After Russian state security personnel were accused of hacking the Democratic National Committee, the possibility of outsiders manipulating the American political process became a reality. With the reliance on computers to collect votes, report results, communicate campaign strategies, and coordinate voter registration activities, the electoral process has new vulnerabilities. In addition, rogue countries aren’t the only threats; insiders are also capable of manipulating election results. Here are six ways that elections can be hacked.
1. Hacking Into Electronic Voting Machines
Cybersecurity firms such as Symantec and CrowdStrike have confirmed that hacking a voting machine is fairly simple, costing about $15 online and requiring basic to intermediate skills, according to an Inqusitr article. About 25% of America’s votes are cast using electronic voting machines. Five states—Georgia, Delaware, Louisiana, South Carolina, and New Jersey—use machines that don’t provide a paper trail for verification if results are inaccurate, according to the same Inquisitr article. CBS News found that 40% of states with paper trails never audited their results.
2. Hacking Voter Registration Databases
Malicious insiders or outsiders can delete voter registration forms to prevent people from voting, or they can switch a piece of information used for verification of a voter’s identity. If any information is inaccurate at the voting booth, including address or phone number, then the person isn’t eligible to vote. Many voters across the country, including in New York and California, reported that their registrations were changed without their permission. Kelly Tolman Curtis shared this post about how her voter registration status changed three times online in the span of just a few days.
3. Leaking Sensitive Voter Data
Regulations such as the Payment Card Industry Data Security Standard (PCI DSS) mandate the strict protection of sensitive personal financial information. But none of these standards apply to voter sensitive information, including addresses, telephone numbers, and credit card information used for donations.
Since December, hundreds of millions of voters in the U.S., the Philippines, Turkey, and Mexico have had their data left unprotected on the web. In some instances, malicious hackers are suspected of pilfering the data for criminal purposes.
Fifty-five million registered voters were at risk by the Philippines data breach alone, according to security firm Trend Micro, potentially surpassing the Office of Personnel Management data breach, which affected 20 million people.
4. Hacking Into Email Servers
Since hackers broke into the DNC’s servers several months ago, revealing embarrassing details about the committee’s inner workings, email servers are known to be potential targets. If email servers of political candidates and their committee members are hacked, there could be a whole lot of mudslinging by publicizing private information discovered in hijacked emails. In addition, emails could be used to share voter registration information and other sensitive data. Hackers could also take over email accounts of candidates and send inaccurate or embarrassing communications.
5. Shutting Down The Voting System Or Election Agencies
In addition to the vulnerabilities of individual voting machines, the whole network of communications between more than 8,000 jurisdictions of varying size and authority could be hacked. Hackers could use a distributed denial-of-service (DDoS) attack to disable back-end servers in order to deny access to voters, and to interfere with the reporting of election results. Similarly, so they could also launch DDoS attacks against local, state, and federal election agencies to disrupt activities to increase voter participation, including last-minute phone calls and coordinating rides to the voting booths.
6. Committing Insider Fraud
Although the thought of rogue nations taking over and influencing election results has received huge headlines, there is always the threat that someone closer to home can do the tampering. The New York City Board of Elections suspended an official without pay amid allegations that at least 120,000 names were purged from voter rolls in Brooklyn before the presidential primaries.
After cyber attacks on financial institutions, policies and technologies were implemented to minimize the risks, including regulations for control of personal data such as PCI DSS. Government leaders at the local, state, and federal level, who are responsible for the electoral process, must consider doing the same. But this won’t be easy because there is no single national body that regulates the security or even the execution of what happens on Election Day; it’s a process that’s managed by each individual body. This has to change, and one organization needs to take responsibility for the integrity of the elections. If we are willing to go to war to make the world safe for democracy, how far are we willing to go to protect democracy at home?