Modern field guide to security and privacy
A voter left the booth after casting her ballot in the Pennsylvania primary in Philadelphia.
Charles Mostoller/Reuters | Caption

Opinion: Think hackers will tip the vote? Read this first

In the final stretch of the presidential campaign, there's growing concern hackers could strike on Election Day. But while there are concerns about cybersecurity at polling places, altering an election is another matter altogether.

 

The US election system is a massively complex tangle of technology. And some of it is insecure.

It's rife with internet-based entry points, full of outdated infrastructure, cluttered with proprietary software from a random assortment of vendors, and lacks any standardized security safeguards.

In all, it's a recipe for disaster. But if a malicious hacker really set out to manipulate the election, how would they actually do it and what could they really accomplish?

The most obvious target seems to be internet-enabled voting, currently used in 32 states. But, these systems aren't what you think of when you hear "internet-enabled." 

They tend to be systems for distributing ballots that voters print out on paper, sign, and then email or fax back to the state authority for counting.

But emailing and faxing ballots introduces some problems. On a technical level, faxes and the emails used in internet voting aren't encrypted. 

That means states are passing ballots around the open internet. If an attacker is able to compromise any point along the way, they might intercept completed ballots.

So, not only does this system do away with any notion of secrecy, it also ignores any modern understanding of cryptographic security.

I'd much rather see online voting systems with built-in encryption. And that's not a complex undertaking. Many websites currently use HTTPS, an encrypted protocol, to avoid leaking important things such as credit card numbers and passwords. That's a good place to start for completed ballots.

Hard targets 

But launching a full-scale attack on these systems wouldn't be easy. First, attackers would need to target online voters (a small minority) who are scattered in various jurisdictions.

Then, once the vulnerable voters are identified, attackers would need to wait for the polling place to transmit those votes. While that kind of attack could work on one person, or a single location, it would be difficult to pull off at any meaningful scale.

Alternatively, an adversary could invent an entirely new population of phantom voters, register them to vote remotely, and stuff the ballot box with fake votes. That's possible, but highly improbable. 

So, what about servers

The easiest way to target servers that collect online ballots is with a distributed denial of service, or DDoS, attack that overwhelms a website with traffic. A totally compromised server could enable attackers to alter or destroy votes in a much sneakier way, and an attack like this could potentially avoid detection until after the election.

But this sort of attack would be pretty obvious to system maintainers, and I suspect polling administrators would quickly switch back to relying on the mail. Remember, online systems aren't intended for use on Election Day, rather they merely collect absentee ballots.

On the bright side, however, this kind of attack appears possible for only five of the internet-enabled voting states. Only Alabama, Alaska, Arizona, North Dakota, and Missouri have a so-called internet portal. 

And none of those states are battleground territories. So, regardless of their security posture, attacking these portals isn't likely to sway the election. If Florida or Pennsylvania had one of these portals, I'd be more worried.

Voting machines

No electronic voting machine is bulletproof when it comes to cybersecurity. But if an adversary needs to physically visit voting machines in order to fiddle with results, then he or she would need a whole lot of bodies in a whole lot of polling places in order to make an impact.

Don't get me wrong, attackers could rely on wireless networking or sophisticated antennas. But even with ideal placement and transmission power, bad guys would need to be within sight of a polling place to conduct practical attacks on a Wi-Fi-enabled voting machine.

While remote attacks are possible, it's not like someone could affect voting from another country. They'd more likely need to be parked outside the polling place. So, although Wi-Fi voting machines are a terrible idea, they don't appear to be an existential threat to democracy at the time being.

Voter information

Rather than attacking ballot-issuing and ballot-counting systems, attackers have more attractive targets. Voter records, for example, are tempting to cybercriminals since they contain enough personally identifiable information (PII) to kick off identity theft and identity fraud attacks at a much larger scale.

Unfortunately, some of these data sets have already been compromised. Almost 200 million voter records were accidentally leaked late in 2015, and the FBI warned in August that some state voter databases have also suffered breaches.

Altering voter registration records is a big deal since such attacks can affect voter turnout. While that's not what's being reported today, such an attack could not only nudge election results one way or another, but also raise serious questions about the integrity of the democratic process.

Even though rare, voter fraud has become a hot political issue. Any attack on voter records could trigger complaints about a rigged election and undermine confidence in the entire system. 

Perceptions matter 

Alarmingly, hacking elections may not involve the actual compromising of ballots or vote counting at all.

Just imagine that someone decided to take down a couple of voter information websites. Would this technically interfere with the election process? Maybe, if some people were trying to find the address for their polling place.

The obvious effect, though, would be to create the impression that the election is under attack, raising concerns about the credibility of the voting process and casting doubt on the results. 

Solutions for securing the vote 

Technology may be making elections more convenient and efficient, but that same technology can introduce new risks and it needs to be accounted for. 

State election boards or commission should test their systems ahead of Election Day in November. They should even try attacking their own systems to discover what's possible, and what can help defend their systems.

If you are a voter who is concerned about election hacking, local election officials should be able to tell you how they are dealing with potential cyberthreats. And if you really want to help, volunteer at the polls on Election Day.

Tod Beardsley is a senior security research manager at Rapid7. Follow him on Twitter @todb.