Attacks/Breaches

10/17/2016
07:50 AM
Carson Sweet
Carson Sweet
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Hacking Voting Systems: A Reality Check

Can democracy be hacked? Yes, but not in the way you might think.

Can the national election really be hacked? Anything is possible, but the likelihood of votes being changed is far lower than other methods of thwarting a fair and complete vote. First, we need to clarify the word "hacked." If you’re hacking the vote, what are you trying to achieve?

An attacker might try to influence the outcome of the voting process by compromising voting machines — something that’s improbable but not impossible. It would also be an extremely costly, high-risk, and incredibly complicated endeavor that would have to be executed flawlessly without detection within a very short window.

However, we’re not out of the woods. Attackers have lower-risk, lower-cost ways to influence the outcome of an election than trying to rewire voting machines to change votes.

Let’s have a look at what it would take to hack the vote, and then consider the other possibilities.

Current US Voting Infrastructure
Most voting technology in use today is either fundamentally paper-based or uses a paper backup to direct recording electronic (DRE) systems. Doing a bit of research, one can learn that about 14% of electoral votes are in swing states where some percentage of voting machines are DRE without a paper backup — specifically Florida, Virginia, and Pennsylvania. But even in those cases, some paper ballots and DRE with paper backups are in use. Only one state, Louisiana (which has eight electoral votes), uses DRE with no paper backup at all. This means that irregularities in vote counts, either by compromising the voting machine or election management software (the "back end" to voting machines), would be recognized in spot checks or manual verification counts, which many states still perform.

Hacking into Voting Machines
Physical access to a voting machine is usually needed to compromise it. Replacing a chip in a voting machine with "seven minutes and a screwdriver" has been demonstrated, but from the practical perspective of an attacker, the number of machines and types of machines would be prohibitive to meaningful subversion.

As of this writing, there are over a dozen voting machine manufactures worldwide, each having multiple versions of multiple products. A broad compromise of the voting system would require a large number of different compromises being developed for each version of each vendor product in use, and then having a person with a screwdriver and seven minutes to get to a critical mass of them.

The devices themselves could be better (e.g., meeting FIPS standards for the physical security of critical cryptographic devices) but in the context of Election Day, the physical security of voting systems is very tight and the machines are protected with tamper-detecting seals. The cost, logistics, and risk of failure are very high. And then there's getting all your cronies to keep their mouths shut about it — and good luck there.

So the voting process is safe and sound, right? 

Not exactly.

Is Democratic Doomsday a Possibility?
If I were somehow swayed by a mind-control device to develop a strategy for hacking the vote, my approach would be to disrupt voting in the swing states and other key voting areas by compromising online voter databases well before the election. Federal law requiring voter records to be unified online actually make this easier for an attacker because there's only one place to go per state (for instance, California's VoteCal system).

Ponder what would happen if an attacker were able to separate physical signatures from the voter records. Or perhaps randomly scramble the last six digits of someone's Social Security number. Or mark a significant number of voters as deceased. Or some combination of the above tactics, along with others.

If done too broadly, this would cause pandemonium at a voting site. But with the right amount and consistency, blame could land on bad administration or voters who misregistered. By invalidating the ability for my opponent's voters to cast their ballots, I could significantly and broadly disrupt voting and their overall voting count. Let's face it...have you logged in to verify that all your voter registration data is correct?

So, is the esoteric scenario of foreign agents infiltrating voting sites nationwide in the first hours of Election Day a probability? No.

Is our voting system safe? Also no.

We're not on the brink of democracy's digital implosion, but we have a lot of work left to do. In any case, it's about much more than just the voting machines, so let's not get myopic and lose track of the bigger picture.

Related Content:

 

Carson Sweet is co-founder and chief technology officer for CloudPassage. As founding CEO, Carson led the team that created Halo, the patented security platform that changes the way enterprises achieve infrastructure protection and compliance. Carson's information security ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ted90
50%
50%
ted90,
User Rank: Guru
10/21/2016 | 9:59:53 AM
192.168.1.1
was looking for this information, add your site to your favorites!
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/17/2016 | 4:07:57 PM
Just because it's hard...
Just because it may be hard doesn't mean it isn't/hasn't been happening.  There are numerous reports of machines that HAVE been so compromised and have behaved erratically in favor of or actively against various candidates.

That said, it is spot on to observe that the less techy/non-tech sides of our voting systems are so fraught with social-engineering vulnerabilities that really the whole thing is a mess.
Equifax CIO, CSO Step Down
Dark Reading Staff 9/15/2017
Cloud Security's Shared Responsibility Is Foggy
Ben Johnson, Co-founder and CTO, Obsidian Security,  9/14/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.