How hackers eroded Americans' trust in democratic process
Even if hackers don't strike on Election Day, the drumbeat of cyberattacks and leaks this campaign cycle has affected the way citizens view the electoral process.
—Even if hackers don't actually try to tamper with voting Tuesday, the unprecedented amount of cyberattacks this campaign cycle – and the public warnings of possible Election Day digital fraud – has already had a profound impact on American democracy.
Consider this: In the wake of widespread hacks against political organizations this summer, a survey from cybersecurity firm Carbon Black found that 38 percent of Americans are "concerned" that the election itself could be hacked, while another 18 percent are "very concerned." Just 11 percent of respondents said they were "not concerned at all."
These fears of digital sabotage, apparently, led 1 out of 5 respondents to say they might not even vote.
If that's representative of the entire electorate, it means that some 15 million people could stay home Tuesday – as a result of a hacking campaign the Obama administration has blamed on Russia.
After an unknown group or person known as Guccifer 2.0 claimed responsibility for the hack on the Democratic National Committee this summer, the Department of Homeland Security and the Office of the Director of National Intelligence blamed senior Russian officials for orchestrating the breach as part of a broader effort to sway American public opinion and undermine trust in the election.
But the high-profile accusation didn't quash Guccifer: It resurfaced once again over the weekend to hint at more Election Day tampering: "I will monitor that the elections are held honestly. I also call on other hackers to join me, monitor the elections from inside and inform the US society about the facts of electoral fraud."
While election and cybersecurity experts dismissed that claim as hyperbole, it may be a "last-ditch effort" to sway the vote or deter people from heading to the polls, Justin Fier, director for cyber intelligence and analysis with security firm Darktrace, told PCWorld. "His goal during all this time has been public influence."
Warnings that voting booths might be hacked have certainly put state election officials on alert for any abnormalities Tuesday. DHS officials say they've spoken to all 50 states about providing help with scanning their systems for risks and offering other services, but wouldn’t detail the assistance specific states had received.
But even if foreign hackers can't compromise actual voting systems, the internet campaign to spread fear of vote hacking and manipulation may be enough to have a major impact on public trust.
Daniel Chiu, deputy director of the Brent Scowcroft Center on International Security at the Atlantic Council, noted that since Republican candidate Donald Trump and others are claiming the election could be rigged, hackers don't need to actually strike on Tuesday to discredit the vote. "Merely a credible claim of doing so could compel voters to cry foul and undermine the legitimacy of the vote both at home in the US and abroad," said Mr. Chiu.
To be sure, successfully compromising voting machines would be difficult, say experts.
"The US election landscape is made up of approximately 9,000 different state and local jurisdictions, providing a patchwork of laws, standards, processes, and voting machines," noted Ian Gray, cyber intelligence analyst at the firm Flashpoint, in a blog post today. "This environment is a formidable challenge to any actor – nation-state or not – who seeks to substantially influence or alter the outcome of an election."
But that's probably not Russia's aim, he said. "Russia can most likely achieve a more reliable outcome with fewer resources not by attacking the election infrastructure directly, but rather by organizing a disinformation campaign attacking confidence in the election itself."
Some experts say that mere reports of possible Election Day hacking on social media, blogs, and in mainstream news outlets could fuel post-election challenges to the results.
"If you lose faith in the process, then what? There could be appeals for months," said Ben Johnson, chief security strategist at Carbon Black. "There could be appeals for months. We need to have enough integrity and transparency in the process so people are comfortable that the election wasn't tampered with."
State officials are on guard for any potential signs of tampering. "There's a heightened awareness and a heightened concern," said Karen Jackson, Virginia Secretary of Technology. "If you're paying attention to cybersecurity, then election systems are just one of the systems you're paying attention to anyway."
The idea of nameless, faceless hackers or foreign spies disrupting the election, clearly, is a major concern on Tuesday. But it's not just a cyberattack that could have an impact, she notes. "Somebody could pull a fire alarm. All of those things have the power to disrupt the voting process."
Staff writer Jack Detsch contributed reporting.