You should be worried about the November election. Not so much that the candidates you support won’t win, but about the risk that the “winners” may not really be the winners, due to hackers tampering with the results.
Or, that even if the winners really are the winners, there will be enough doubt about it to create political chaos.
This is not tinfoil-hat conspiracy theory. The warnings are coming from some of the most credible security experts in the industry.
Richard Clarke, former senior cybersecurity policy adviser to presidents Bill Clinton and George W. Bush, wrote recently in a post for ABC News that not only are US election systems vulnerable to hacking, but that it would not be difficult to do so.
“The ways to hack the election are straightforward and are only slight variants of computer system attacks that we see every day in the private sector and on government networks in the US and elsewhere around the world,” he wrote, adding that, “in America’s often close elections, a little manipulation could go a long way.”
Dmitri Alperovitch, cofounder and CTO of CrowdStrike, said the risks of hostile hackers seeking to tamper with the US election is not only possible but likely.
"Adversaries of all types – nation-states, hacktivists and even criminal hackers-for-hire could be taking steps right now to manipulate the election," he said. "CrowdStrike is currently defending the networks of a number of organizations in the political sphere against these types of intrusions."
And Bruce Schneier, CTO of Resilient Systems and internationally known blogger, author and security guru, said in an interview on Boston’s WGBH radio last month that because the companies that make electronic voting machines aggressively guard their proprietary information, “we don’t actually know how secure these machines are. But the worry that they can be hacked is serious."
Princeton professor Andrew Appel and various students and colleagues have been demonstrating how serious for at least 15 years, especially since the spread of electronic voting machines took off in 2002, following the Bush v. Gore ballot disputes in Florida.
They have focused particularly on a design called Direct Recording Electronic (DRE), which Schneier describes as, “like an ATM,” and most of which create no paper trail.
Appel and one of his students demonstrated that they could hack into one of the more popular machines in minutes. Dan Wallach, who worked with Appel as a student and is now a computer science professor at Rice, recently told Politico, “these machines, they barely work in a friendly environment.”
Schneier and Clarke say they are not aware of cyber attacks in previous elections that changed the results. But Schneier noted that uncertainty about the credibility of election results could cause major political problems.
An election, he said, has two main purposes. “One is to pick the winner, the other is to convince the loser that he lost, fairly,” he said. “And if you don’t do the second, you risk the transition of power. So even if nothing happened, let’s say Wednesday morning someone said, ‘I hacked the vote.’ We can’t prove it, we can’t disprove it. We don’t know.”
And Tom Patterson, chief trust officer at Unisys, said hackers could undermine the credibility of elections without directly tampering with vote totals. “They include simple denial of service – blocking citizens from voting – to privacy breaches,” he said.
Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology, agreed. “Many of us are much more worried about attacks that don't seek to flip votes but instead disrupt elections or cause chaos in general,” he said.
“For example, an attack that selectively dropped entries from a voter registration database based on party affiliation would cause all of those voters to be considered unregistered, so even their provisional votes would be unlikely to count without consulting backups of the database.”
Indeed, just this week the Washington Post reported that US intelligence and law enforcement officials are probing what they believe is a major covert Russian operation in the US, not necessarily to tamper with actual voting, but to "so public distrust" in the results.
An unnamed official was quoted saying that, “even the hint of something impacting the security of our election system would be of significant concern. It’s the key to our democracy, that people have confidence in the election system.”
It is widely known, of course, that there have been multiple hacks of organizations connected to the impending election – Schneier noted that they include the campaign of Democrat Hillary Clinton, the Democratic National Committee (DNC) and the Democratic Congressional Campaign Committee (DCCC).
Other cases are suspicious but less certain. “Certainly we’ve seen candidates’ websites go down the night before an election, we’ve seen Get out the Vote campaign web sites and coordination systems fail,” Schneier said. “Is it a glitch or enemy action? We don’t know.”
But all that, along with a recent “flash” alert from the FBI’s Cyber Division that foreign hackers penetrated two state election databases (Arizona and Illinois), has drawn attention at the top levels of government. President Obama made an issue of it in his recent meeting with Russian President Vladimir Putin. Democratic presidential nominee Hillary Clinton called the potential of Russian interference in the election a serious threat that should be confronted immediately.
It also prompted Homeland Security (DHS) Secretary Jeh Johnson to suggest that the nation’s voting systems should be considered “critical cyber infrastructure.”
Johnson held a conference call on Aug. 15 with state election officials, in which he offered DHS help in making those systems more secure.
Whether that will make any difference two months before the election is dubious. As numerous experts note, while there is wide consensus that US voting systems are vulnerable, nobody knows for certain how vulnerable.
“Election administrators are trained to run elections, not defend computer systems,” said Hall. “The voting systems we use in many cases don't keep the kind of evidence one would need to detect an attack, let alone recover from it without disruption or loss of votes.”
There is not nearly enough time to patch voting systems anyway, since there are actually 50 elections, run by more than 8,000 jurisdictions in the 50 states. As Schneier noted, each has, “different rules, all run by different organizations, without any coordination or minimal coordination, so there’s not a lot the federal government can do except oversee.”
In some ways, that might seem to be an advantage, since it would be much more difficult to hack 8,000-plus different systems than one standardized system.
But, as is also obvious, it doesn’t require tampering with every system to change the results of an election. It could be done by just making minor, perhaps undetectable, changes to votes in a few key precincts in a few swing states.
“If the vote is as close as in 2000, it could be very easy by essentially targeting a jurisdiction where the vote is expected to be close and actually changing a few votes,” Hall said. “This could be especially easy for states like Maryland that will likely allow very liberal internet voting, which is horrifically insecure.”
And election officials have had decades of warnings that they have essentially ignored, from people like Appel and his colleagues.
Schneier said on WGBH that security experts have been talking about it for 20 years. Hall said hacking projects nearly a decade ago in California and Ohio found that, “all the machines examined had deep, deep vulnerabilities that could be used to change votes, disrupt elections, and violate ballot privacy. We have no indication that those flaws have been fixed, and in many cases they're still out there,” he said.
That doesn’t mean those running the nation’s election systems are entirely helpless, however.
Among the recommendations from experts:
- Voting machine should not be connected to any network, including local area networks (LANs), Wi-Fi, the Internet and virtual private networks (VPNs).
- Require all voting machine to create a paper copy of each vote and keep them filed and secure for at least a year. At present, only about 80 percent of voting machines are backed up by paper copies.
Appel, in a blog post, wrote that the results reported through DRE voting, “are completely under the control of the computer program in there. If the computer is hacked, then the hacker gets to decide what numbers are reported.”
- Conduct a sampling verification audit within 90 days on a statistically significant level by professional auditors to compare the paper ballots with the electronic results recorded.
- Eliminate internet voting. According to Schneier, “this is the worst – the biggest disaster.” Hall agreed. Until the Internet is more secure by design, “Internet voting should be entirely banned for government elections,” he said.
Of course, nothing is entirely bulletproof. Kevin McAleavey, cofounder and chief architect of the KNOS Project and a malware analyst, noted that social engineering attacks can easily overcome the barrier of an air-gapped system.
“The risk is more with insiders happily clicking on an email attachment and installing something malicious,” he said. “That's pretty much how it's done everywhere these days.”
McAleavey said most of the recent breaches of campaigns, voter roll lists and other confidential information were, “done with malware planted by an unsuspecting, authorized user of the systems who got phished and clicked on the bait.”
Clarke, in his recent post, emphasized that there is “no evidence that such hacking has ever taken place in the US or that it is about to occur.
“What we do know is that it could happen,” he said. “There is nothing to stop it from happening in many parts of the country, and there is not even an effort to see if it is happening.”