The European company Lazarus Technology, specialized in forensic cybersecurity, has claimed “greater transparency and traceability” on platforms that manage mass votes after the “anomalies” in the Eurovision Televoto.
After the controversy after the popular vote in the final of the contest, the company advises to establish “independent digital audit mechanisms” for processes that involve millions of citizen interactions in real time.
“It’s not about stating that Eurovision has been hacked,” says Lazarus Technology executive director Manuel Huerta. “It is about assuming that, in the current digital stage, transparency is not an option: it is an obligation. Any platform that manages millions of votes must ensure that its processes can be audited by third parties, and that there are traceability mechanisms capable of detecting anomalous patterns or automated activity that compromises the legitimacy of the result,” he said.
From the company they explain that the Eurovision case cannot be treated as an anecdote or as a “weekend meme” because “when the data breaks the logic of the context, as in this case, the reasonable thing is not to point out, but audit.”
From a technical perspective, Lazarus points out that there are multiple ways to interfere with a digital voting system without directly compromising its central infrastructure. One of the most common is automation by means of bots and device farms, which allow thousands of votes to be emitted from masked virtual nodes by VPN networks, proxies or even zombie networks, which hinders the real traceability of the origin of the votes.
Another route of “manipulation”, as required, is the exploitation of vulnerabilities of the system, such as the injection of packages, the manipulation of user sessions or avoid the limitations imposed by identity or device, allowing to alter the balance of the process in a buried form and without generating visible alerts for the end user.
It also warns of organized campaign phenomena of “Crowdturfing”, a massive digital mobilization modality in which social networks, forums or applications are activated to induce votes in seconds, combining social engineering techniques with deep links, hidden automation and emotional polarization strategies.
In addition, it warns that geographical or temporal imbalance can be a key alert signal. Thus, when a region suddenly multiplies the expected volume of votes, or if anomalies are detected in the response times of the system, “the possibility of a synthetic activity or a malicious intervention can be considered.”
In this context, Lazarus recommends having solid mechanisms of verification and integrity of the records, since, in the absence of strong encryption, blockchain technology or other digital sealing systems, it is possible to “alter results without leaving an apparent mark.”