Pierluigi Paganini August 12, 2016

Is it possible to hack voting machines? According to cyber security experts, it is possible due to the use of outdated systems.

The recent attacks against the DNC and Hillary Clinton‘s server raised the question about the cyber security of entire US election machine.

Speaking at the Aspen Security Forum, Lisa O. Monaco, homeland security adviser, admitted that the US Government might soon have to consider whether the electoral system as “critical infrastructure,” to be protected.

“I think it’s a serious question,” she said, especially if there is “coercion, destruction, manipulation of data.” Ms. Monaco noted that whenever the United States thinks about retaliation, “the danger of escalation and misinterpretation is such that we have to be responsible for it.” But she also said that if an event were serious enough, “we have to be very clear we will respond.”

Threat actors, such as nation-state hackers and hacktivists, represent a serious threat to the next Presidential elections.

A cyber attack can cause the leakage of sensitive information that could influence the elections or in the worst scenarios hackers can compromise voting systems.

The ranking member of the Senate Homeland Security Committee sent a letter to the Department of Homeland Security, expressing concerns about the situation and saying that “Election security is critical, and a cyberattack by foreign actors on our elections systems could compromise the integrity of our voting process.”

Let’s focus on a cyber attack against voting machines, is it feasible? Which is the potential impact?

According to the CBS News that analyzed the problem with the support of experts, roughly 70 percent of states in the US currently use some form of electronic voting. Hackers told CBS News that problems with electronic voting machines have been around for years. The machines and the software are old and antiquated.

According to a report published by the Brennan Center for Justice, voting systems are vulnerable to cyber attacker due to their age.

More than 40 states are using old voting machines there are at least 10 years.

The CBS, citing hackers, confirmed that the voting machines are antiquated so it is reasonable to believe that hacker will have any difficulties in hacking them.

“Hackers told CBS News that problems with electronic voting machines have been around for years. The machines and the software are old and antiquated. But now with millions heading to the polls in three months, security experts are sounding the alarm” reported the CBS News journalist Mireya Villarreal.

Donald Trump has expressed in different public occasion his concerns for the risk that the election could be rigged, and voting machines could be a privileged instrument to breach the voting systems of the Presidential Election.

“I’m afraid the election is going to be rigged, I have got to be honest,” Trump said to his voters recently.

How to hack voting machines?

Experts at Symantec Security Response explained that it could be quite easy to manipulate a voting machine by using an affordable device easy to find online.

Ill-intentioned voters could hack the voting machines directly from the booth using a $15device.

“I can insert it, and then it resets the card, and now I’m able to vote again,” said Brian Varner, cyber security researcher at Symantec, while showing the device to the CBS New correspondent.

“For $15 and in-depth knowledge of the card, you could hack the vote,” 

The Symantec Security Response director Kevin Haley has exactly the same opinion on the possibility of hacking voting machines, the expert explained that hackers can compromise the machines after the votes are collected.

“The results go from that machine into a piece of electronics that takes it to the central counting place,” Haley told CBS News. “That data is not encrypted and that’s vulnerable for manipulation.”

“How big of a hacking potential problem is this?” Villarreal asked him.

“Well, there’s a huge potential,” Haley responded. “There are so many places in the voting process once it goes electronic that’s vulnerable.”

The good news is that even is the voting machine very old and outdated, they need to meet specific government standards.

“Our voting systems are heavily regulated. They’re tested both before and after. There are paper trails everywhere…by in large, I would say the American election system works very well,” said Denise Merrill, president of the National Association of Secretaries of State.

It it true?

CBS News reported that according to its sources, 60 percent of states routinely conduct audits post-election by checking paper trails. Clearly, in those states where there are nopaper records the impact of a cyber attack on voting machines could be devastating.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – voting machines, hacking)

[adrotate banner=”13″]