How Hackers Could Destroy Election Day

From: thedailybeast.com,  by Shane Harris,  on Aug 3, 2016,  see the article HERE.

Hacking an election

Donald Trump is already warning that the election’s going to be ‘rigged.’ Maybe, maybe not. But hacking the vote—and throwing the country into chaos—is terrifyingly simple.

Stealing and leaking emails from the Democratic National Committee could be just the start. Hacking the presidential election itself could be next, a bipartisan group of former intelligence and security officials recently warned. Whoever was behind the DNC hack also could target voting machines and the systems for tabulating votes, which are dangerously insecure.

“Election officials at every level of government should take this lesson to heart: our electoral process could be a target for reckless foreign governments and terrorist groups,” wrote 31 members of the Aspen Institute Homeland Security Group, which includes a former director of the Central Intelligence Agency and a former secretary of Homeland Security.

That echoes warnings computer security experts have been sounding for more than a decade: that the system for casting and counting votes in this country is also ripe for mischief.

It also appears to mirror the concerns of one presidential candidate.

“I’m afraid the election’s going to be rigged. I have to be honest,” Donald Trump told voters in the key swing state of Ohio this week. Trump has complained before about bias and interference in the Republican nominating process, but this was the first time he claimed that the general election would be targeted.

But the election system in the United States can be manipulated, experts warn, through targeted attacks on its several weak points.

Whether Trump knows that is unclear. But he was priming the pump for Election Night mayhem—and perhaps playing right into hackers’ hands. Voters who have already been told to be on the lookout for shenanigans would be rightly incensed to learn that their votes had been manipulated. And a candidate who merely suggested that the system had been hijacked—without offering any proof—could inflame those passions and spread uncertainty. And God forbid the campaigns wind up suing one another over disputed ballots; the Supreme Court is down a justice, and is tied 4-4 between liberals and conservatives.

It’s hanging chads weaponized,” former National Security Agency official Stewart Baker told NBC, referring to the 2000 election’s paper ballot controversy.

Surely, hackers know that. If someone really wanted to “rig” the election, here are five ways he might do it, from attacking the ballot box to exploiting the raw emotions stoked by a conspiracy-minded candidate.

Intercept the Ballots

Once ballots are cast at a polling place, they’re sent to another location to be counted. And while they’re in transit, they’re vulnerable to tampering—especially if they travel electronically.

Thirty-one states and the District of Columbia allow military personnel and overseas voters to return their ballots electronically, according to Verified Voting, a nonprofit group that advocates transparency and security in U.S. elections. “The election official on the receiving end has no way to know if the voted ballot she received matches the one the voter originally sent,” the group warns.

Some ballots are sent through online portals, which exposes the voting system to the internet. And that’s one of the most dangerous things elections officials can do, because it provides a remote point of access for hackers into the election system.

“Anything that doesn’t absolutely have to be connected to the internet, don’t connect it,” Pamela Smith, Verified Voting’s president, told The Daily Beast. U.S. officials have also given that same advice to the owners and operators of critical infrastructure, such as electrical power grids. Smith and her colleagues recently told U.S. officials crafting computer security guidelines that elections systems should also be treated as vital national assets, and protected as such (PDF).

Some ballots are returned via digital fax or email. And some—bafflingly—are sent via email.

“Without encryption, emailed ballots can be easily modified or manipulated en massewhile in transit from the voter to the local election officials,” David Jefferson, a voting security expert and computer scientist at Lawrence Livermore National Laboratory, warned in a blog post in 2011.

The threat is still real. Jefferson called it “trivial” for someone with a modicum of technical skills to filter out ballots from a particular county or state and “to automate a process to either discard ballots that contain votes she does not like, or replace them with forged ballots that she likes better, all the while keeping the voter’s signed waiver and envelope attachments intact. Such malicious activity would only result in a transmission delay on the order of one second or so.”

Most states that allow voters to return ballots via the internet limit the practice to overseas voters. But in close elections, those votes could make a difference. Alaska is also unique in that it allows anyone in the state to send in their ballots online.

“Marking and sending votes over the internet is my biggest concern,” Smith said. “They could be infected or tampered with. Or something could just go wrong and you couldn’t do a good recount.”

That’s especially concerning in states that allow voters to electronically return their ballots but don’t have paper backups to record how that person actually voted.

Lie to the Voting Machines

This may be one of the trickier hacks to pull off, but potentially one of the most damaging.

