Top Six Ways Hackers Could (have) Disrupt(ed) an Election

From the Huffington Post: Top Six Ways Hackers Could Disrupt an Election <read>

Our own headline emphasizes that we have no reason to believe that these risks only apply to future elections. There is no reason to believe that some or all have not been used in past elections. From the article:

Hacking just a few electoral districts could allow an attacker to swing an election in a close race. The U.S. has had close elections multiple times in the past. In 1960, John F. Kennedy squeaked out a victory over Richard Nixon by just 0.1%. In the 2000 presidential election, the decision came down to just a few votes in Florida. In the end, the Supreme Court had to determine the winner.

The election system is particularly vulnerable because it involves a combination of state, local, and federal government agencies with their own systems, software, hardware, and security protocols. Often, government departments are running old “legacy” computer systems that are extremely vulnerable to malware and hacking; and even if they have new systems, these are often put into place without a comprehensive security audit and performance review.

Who exactly is in charge of securing these overlapping networks isn’t always clear in government either…

  • According to Verizon’s 2015 Data Breach Investigations report, the public sector has the highest rate of “crimeware” infections of any industry sector…

If foreign governments can hack into U.S. government and defense systems, why would anyone think that foreign interests couldn’t also hack into U.S. elections? It’s important that we start talking about these risks because a “hack attack” could happen sooner than we think. Fixing this won’t be easy which is why we need to start preparing/safeguarding now!

The author lists his top six risks:

  1. Hack a voting machine

  2. Shut down the voting system or election agencies

  3. Delete or change election records

  4. Hijack a candidate’s website

  5. Doxing a candidate

  6. Target campaign donors

Just this week we understand that the Connecticut voter registration system was down for a day – a day when registrars were attempting to print party voter lists on the last legal day for party caucuses.  This year the Legislature said that same system could be used for voters to register during Election Day Registration (EDR) – if we got used to relying on that system and it failed on its own or with a little help from hackers – in a large turnout election, it could result in long lines and turned away/turned off voters!  In fact, that system is used today by officials on election day for EDR and for checking voter registrations when issues arise with the lists in pollbooks.

Another potential hack not mentioned would be attacking a local elections website.  A hacker could change polling place locations, switch polling places and streets between polling places.  Or simply knock out the web, preventing voters from obtaining polling place information on election day.

Of course, all these risks also apply, even more strongly to Internet voting where there are no paper backups to survive system failures, for audits, and for recounts.


Leave a Reply

You must be logged in to post a comment.