Yes, US Voting Machines Are Vulnerable To Hacking

Uploaded on 2016-10-28 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

It's not a hypothetical security problem and Russian hackers have already successfully undermined democratic processes in Ukraine. 

In 2014, as Ukraine prepared for a crucial vote to decide the Presidency, government cyber experts found Russian hackers had breached its election computing infrastructure.

The hackers knocked out the entire system that tallied the votes. The attack was detected and repaired, but then, just as the vote results were about to roll out, a virus was found that would have called the election for radical nationalist Dmytro Yarosh.

In reality, Dmytro Yarosh received 0.7% of the vote.  The virus would have forced the election software to declare him the winner with 37% to Petro Poroshenko's 29%. One Russian media outlet reported those numbers anyway.

Poroshenko won the election by a wide margin, but it was a narrow victory over the hackers.

Hackers Look West

When Dan Wallach testified before the US House Committee on protecting the 2016 US Presidential election, he cited the Russian attack in Ukraine as a precedent and a warning. "Like the Ukrainians in 2014," he said, "we face similar vulnerabilities today."

Dan Wallach is a computer security expert at Rice University who specializes in electronic voting systems. For years, Dan and a group of computer science colleagues have been raising the alarm about the hackability of US electronic voting machines.  

"It's unfortunately easy to compromise the machines to tamper with the votes.", he’s said.

He says it's been a problem for years. But this year is different. US security experts and the FBI believe Russian actors are behind last summer's hack on the Democratic National Committee, as well as the hacked e-mails from the Clinton campaign published by Wikileaks a week ago.

"A foreign nation state appears to have a strong interest in the outcome of our election," Dan Wallach said on CBC Day 6. "And as a security engineer researcher I see it as my obligation to do my best to prevent that."

Paper Comes Back

The touch screen voting machines that Wallach and his colleagues have been flagging are still in use, but they are in decline.  Reports of lost votes and long lines at the polls eroded the public's trust in the technology.

"All of the touch screen voting machines that are in use today in the US were analyzed about a decade ago in state commission studies in California, Ohio and Florida," Wallach says.  "And what we found then is still true today … these machines have unacceptable security."

"It's unfortunately easy to compromise the machines to tamper with the votes," Wallach says. He was asked if they are more vulnerable than a personal smartphone.

"The issue," he said, "is comparing voting machines to paper, right?  It's incredibly difficult for a hacker on the other side of the planet to change a piece of printed paper."

A printed ballot in lieu of a purely electronic transaction could make the difference between an attempt to steal the election and a full scale theft.

Wallach has been involved in designing voting machines that have both an electronic interface and a printed tally, which would help officials reconstruct a vote if the poll were compromised.

Databases Are Vulnerable

But even if voting were done exclusively with paper and pencils, a malicious attack could still disenfranchise millions. "The top of my concerns is that the voters show up at the polls and their names aren't in the voter registration system," says Wallach. He says hackers could create chaos by removing groups of voters from the database, targeting them using the same demographics as social scientists.

"Somebody from overseas can do the same thing. They can say, people in this neighborhood are likely to vote this way, people in that neighborhood are likely to vote that way. Let's remove just these people from the rolls and that could create long lines and a giant mess trying to disentangle it on Election Day." 

Wallach says the threat of destabilization is galvanizing to all Americans. "The notion that it's not a hypothetical security problem but rather it's something that is being actively attacked by a foreign adversary, no matter what your partisanship, no matter who you prefer for President, you want the next American President to be elected by the American people."

CBC

 

« Europol Warning: Crypto-Ransomware Threat
Smartphone “Video Jacking” From Power Sockets »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

C3IA Solutions

C3IA Solutions

C3IA Solutions is an NCSC-certified Cyber Consultancy providing assured, tailored advice to keep your information secure and data protected.

DataGuidance

DataGuidance

DataGuidance is a platform used by privacy professionals to monitor regulatory developments, mitigate risk and achieve global compliance.

Information Security Systems (ISSCOM)

Information Security Systems (ISSCOM)

ISSCOM provide services to help companies implement Information Security Management Systems (ISMS) by providing consultancy and hands-on assistance.

Security Stronghold

Security Stronghold

Security Stronghold is focused on protecting computers from malicious programs like viruses, Trojans, spyware, adware, trackware, keyloggers and other kinds of online threats.

Magic Software Enterprises

Magic Software Enterprises

Magic provide Mobile Device Management (MDM) for Secure Enterprise Mobility. Magic MDM overcomes the challenges of mobile device management security by protecting all of your devices, data and content

Oodrive

Oodrive

Oodrive is the first trusted European collaborative suite allowing users to collaborate, communicate and streamline business with transparent tools that ensure security.

Insta Group

Insta Group

Insta are a trusted cyber security partner for security-critical companies and organizations.

Elastic

Elastic

Elastic is the world's leading software provider for making structured and unstructured data usable in real time for search, logging, security, and analytics use cases.

Scientific Cyber Security Association (SCSA)

Scientific Cyber Security Association (SCSA)

The main goal of Scientific Cyber Security Association is the development of scientific and practical directions of cyber security.

ePlus

ePlus

ePlus designs and delivers effective, integrated cybersecurity programs centered on culture and technology, aimed at mitigating business risk and empowering digital transformation.

Semmle

Semmle

Semmle's code analysis platform helps teams find zero-days and automate variant analysis. Secure your code with continuous security analysis and automated code review.

ISTC Foundation

ISTC Foundation

ISTC Foundation is one of the leading innovation centers in Armenia, founded by joint initiative of IBM, USAID, Armenian Government and Enterprise Incubator Foundation.

Lupovis

Lupovis

Lupovis is an AI-based deception solution that deploys active decoys turning your network from a flock of sheep to a pack of wolves where the hunter becomes the hunted.

Sterling Information Technologies

Sterling Information Technologies

Sterling is an information security, operational risk consulting and advisory group. Our Advisory services help to safeguard information assets while supporting business operations.

Velstadt Cybersecurity

Velstadt Cybersecurity

Velstadt's team of experienced professionals works on identifying vulnerabilities, analyzing threats, and developing strategies to ensure the highest level of security.

MOBIA Technology Innovations

MOBIA Technology Innovations

MOBIA is a leading Canadian business transformation partner, helping businesses across industries evolve.