Ballot definition files are an indispensible piece of the electronic voting system. They tell a voting booth what precinct it’s sitting in, which races appear on the ballot, the candidate’s relationship to those races, and other essential information that a voter needs to cast his ballot correctly. When a voter touches a candidate’s name on a machine’s screen, it’s the ballot definition file that tells the machine to record that touch as a vote. The file actually defines how the machine sees the ballot.

And how are ballot definition files delivered to the voting machine? In some cases, via the internet. A corrupted ballot definition file could, in theory, tell the machine to count votes for Clinton as votes for Trump, and vice versa.

Such a mix-up has actually happened, though not by design. In a 2006 county election in Iowa, officials were surprised to find a popular incumbent—who’d been in office more than 20 years—losing to a practically unknown 19-year-old college student. When they stopped electronic voting and counted ballots by hand, they saw that the voting machines were miscounting all the races on the ballots.

It turns out that the machines weren’t programmed to know that not every ballot in the county looked alike. Some put one candidate’s name at the top in one precinct, and others changed the order. This is a process known as “ballot rotation,” and it’s meant to avoid favoritism or bias by always having one candidate’s name at the top of the ballot. The machine didn’t know that.

In a hack, the ballot definition file could be corrupted not to recognize this rotation, throwing the whole election off kilter. How badly? In that Iowa race, the voting machines had the incumbent coming in 9th place out of 10 candidates. When officials recounted the ballots by hand, they saw he had actually won.

Target a State with No Paper Trail

Electronic voting machines pose risks. But jurisdictions can minimize them by creating tangible records called voter-verified paper audit trails. Think of it like a receipt that shows the voter how his selection was counted. Audit trails also let election officials conduct a hand-count if necessary. If a hacker changed the votes cast on a machine, the paper trail should tell counters for whom the votes were really meant.

But five states use electronic voting machines with no auditable paper trail—Louisiana, Georgia, South Carolina, Delaware, and New Jersey, according to data from Verified Voting. And seven states use a mix of paper ballots and electronic machines with no paper trail. Among them are the electoral battlegrounds of Florida, Virginia, and Pennsylvania.

Experts say states with no or incomplete audit trails pose a prime target for manipulation. If a hacker altered the vote totals in the machine, not only would there be no paper record to provide an authoritative count, but election officials might not even realize they’d been hacked, because the only record of the vote count would be the compromised machine.

“This is one of those things about paperless, electronic voting that makes it so unusual and problematic. How would you know?” says Smith of Verified Voting.

Voters in Washington state got a taste for this uncertainty in their 2004 gubernatorial election, Smith says. The election results were close—down to 100 votes in some counties—but in places that used voting machines without paper records, the candidates had to just trust that the machines had recorded the votes properly. They couldn’t be recounted by hand.

And in one election in North Carolina the same year, a machine with no paper trail that was used for early voting in a county government office inexplicably stopped counting votes. About 4,500 were irretrievably lost, in a statewide contest that was decided by fewer than 2,000 votes, Smith says.

“In a situation like that, what do you do? They didn’t even have punch cards to hold up,” she said, alluding to the infamous 2000 presidential recount in Florida, where election officials had to visually inspect cards to determine which candidate voters actually cast a ballot for.

Some counties in Florida are using electronic machines now, which were introduced to reduce the likelihood of another recount fiasco. But in Miami-Dade and Broward counties, the scene of so much confusion in 2000, there’s a mix of paper ballots and machines with no paper trails.

Go After Wireless Systems

Machines that can connect to each other or the internet wirelessly are the soft underbelly of election hacking.

In one of the most notorious cases of vulnerable election systems, researchers from the Virginia Information Technologies Agency found that WINVote, a touchscreen voting machine used in elections between 2002 and 2014, including three presidential races, contained wireless cards that would let an attacker “access the WINVote devices and modify the data without notice from a nearby location” (PDF).

The machines communicated with each other using an encrypted wireless system, but foiling it was easy: the password to gain access was “abcde,” which the Virginia researchers charitably described as “weak.”

“With that passphrase it was possible to join to the WINVote ad-hoc network with specialized security workstations and start attempting to compromise the WINVote device’s operating system,” the researchers wrote.

Virginia decertified the machines, and they’re no longer in use. In fact, no state uses WINVote, according to research from Verified Voting. But any election system that uses wireless components at other points in the tallying process is potentially at risk. That includes machines that may have wireless systems that election officials think they’ve disabled, but are actually still turned on. That was the case with WINVote.

