Up to 20 percent of Americans will cast votes on electronic systems without a paper trail during this election. Photo by adimas/via Adobe
Huge. Deplorable. Hombre. When America looks back on the long journey to Election Day 2016, a number of words will come to mind. But one may ultimately rise above the rest: hacking.
Hackers set the tone for the final 100 days of the election, starting with the pilfered emails of the Democratic National Committee that were released by Wikileaks in late July. Aside from spurring the resignation of DNC Chairwoman Debbie Wasserman Schultz on the eve of the convention, the leak established a precedent for reporting on stolen digital information in the election, as U.S. officials fingered Russia as the likely backer behind the hacks.
Cybersecurity analysts say this tenor, combined with vulnerabilities in electronic ballots, make hacking a major possibility on Election Day. So if election hacking does happen, here’s what it may look like.
Digital doubt
Up to 20 percent of Americans will cast votes on digital systems without a paper trail during this election, according to analysis by the Brennan Center for Justice. This minority within the electorate, plus the fact that digital voting is managed on a state-by-state basis, means a nationwide takedown of Election Day is unlikely.
“America doesn’t have one monolithic national voting system the way there is in other countries,” Pamela Smith, president of Verified Voting, wrote in a recent op-ed for The Hill. “We have thousands of them, operating under state and local supervision.”
But there are enough weak spots peppered around the country to distill doubt if multiple incidents occur, said James Scott, senior fellow at the Institute for Critical Infrastructure Technology.
Five states — New Jersey, Delaware, Georgia, Louisiana and South Carolina — will cast votes on digital systems without leaving a paper trail. The same applies to several jurisdictions in battleground states like Pennsylvania and Ohio.
Cyber vulnerabilities exist in all of these locations. Most revolve around the age of the machines and their software. The Brennan Center report estimated 43 states will use voting machines in 2016 that are more than 10 years old. Many of these devices contain outdated software — think Microsoft Windows XP or older — without security updates. Meanwhile, the mainframes of other machines are guarded by easy-to-pick padlocks or by no barrier at all.
“With the kind of stealth and sophistication that’s already out there, why wouldn’t a nation-state, cyber-criminal gang or activist group go into election systems that are completely vulnerable?” Scott said. He offered the example of the energetic bear hack, wherein attackers deposited malware on websites intended for software updates for energy companies. The perpetrators infiltrated energy grids and petroleum pipeline operators across U.S. and Europe and went unnoticed for three years.
Given many states and counties use electronic ballot systems provided by a small number of vendors, a similar ploy used on voter machine manufacturers could manipulate several polls at once. Plus, much of this voting technology is proprietary, so forensic auditors couldn’t independently scrub for and detect malicious software, especially given such code might delete itself after Election Day, Scott said.
Yellow buttons and bad math
Election hacking raises visions of a hooded figure on a laptop remotely tapping into a voter machine to artificially boost tallies. But in truth, most remote attacks on individual machines are tricky because many devices aren’t directly linked to an internet connection.
However, in-person manipulation is possible. Some machines are vulnerable, due to accessible ports where a hacker could plug a laptop or smartphone to add fake votes. The Sequoia AVC Edge machines feature a yellow “Activate” button on the back that can allow user to enter multiple ballots at a time. Nevada has employed these systems statewide, while Louisiana did the same with early voting without backup paper records.
Sequoia electronic voting machine. Photo by Joe Raedle/Getty Images
“It’s the technical equivalent to stuffing a voter box,” Scott said. “You can tap that as many times, for as many votes as you want to give the person.”
To exploit the tactics, a perpetrator would need access to a voter machine for an extended period of time, which is possible given background checks for election officials and poll workers aren’t a national requirement.
Another target is the facility or database where votes are counted. “You have to look at attacks at the intermediate stages, where there are computers tabulating results from around a state or a county,” Max Kilger, a social scientist and cybercriminal profiler at the University of Texas at San Antonio, told the PBS NewsHour.
Some counties use devices that collect and calculate results at once, such as the AccuVote TS and TSX voting machines. But the software for these popular machines lack basic cybersecurity, like encryption or strong passwords.
An AccuVote electronic scanning machine used for counting the votes during the New Hampshire primary election at a high school in Nashua, New Hampshire in 2008. Photo by Ramin Talaie/Corbis via Getty Images
Harri Hursti, a Finnish computer programmer, famously exposed this vulnerability among voting machines in Leon County, Florida, as part of a series of studies on digital election infrastructure. He showed the “Hursti Hack” — tampering with the machine’s memory cards in person or over a remote internet connection — could add or subtract hundreds of votes for a candidate. Some experts believe this tactic may have been partially responsible for the voting irregularities witnessed in Florida during the 2000 election.
In this year’s election, these two AccuVote systems will be used without paper trails statewide across Georgia, in 16 Florida counties, in 16 Pennsylvania counties and elsewhere in the nation, according to the ICIT. Similar inside-job intrusions could knock out check-in software or other electronic systems related to wait times at polling stations.
Calling Debbie from Bloomington
The biggest cyber breaches to influence Tuesday’s events may have occurred months ago and involved voter registration data.
Over the summer, cyber assailants launched separate attacks on the voter registration databases in Arizona and Illinois. The Arizona breach compromised the personal information of 3 million voters, though investigator did not find evidence that the hackers removed the data. However, perpetrators in Illinois did escape with the names, addresses and contact details for 200,000 voters in Illinois. In August, the FBI’s Cyber Division issued an alert stating foreign hackers had infiltrated state election systems, though their bulletin did not specifically mention the incidents in Arizona and Illinois.
Marketplaces for voter registration data have sprouted on the Dark Web over the last year, according to an election hacking report from the ICIT. Prices vary, but one listing offered 0.5 Bitcoins ($300) for a single state’s database. Sell in bulk, and one could earn 12 Bitcoins ($7,200).
While identity theft is a concern, Scott said the primary way hackers might exploit these stolen records is via a misinformation campaign.
“They can call the voters to change the location of their polling stations,” Scott said, citing a Colombian hacker who used such tactics to manipulate elections in nine countries across Latin America.
Dyn, the sequel?
Three weeks ago, a siege on Dyn, an internet infrastructure company, caused web outages across much of the U.S. The weapon of choice was a DDoS attack, wherein assailants overloaded Dyn’s servers with massive waves of phony traffic.
DDoS attacks pose a threat to centralized election servers. In 2014, hackers attempted to crash Ukraine’s election commission website on the eve of a parliamentary election.
Luckily, state independence with voting practices and decentralization of electorate data serves as a buffer against DDoS volleys. A cybercriminal would need to flood multiple polling stations for an effective DDoS attack, which become inefficient. However, a strike against a computer where regional votes are tabulated could delay election reporting.
How will you know?
Luckily, ballot stuffing is improbable, Smith said, even with electronic voting because “every jurisdiction conducts reconciliation procedures to ensure that the number of voters who signed in to vote squares with the number of votes tallied.”
This safeguard means the election will ultimately hinge on counted votes. So, hacks that switch or delete selections at polling stations without paper records represent the most insidious manipulation, because those votes would be lost.
Voting systems tend to be cloaked in secrecy, so if a hack happens, the culprits will likely announce it and provide proof. And the signs suggest someone might try. An unnamed Department of Homeland Security official told Politico in late September that at least 20 state elections systems had been probed by hackers. On Friday, Guccifer 2.0 — a hacker with alleged ties to the Russian government — called on others to “monitor the election from inside and inform the U.S. society about the facts of electoral fraud” to prevent Democrats from rigging the vote.
The declarations speak to the primary weapon for election day hacking: doubt. If a fraction of the electronic votes filed at Tuesday’s polls or during early voting come into question, then it opens the door for challenges by political candidates.