The Password Was "test"
Three weeks before the 2017 German federal election, the Chaos Computer Club—Germany’s most respected hacker collective—demonstrated that the software used to tabulate and transmit the results could be compromised by anyone with a modest amount of patience and access to the internet. Which is to say: almost anyone.
The entry point was embarrassingly straightforward. A company had accidentally published a user manual for PC-Wahl online. Inside that manual were the login credentials for the software manufacturer’s internal service portal. From there, a researcher named Martin Tschirsich established that municipalities were required to update the software before each election—and that the password protecting the update server was also sitting in plain view. A malicious actor could have pushed a manipulated update. Municipalities would have downloaded it automatically, without verification. That’s not a sophisticated attack. That’s an open door.
It gets worse. The software came preconfigured with the dial-in point for the internal network used to transmit results on election night—included as a convenience, so local officials wouldn’t have to configure it themselves. In Hessen, that internal network was password-protected. The password was "test." I’ve set stronger passwords on streaming accounts I don’t care about.
The CCC also found that the software could generate plausible result files for any German state. Once you know what an acceptable result file looks like—and Tschirsich had worked that out—you could fabricate one. Combined with access to the transmission network, the picture was not reassuring. The reporting by Kai Biermann and Holger Stark at ZEIT was thorough and fairly alarming, though the response from the federal returning officer was the usual institutional shrug dressed up in the language of process.
The same official had told journalists in January of that year that German elections could not be hacked, that the technical safeguards were comprehensive and results were protected against all manipulation attempts. He was wrong on the merits and possibly wrong in a deeper way—wrong to think certainty was the appropriate register for a claim like that, when the security of democratic infrastructure depends on treating vulnerability as a permanent condition rather than a solved problem.
The contingency plan, in the end, was the telephone. Officials would form what they called "Meldeketten"—reporting chains—and relay results by voice if the software problems couldn’t be resolved in time. For a country that likes to describe itself as a technological powerhouse, that fallback had a certain grim comedy to it. The paper ballot, tabulated by hand, announced by phone. The analog backbone doing what the digital layer couldn’t guarantee.
What bothers me about this story isn’t just the specific vulnerabilities—it’s the complacency that let them exist. Someone decided "test" was an acceptable production password. Someone thought publishing credentials in a user manual was fine. These aren’t failures of technical sophistication; they’re failures of basic seriousness. And the infrastructure of democratic legitimacy ran on top of all of it.