Say You Hacked The Vote, Even If You Didn’t

Hackers don’t need to actually hijack a voting machine or ballot software to undermine confidence in election results. Merely the credible claim that an election had been tinkered with could compel a candidate’s supporters to cry foul, particularly if the vote counts are close or if the candidate performed worse than expected.

“If you have a system that’s been shown to have vulnerabilities, even if someone doesn’t attack them, but creates the impression that they might have, in a closely contested election you’ve got a problem,” Avi Rubin, a computer scientist at Johns Hopkins University, and one of the first technologists to warn about vote hacking, told The Daily Beast.

Given Trump’s claims that the system is rigged, and his pattern of inciting supporters, it’s not hard to imagine the nominee seizing on just the claim of foreign hacking as evidence of interference.

“Launching a disinformation campaign on social media, or via text messages, is not challenging. And you only need a small percentage of people [to react] to have results,” John Wethington, a vice president at computer security company Ground Labs, told The Daily Beast. Disinformation can also be used to depress turnout. “Tell them that a particular polling location is closed. Or notify them that the voting machines in a particular area have been compromised,” Wethington said. People might stay away if they think the election is already stacked against them.

Particularly if their candidate tells them so.

~~~~~~~~~~

Like anyone with a computer programming background, I can understand how easily computer input can be manipulated. Programs could easily be modified to affect individual votes, machine totals, precinct totals, etc. in all sorts of ways – not to mention the ultimate gathering of precinct totals into larger groupings. Software code can even delete itself after grand totals are shown. It doesn’t always take direct physical access to accomplish it either. We have to accept that political criminals have a desire to affect elections to their benefit. How then do we combat that?

There is always a leapfrogging of security and hacking. Security fixes a gap that allowed the last intrusion. Hackers find another way in, and security goes to work on that. It’s a never-ending cycle. I believe that while security does need to be as strong as possible, we simply can’t depend on secure accumulation and transmission of votes – there’ll always be some vulnerabilities. I think that the better approach is to provide a voter-based verification of the vote being properly entered – by a hard-copy receipt produced by the machine when the voter indicates that he/she is done.

The receipt must be a computer readable format – like a printed mark-sense card and be readable by the voter to verify that his/her vote was recorded properly. The voter then deposits the vote card into a receptacle before leaving the voting place. That provides a voter-verified audit trail that can be used to verify computer internal totals and the grand totals for the polling place. They can also provide an accurate source for recounts, if necessary.

These electronic voting machines that have no paper trail are worse than pencil-marked paper ballots – at least paper ballots could be accurately recounted.

Don’t forget the old Joseph Stalin quote: “The people who cast the votes decide nothing. The people who count the votes decide everything.” 

Garnet92.

 



Categories: General

Tags:

8 replies

  1. Can electronic vote counting be any more secure than a border without a fence and security to enforce crossings? Or a voting comission that will not require voter identification to verify that a voter is who they say they are, or allowed to vote, or has already voted earlier at the same place or a different place? Without voter identification or validated paper ballots to comfirm/affirm vote counts this country is as vulnerable as any kid amongst schoolyard bullies.

    Like

    • You’re right WT and it’s an appropriate analogy. Those who don’t believe that we’ve had any voter fraud will double-down in November, again displaying their ignorance by also voting for Hillary Clinton – totally ignoring her lies and traitorous activities.

      Like

  2. By no means am I an expert at any of this, but in my Texas county, we vote on electronic pads by touching the ballot and there is no paper trail, so it stands to reason there is plenty of room for tampering or manipulation by any number of interested parties.

    Aside from hacking, we know from history, as recently as 2012, that there’s been plenty of voter fraud. I remember the stories of O’s hoodlums hauling people from mental institutions, by the van loads, to the polling places. There were also the stories of a programmer who was in dire straits for money, that took a bribe to reprogram the machines to insert O’s name instead of Romney’s when votes were cast.

    I’ll never forget the lady in Ohio (?) who worked for the DNC and later admitted to voting for O something like twelve times, and was later sent to jail for voter fraud.
    And remember all the people complaining that they voted for Romney, but when they printed out their ballot, O’s name had been selected??

    My point is that the dems don’t need someone hacking into the various voting systems to manipulate the election – they’re perfectly capable of rigging it to their benefit without the use of hackers. So I think Trump is right to be concerned and probably right to alert the people to it. Think what a difference it would have made if Romney had been more vocal about it.

    Like

    • NC outlawed that type of voting system, I guess five or ten years ago. Elections are managed at the county level, but State law now requires that a method be used which provides a paper trail.

