Vulnerabilities / Threats
10/24/2012
11:16 AM
50%
50%

Election 2012 Hacking Threat: 10 Facts

Election technology has improved since the 2000 presidential election "hanging chad" debacle, but new and old threats may put your vote at risk.

What's the risk? Simply put, large numbers of voters could be disenfranchised from voting if a hacker reassigned their voting precinct to another one located across the state, requiring them to either travel to the other precinct, or to fill out a provisional ballot. Either way, that could prevent the state resident from voting in local, or in some cases even Congressional, elections.

Voting rights groups hadn't been paying attention to how such systems were created. "We thought, 'How badly could you mess that up?' Well, we learned," Rebecca Wilson, co-director of non-profit group Save Our Votes, told The New York Times, which first reported the story of the Maryland and Washington security vulnerabilities. "Now, anyone in the world can write a computer program that commits absentee ballot fraud on a mass scale."

Of course, any election-related system that's connected to the Internet is potentially at risk of being hacked. "If big, Internet-based companies like Yahoo, LinkedIn, or Sony can fall to hackers, then, yeah, big government databases and local authorities who actually administer the election process can be hacked," Stephen Cobb, security evangelist for ESET, told Dark Reading. "I'm somewhat surprised it hasn't happened yet."

9. Voting Legitimacy At Risk

Beyond overt hacking, another way that elections can be compromised--and trigger related lawsuits from irate voters--is if voters don't believe that their votes were accurately recorded. Furthermore, according to a June 2012 poll conducted by Rasmussen Reports, half of U.S. voters don't think elections are fair to voters.

"There are two purposes to an election: one is to decide a winner, and two is to confer legitimacy upon the winner," said Clear Ballot's Moore. "If a substantial portion of voters don't feel their vote is being legitimately counted, then there's no legitimacy."

Here's how one voter in Texas, in a precinct that uses touchscreen voting systems, sees the problem: "When I vote, the election officials give me a sticker. There are two choices. One says 'I Voted,' the other reads 'My Vote Counted,'" according to an online comment made to the "Risk of E-Voting Meltdown" blog post. "I won't accept a 'My Vote Counted' sticker because I have no faith that it is correct. ... I've looked into early voting, but that's still done with the electronic systems. Absentee voting is done on paper, but under Texas law I'm not eligible to vote absentee unless I spend an entire month away from home."

10. Surveys Could Detect Failures

Changes are being put in place to help detect voting system irregularities, regardless of how they might have been caused. For starters, two-thirds of states will offer many of their residents a way to verify that their votes were correctly captured, if requested, for example by having the system read back the votes they've selected.

Clear Ballot, meanwhile, is currently working with three states--Florida, New Hampshire, and New York--to audit some of their election results, and it hopes that more states will use its technology to provide an independent audit of election results. However they're conducted, audits are essential for spotting breakdowns in the vote-counting process. Norden at the Brennan Center for Justice, for example, has said that "over votes"--when someone has apparently voted for more than one person for the same office--are extremely rare. Accordingly, a spike in over votes, as happened in the South Bronx, most typically indicates a voting machine or vote-counting failure.

Thankfully, audits are on the increase. "This year, officials in half the states will carry out some kind of post-election audit using ... records of voter intent to check the functioning of the vote counting technology in local use," according to the Caltech/MIT report. "Though many of these audits lack robustness at present, enormous progress is being made as states examine more effective and efficient ways to audit."

Previous
3 of 3
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
BGREENE292
50%
50%
BGREENE292,
User Rank: Apprentice
10/28/2012 | 10:11:22 AM
re: Election 2012 Hacking Threat: 10 Facts
This article could benefit by an option to display the article as a single-page.
BGREENE292
50%
50%
BGREENE292,
User Rank: Apprentice
10/28/2012 | 10:10:27 AM
re: Election 2012 Hacking Threat: 10 Facts
This excellent article is extremely timely, particularly since Romney money underwrites electronic voting machine maker Hart Intercivic-- a clear conflict of interest for the company, if not an outright invitation to vote fraud by operators of the Hart Intercivic products.

http://www.nowpublic.com/world...
tryan205
50%
50%
tryan205,
User Rank: Apprentice
10/26/2012 | 1:58:22 PM
re: Election 2012 Hacking Threat: 10 Facts
Regarding the comment about the 2000 Florida vote"...and officials struggled to produce an accurate count of how votes had actually been cast." Actually the Florida officials, Kathleen Harris in particular, did everything in her power to shut off the recounts and hand the election to George W. Bush, accuracy be damned.
Rob B.
50%
50%
Rob B.,
User Rank: Apprentice
10/25/2012 | 6:45:38 PM
re: Election 2012 Hacking Threat: 10 Facts
Um, it's "voter rolls," not "voter roles." There's quite a difference.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.