Trojan Horse In Tally Server

Short Description
Once triggered, the Trojan Horse code could modify the tally server’s voting … An additional or alternate function of the tally server Trojan could be to …

Website: vote.nist.gov | Filesize: 56kb

Content
1
Trojan Horse In Tally Server (Attack1)
Taxonomy:
Configuration, Change Management, Account Management
Applicability:
Tally Server
Method:
Assuming a well motivated and financed person or group seeks to alter the outcome of an
election. They would then determine the target environment as outlined in the resource section,
below. Once key positions one and two (see “Attack Team Core Personnel”, below) were
identified and brought into the attack team, enough sensitive information would be collected
and/or readily available to reach “critical mass” and design, develop and implement the technical
mechanisms (e.g. determine a trojan horse attack method, the payload to be carried, the
interaction points with existing program structures, etc.).
Trojan horse code can generally be placed into one of two classes:
1) Closed-loop, or self-contained code that requires no additional input to execute its task.
2) Open-loop code that creates a communication channel that can be used at a later point in
time to accept additional input (explicit commands, scripts, etc.) in order to alter operating
system or tally server application operations, or accept additional, 2nd or 3rd generation closedloop
trojan horse code. Open-loop is often referred to…