Yes, US Voting Machines Are Vulnerable To Hacking

Uploaded on 2016-10-28 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

It's not a hypothetical security problem and Russian hackers have already successfully undermined democratic processes in Ukraine. 

In 2014, as Ukraine prepared for a crucial vote to decide the Presidency, government cyber experts found Russian hackers had breached its election computing infrastructure.

The hackers knocked out the entire system that tallied the votes. The attack was detected and repaired, but then, just as the vote results were about to roll out, a virus was found that would have called the election for radical nationalist Dmytro Yarosh.

In reality, Dmytro Yarosh received 0.7% of the vote.  The virus would have forced the election software to declare him the winner with 37% to Petro Poroshenko's 29%. One Russian media outlet reported those numbers anyway.

Poroshenko won the election by a wide margin, but it was a narrow victory over the hackers.

Hackers Look West

When Dan Wallach testified before the US House Committee on protecting the 2016 US Presidential election, he cited the Russian attack in Ukraine as a precedent and a warning. "Like the Ukrainians in 2014," he said, "we face similar vulnerabilities today."

Dan Wallach is a computer security expert at Rice University who specializes in electronic voting systems. For years, Dan and a group of computer science colleagues have been raising the alarm about the hackability of US electronic voting machines.  

"It's unfortunately easy to compromise the machines to tamper with the votes.", he’s said.

He says it's been a problem for years. But this year is different. US security experts and the FBI believe Russian actors are behind last summer's hack on the Democratic National Committee, as well as the hacked e-mails from the Clinton campaign published by Wikileaks a week ago.

"A foreign nation state appears to have a strong interest in the outcome of our election," Dan Wallach said on CBC Day 6. "And as a security engineer researcher I see it as my obligation to do my best to prevent that."

Paper Comes Back

The touch screen voting machines that Wallach and his colleagues have been flagging are still in use, but they are in decline.  Reports of lost votes and long lines at the polls eroded the public's trust in the technology.

"All of the touch screen voting machines that are in use today in the US were analyzed about a decade ago in state commission studies in California, Ohio and Florida," Wallach says.  "And what we found then is still true today … these machines have unacceptable security."

"It's unfortunately easy to compromise the machines to tamper with the votes," Wallach says. He was asked if they are more vulnerable than a personal smartphone.

"The issue," he said, "is comparing voting machines to paper, right?  It's incredibly difficult for a hacker on the other side of the planet to change a piece of printed paper."

A printed ballot in lieu of a purely electronic transaction could make the difference between an attempt to steal the election and a full scale theft.

Wallach has been involved in designing voting machines that have both an electronic interface and a printed tally, which would help officials reconstruct a vote if the poll were compromised.

Databases Are Vulnerable

But even if voting were done exclusively with paper and pencils, a malicious attack could still disenfranchise millions. "The top of my concerns is that the voters show up at the polls and their names aren't in the voter registration system," says Wallach. He says hackers could create chaos by removing groups of voters from the database, targeting them using the same demographics as social scientists.

"Somebody from overseas can do the same thing. They can say, people in this neighborhood are likely to vote this way, people in that neighborhood are likely to vote that way. Let's remove just these people from the rolls and that could create long lines and a giant mess trying to disentangle it on Election Day." 

Wallach says the threat of destabilization is galvanizing to all Americans. "The notion that it's not a hypothetical security problem but rather it's something that is being actively attacked by a foreign adversary, no matter what your partisanship, no matter who you prefer for President, you want the next American President to be elected by the American people."

CBC

 

« Europol Warning: Crypto-Ransomware Threat
Smartphone “Video Jacking” From Power Sockets »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Reed Smith LLP

Reed Smith LLP

Reed Smith LLP is an international law firm with offices in the USA, Europe, Middle East and Asia. Practice areas include Information Technology, Privacy & Data Security.

Institute for Critical Infrastructure Technology (ICIT)

Institute for Critical Infrastructure Technology (ICIT)

ICIT is a leading cybersecurity think tank providing objective research, advisory, and education to legislative, commercial, and public-sector cybersecurity stakeholders.

Kapalya

Kapalya

Kapalya empowers businesses and their employees to securely store sensitive files at-rest and in-transit across multiple platforms through a user-friendly desktop and mobile application.

HSB

HSB

HSB offers insurance for equipment breakdown, cyber risk, data breach, identity recovery & employment practices liability.

InterGuard

InterGuard

As the pioneer for Unified Insider Threat Prevention and productivity monitoring tools, InterGuard offers on premise and SaaS-based services that are easily available and affordable.

Voxility

Voxility

Voxility provides Infrastructure-as-a-Service in the biggest Internet hubs in the world.

Aurora Systems Consulting

Aurora Systems Consulting

Aurora is a Cybersecurity solutions provider with a portfolio consisting of security consulting, products and services that proactively prevent, secure and manage advanced threats and malware.

EYE Security

EYE Security

EYE provides enterprise-grade cyber security services and cyber insurance to SMEs in Europe, Cyber Incident Response and strategic advice in board rooms.

Fluid Attacks

Fluid Attacks

Fluid Attacks specialize in red team operations as well as technology development that continuously enhance our security testing services.

LogicalTrust

LogicalTrust

LogicalTrust security testing specialists find the weakest points in your company and show you how to fix them step-by-step, as well as how to improve your security.

Saepio Solutions

Saepio Solutions

Saepio promote an all-encompassing approach to cybersecurity, ensuring the appropriate balance of budget and resource across Policy, Product and People.

JFrog

JFrog

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime.

LogicBoost Labs

LogicBoost Labs

LogicBoost Labs has the expertise, experience, funding and connections to make your startup succeed. We are always interested in new ways to change the world for the better.

Profian

Profian

Profian’s hardware-based solutions maintain your data's confidentiality and integrity in use, providing true confidential computing to meet regulatory and audit requirements.

Securadin

Securadin

Securadin - Defending Your Data Security. We will assist you in learning how to maintain the confidentiality, integrity, and availability of your organization's assets.

Nihka Technology Group

Nihka Technology Group

Nihka offers full end-to-end ICT solutions from business optimisation, data centre modernisation, cloud connection and management, and ICT security.