We investigated the security of Estonia’s Internet elections assuming a state-level adversary. I wrote the proof-of-concept client malware that is able to silently steal votes.

The project website is https://estoniaevoting.org/. You can see read our peer-reviewed paper at https://estoniaevoting.org/findings/paper/.

BibTeX:

@InProceedings{ivoting-ccs2014,
  author =       {Drew Springall and Travis Finkenauer and
                  Zakir Durumeric and Jason Kitcat and
                  Harri Hursti and Margaret MacAlpine and
                  J. Alex Halderman},
  title =        {Security Analysis of the {E}stonian
                  {I}nternet Voting System},
  booktitle =    {Proceedings of the 21st ACM Conference on
                  Computer and Communications Security},
  year =         2014,
  month =        nov,
  organization = {ACM}
}