      The reason NC changed its law to require a paper trail is not because there was ever any suggestion that the voting machines were being manipulated or tampered with. It was because we had an election in which a machine malfunction LOST several thousand votes, which had only existed in electronic form. That problem left the outcome of a major close statewide race in doubt (technically), since the number of lost ballots was slightly larger than the leading candidate’s lead.

      That’s the kind of nightmare than nobody in gov’t ever wants to see. So they made sure it couldn’t possibly happen again, by requiring that voting machines leave a re-countable paper trail. In the worst case, the paper ballots & receipts can always be counted by hand.

      Here’s a pretty good article, which mentions the NC switch to systems which generate a voter-verifiable paper trail:
      http://www.theblaze.com/stories/2012/11/01/why-are-some-states-dumping-their-electronic-voting-machines-and-going-back-to-paper/

      Like

      • That was a wise move by NC – all states should deem an asap implementation of DREs with verifiable paper trail a high priority. That case where 4K votes were lost in a race that was decided by some 2K votes is referenced in the article. That instance should have been a wake-up call for the entire country, but it’s not only that possibility, we can’t even get an accurate, true recount without the paper trail. Merely comparing electronic totals doesn’t guarantee anything except that the hacker (if there was one) was smart enough to affect all levels of totals equally – that’s the point; you have no way of knowing.

        Like

    • Kathy, you and I both know that IF there is a way to alter an election outcome, the democrats either invented or discovered it. They are the gold standard when it comes to stealing elections – remember Al Franken in Minnesota in 2008? It sounds like your system is similar to the one I vote on. Without a verifiable paper trail – our votes could: 1) be counted properly or, 2) completely ignored and deleted – on a system like ours, all you can do is balance machine totals against the accumulated ones – but if they’ve both been “adjusted,” how does anyone know?

      With a paper trail, the hard-copy ballots can be balanced against machine totals, and they’d better agree.

      It’s true that the dems will use any/all methods to affect the outcome to benefit them – bet on it.

      Like

  3. 1. “Once ballots are cast at a polling place, they’re sent to another location to be counted….”

    Not in the 21st century. In most cases, the ballots are counted by machine, at each precinct polling place, as they are cast. There are generally observers from both major parties present. The ballots are then secured in locked boxes, and delivered for storage at a secure location, in case a recount is needed.

    2. ““The election official on the receiving end has no way to know if the voted ballot she received matches the one the voter originally sent [electronically],” the group warns.”

    Nonsense. Electronic encryption is a mature, robust technology. It’s the only reason online commerce is even possible. Of course, if a State doesn’t require use of proper encryption & digital signature technology, that would invite trouble. But it is certainly wrong to say that there is “no way to know” if the ballot is unmolested.

    3. “When a voter touches a candidate’s name on a machine’s screen, it’s the ballot definition file that tells the machine to record that touch as a vote….”

    Up-to-date voting systems, like North Carolina’s, aren’t dependent on a touchscreen recording a vote properly. Either the voter casts a paper ballot (typically optical mark-sense), or the machine produces a paper receipt that is shown to the voter, and then stored in a locked box, just like a paper ballot would be. The result is a “paper trail,” which allows recounting the votes, even by hand. (Typically, recounts are automatically triggered in close races.)

    Like

    • Thanks for your thoughtful and reasoned comment, Dave. While I don’t claim to be an expert on DREs (Direct Recording Electronic voting machine), I am an interested observer. I don’t disagree with any of your points except that I don’t have the level of confidence that you have in the transmission of even encrypted data via the Internet.

      We see the hacking of all sorts of electronic systems (including banks and credit card companies) almost daily and recognize that most of those hacks are done for some form of monetary gain. The hacking of our election systems could yield something far more valuable – the control that accompanies the presidency or a congressional position.

      Frankly, I wouldn’t trust either/any of our political parties to exclude election fraud as one of their “tools.” There’s so much riding on the outcome of our national elections that I wouldn’t rule out a political party expending vast sums of money to assure that an election turns out “their” way. They could avail themselves of the very best and brightest hackers to do their bidding and pay them a king’s ransom to do so.

      Therefore, I’m not willing to place my confidence in ANY form of vote recording short of a DRE with a voter verified paper trail. And of course, that also includes all of the usual physical security measures already in place.

      My own state (Texas) uses a mix of paper ballots and DREs WITHOUT the voter verified paper trail – a “hacked” election just waiting to happen. I felt more comfortable with my precinct’s old system of punched cards.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: