3 nightmare election hack scenarios

Hackers could target e-voting machines' software update systems or simply try to delegitimatize the election

The question on the mind of many voting security experts is not whether hackers could disrupt a U.S. election. Instead, they wonder how likely an election hack might be and how it might happen.

The good news is a hack that changes the outcome of a U.S. presidential election would be difficult, although not impossible. First of all, there are technology challenges -- more than 20 voting technologies are used across the country, including a half dozen electronic voting machine models and several optical scanners, in addition to hand-counted paper ballots.

But the major difficulty of hacking an election is less a technological challenge than an organizational one, with hackers needing to marshal and manage the resources needed to pull it off, election security experts say. And a handful of conditions would need to fall into place for an election hack to work.

Many U.S. voting systems still have vulnerabilities, and many states use statistically unsound election auditing practices, said Joe Kiniry, a long-time election security researcher.

"With enough money and resources, I don't think [hacking the election] is actually a technical challenge," said Kiniry, now CEO and chief scientist at Free and Fair, an election technology developer. "It’s a social, a political, and an infrastructural challenge because you'd have a medium-sized conspiracy to achieve such a goal. Technically, it’s not rocket science."

Kiniry, in an interview earlier this year, called the U.S. voting system "ripe for manipulation," fueled by a divided nation. "The state of the infrastructure is terrible, and we have a terrible political climate and a lot of money sloshing around," he said.

Still, a couple of conditions would need to be in place for hackers to change the outcome of a U.S. presidential election.

First, hackers would need a tight national election where hacking the results of one or two swing states could change the results.

Remember, the U.S. president isn't elected by the national popular vote, but through the Electoral College, where each state gets a number of votes based on its population. 

The bad news is the current presidential campaign is shaping up to be a tight race, with Republican Donald Trump and Democrat Hillary Clinton running neck-in-neck in more than a dozen states as of late September.

This year's race may mirror the razor-thin 2000 and 2004 victories by Republican George W. Bush. In 2000, Democrat Al Gore won the popular vote, but Bush won Florida’s 29 Electoral College votes in a squeaker, leading to an Electoral College victory of 271 to 267.

In 2004, had Democrat John Kerry won Florida or Ohio, he would've been elected president instead of Bush.

The good news is that there's still time for one candidate to pull away and allay fears of a hacked election. And many recent elections haven't been close enough to raise concerns.

President Barack Obama won in the Electoral College by healthy margins in 2008 and 2012. The 1972, 1980, 1984, 1988, 1992, and 1996 presidential elections were also relative blowouts in the Electoral College.

A second condition needed for a hacked election is an available attack vector. Unfortunately, most election security experts don’t have a hard time imagining one.

Fifteen states still use outdated electronic voting machines without attached printers, which can be used to audit their internal vote counts. More than half of the states are still using these direct-recording electronic machines or DREs, with or without attached printers, and many voting security experts say both types of DREs have vulnerabilities.

Among the states using DREs without paper trails are potential swing states Pennsylvania, Virginia, and Florida. Those states don't use DREs statewide, so hackers would have to research the jurisdictions where DREs are still being used.

Potential swing states using DREs with attached printers in some or all jurisdictions: Ohio, Nevada, Wisconsin, and North Carolina.

The U.S. has more than 5,000 voting jurisdictions, noted Douglas Jones, a computer science professor at the University of Iowa. "Some run very tight ships, but some are sloppy," he said by email. "Because they're all at least a bit different, you'll need to pick a jurisdiction that is vulnerable and where the number of votes you can steal is enough to make a difference."

Finally, hackers would need the resources to pull off a major election system breach. They would probably need a small to medium-size team, significant funding, and the organizational discipline to keep the hack secret. A leak of a hacked election could lead to criminal charges and would almost certainly turn public opinion against the winning presidential candidate. News of a hacked election could damage the winning candidate’s political party for decades.

"A medium-sized conspiracy might be able to hack one or two swing states," said Jones, who has researched voting-machine security. "To swing a close state, it might be sufficient to swing just one medium or large-sized county."

With the number of voting jurisdictions in the U.S., "it is quite likely that you'll need a small team to hack each jurisdiction you select even if they run the same voting machines, because of the differences in election administration," he added. "So the size of your conspiracy -- and your risk of exposure -- grows with the number of counties you attack."

Still, there’s been evidence this year of outside hackers, like Russian teams, trying to raise doubts about the U.S. election. "If you're a state-level player with national-scale resources, you can set up multiple teams," Jones said.

If those conditions are all in place, here are three hacking scenarios:

1. An attack on DREs that depends on physical access in the weeks leading up to the election.

This attack would involve hackers actually infiltrating election teams or depending on poor physical security surrounding voting machines. In the years of the DRE rush following the 2000 election, many voting security experts showed a host of vulnerabilities that depended largely on physical access to the machines.

This is a potential attack vector that would likely involve a fairly large number of sneaky conspirators who don’t get caught.

Given all those potential problems, this attack is probably unlikely. It’s an "unsophisticated version" of an election hack, said Free and Fair's Kiniry.

2. An attack on DREs during software updates. This is a more likely scenario than No. 1. While DREs aren’t supposed to be connected to the internet during an election, many DRE models get software updates through network connections.

A lack of an internet connection on Election Day does not make DREs "immune to internet hacking," because of their election management systems [EMSes], Jones said. A "clever hacker" could inject malware into DREs during the process used to load ballots and other election configuration information, he said.

The basic pre-election checks in many states might not find the malware, he added. "Malware can be made that triggers only on the first Tuesday after the first Monday of November in an even-numbered year," he said. "Malware can be made to trigger only if the polls are open for longer than six hours. Malware can be made to trigger only if the machine is used by more than 25 voters."

Unplugging DREs from the internet is a "red herring," Kiniry added. "The threat vectors on DREs and similar equipment -- as shown many times by security researchers -- are manifold," he said. "Installing malware in an EMS over the 'Net and then having that EMS infect a ballot definition file written on a USB stick or DVD is totally a thing."

3. Finally, the goal of some hackers may be to raise doubts about the election results, instead of swinging the election for one candidate. This is is the scariest potential attack because the hackers would need to compromise just one election system in one jurisdiction, and it wouldn't need to be in a swing state or affect the outcome of the election.

With recent attacks on the Democratic National Committee, some U.S. law enforcement authorities have accused Russian hackers of trying to influence the election. Republican Trump has suggested that if he loses in November, the election will be "rigged."

A close election is needed for hackers "only if you are looking to actually change the outcome," Kiniry said. "If all you want to do is cast doubt on the outcome, it doesn't matter if it is a landslide for Clinton or a squeaker for Trump, you just do a hack or two and reveal it to the media after-the-fact."

Hackers could also tamper with election registration lists to raise questions, Jones added. Or they could release forged emails that make it appear the election was hacked.

"If I were Vladimir Putin or the kind folks in North Korea, I wouldn't really care who won the election, what I'd want to do is delegitimize the election," he added. "To do that, you don't need to successfully hack it, you just need to create the widespread impression that it has been hacked."

Join the CSO newsletter!

Error: Please check your email address.

More about BushNews

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts