collection and tabulation software, PC-Wahl 10. And found something uses default passwords of the calibre test/test, using FTP based unsigned software updates, and using no secure way whatsoever to transmit and validate election results.
„Elementary principles of IT-security were not heeded to. The amount of vulnerabilities and their severity exceeded our worst expectations“, says Linus Neumann, a speaker for the CCC that was involved in the study.
If there is ever a valid use case for the
Merkel Merkle Trees, it’s probably this.