Security consultants have been demonstrating that it’s simple and affordable to hack voting machines recently. Cyber security firms like Symantec and Crowdstrike have confirmed that hacking a voting machine is a fairly simple process, costing about $15 online and requiring only moderate knowledge.
“I can insert it, and then it resets the card, and now I’m able to vote again,” Symantec researcher Brian Varner told CBS News. The hacker doesn’t even need to leave the voting booth – and monitoring the actions of someone casting a vote is illegal, to preserve the voter’s right to cast a secret ballot.
“For $15 and in-depth knowledge of the card, you could hack the vote.”
Crowdstrike CEO George Kurtz told CNN Money a similar story. His firm was hired to investigate by the Democratic National Committee after the email leak that shook the party.
“There’s not even a doubt in my mind that there are other actors out there that have yet to be found. I’m sure there will be other hacks that come out over the course of this election and certainly beyond that.”
Kurtz called the DNC leak a watershed moment, suggesting that it was only the tip of the iceberg. He says that his firm has been fielding calls from Washington non-stop as politicians try to come to grips with the unprecedented threat of hackers trying to manipulate or subvert the American political process.
Before we go into complete panic mode, it’s important to note that 75 percent of America’s votes are still cast on good old-fashioned paper, which is notoriously difficult to hack, and many of the electronic voting machines that are in place still print a paper ballot after the vote is cast, leaving a paper trail to follow in the event of electoral fraud. But five states – Georgia, Delaware, Louisiana, South Carolina, and New Jersey – now use electronic voting machines which leave no auditable paper trail, and those machines function based on something called a “voter access card” that voters receive before entering the polls. Additionally, CBS News found that only 60 percent of states with paper trails even audited their poll results after the fact.
And while the voter access card is designed to be used once per person, it’s also designed to be reused by multiple voters – and that is where it’s vulnerable to attack although hackers must have access to the access card ahead of time. Unfortunately, that’s certainly not impossible if one has access to one of the precinct officials who hold the cards.
“I can probably put about 400 votes in myself in less than a couple minutes and the poll workers would be none the wiser,” said Varner, demonstrating the hack at the Las Vegas “Black Hat” conference.
Symantec Security Response director Kevin Haley added that the votes could also be tampered with by hacking into the machines after the votes are collected.
“The results go from that machine into a piece of electronics that takes it to the central counting place. That data is not encrypted and that’s vulnerable for manipulation.”
“There are so many places in the voting process once it goes electronic that’s vulnerable.”
Brennan Center for Justice researcher Christopher Famighetti added that the age of the voting machines was part of what made them vulnerable; most electronic systems receive security updates almost daily, but the Brennan Center “found that more than 40 states are using voting machines there that are at least 10 years [old].”
The Election Assistance Commission was quick to offer assurances that all electronic voting systems were kept up-to-date and rigorously tested for compliance with security standards. But security experts appear to be demonstrating that no electronic system is especially safe.
[Photo by Tim Boyle/Getty Images]