Hackers Demonstrate Election Vulnerabilities

Some Machines Penetrated Within Minutes

In a matter of minutes over the weekend, a band of self-styled computer nerds demonstrated how voting machines similar to those used in hundreds of precincts across the U.S. can be manipulated to produce wildly inaccurate vote totals.

Through wi-fi connections, homemade plastic keys similar to those issued to precinct workers on Election Day, and other cyber trickery, some hackers at the annual DEFCON convention in Las Vegas also unearthed old election returns from machines that vendors or election officials insisted had been wiped clean. Others showed off an ability to bore into voter registration records.

“The exposure of those devices to the people who do bug bounties or actually look at these kind of devices has been fairly limited,” Brian Knopf, an internet of things security researcher for Neustar, a security analysis company, told CNET.com. “And so DEFCON is a great opportunity for those of us who hack hardware and firmware to look to these kind of devices and really answer that question, ‘Are they hackable?'”

Concerns about voting machine vulnerability have mushroomed in recent months as the nation’s 17 intelligence agencies concluded that hackers backed by the Russian government attempted to penetrate voting systems in 21 states and achieved their objective in at least two states during the 2016 election.

Authorities insist there’s no evidence that Russian hackers were able to alter vote totals but Jake Braun, a panel moderator at the conference who advised the Department of Homeland Security on cybersecurity during the Obama administration, said there is no way to be sure about that

“The bad guys can get in… I’m not suggesting votes were switched or voters were deleted from voter files, but the point is the security is so lax and so bad that they have no way of going back and doing the forensics and saying one way or the other,” Braun asserted.

The DEFCON demonstration was intended to bolster the case – long made by Common Cause and other election integrity advocates – for state election administrators to purchase voting systems that create a voter verifiable paper record of each ballot cast. The paper records can be audited to ensure that machine-generated totals are accurate.

“Even where there are paper ballots, most ballots haven’t been checked to see if there was any hacking or intrusion, so even if security people didn’t see any outside hacking occurring on Election Day, things could have been attacked earlier,” said Barbara Simmons, board chair of Verified Voting, a nonprofit group that tracks voting issues.

Simmons said election security upgrades could be implemented nationwide for $500-600 million, or about 0.15 percent of the $3.9 trillion federal budget.

###