We know Russia has the ability to infiltrate our electoral system.
We know there are hi-tech hackers the world over with the ability to get into just about anything.
Put them together, and what do we have?
An electoral system more easily susceptible to garden-variety hacking than we may have previously assumed.
That is the conclusion we come to now after scores of computer hackers descended on Voter Hacking Village at Defcon in Las Vegas last weekend.
The “village” assigned voter machines was given 30 machines to allow hackers to uncover flaws in our electoral technology.
And it took them 90 minutes to successfully break into each one.
According to a piece in CNET:
“In the time it takes to sit through The Emoji Movie, you could break into the WinVote machine through its Wi-Fi system, like DemTech’s investigator Carsten Schürmann did on Friday. DemTech is a research project that’s been looking at voting technology in Denmark…He used a Windows XP exploit from 2003, which the voting machine never patched, and got remote access. That meant he could change the votes from anywhere.”
Months before Defcon, Synack, a San Francisco-based security platform, discovered myriad system flaws with the WinVote machine.
Particularly vulnerable were two open back USB ports. The team simply plugged in a mouse and keyboard, and switched the voting software to standard Windows XP by pressing “control-alt-delete,” the same command we all use to force close programs.
Synack co-founder Jay Kaplan told CNET:
“It’s really just a matter of plugging your USB drive in for five seconds and the thing’s completely compromised at that point. To the point where you can get remote access. It’s very simple.”
One hacker was able to rig a machine to play Rick Astley’s song “Never Gonna Give You Up” after he accessed the Windows XP side of the AVS WinVote machine and installed Windows Media Player on it.
In one study, Synack discoved a Virginia poll worker hacked a machine to play Minesweeper.
Once a voting machine had been hacked, it could be reset to its default state for the next person to try breaking into it as well.
A hacker known only as “Oyster,” whose team tried to break into a Diebold machine, cited a positive aspect to hackers’ findings.
He said:
“I hope that we find a load of vulnerabilities in these just so we can open it up to the public to see how serious the problem is.”
Synack intern Anne-Marie Hwang concurred:
“Hacking it is good because it’s able to inform politicians and people in Congress about what they should do with voting machines. If no one ever hacked them, we might be still using things like this.”
In June, we learned through a defense contractor’s leaked documents to The Intercept that Russia hacked a Florida voting equipment vendor and sent spear-phishing emails to over 100 local election officials up until days before election day.
The Obama administration was aware this occurred and was so alarmed, it actually contacted the Kremlin over the so-called “red phone”- a secure messaging channel for communicating urgent messages and documents – to provide details of Russia’s role in election meddling, and to warn attacks risked precipitating a larger conflict.
Eric Schultz, a spokesman for former President Barack Obama, said:
“Last year, as we detected intrusions into websites managed by election officials around the country, the administration worked relentlessly to protect our election infrastructure. Given that our election systems are so decentralized, that effort meant working with Democratic and Republican election administrators from all across the country to bolster their cyber defenses.”
Investigators in Illinois last July uncovered evidence cyber intruders attempted to delete or alter voter data. Hackers accessed polling software and a campaign finance database in at least one state.
Ken Menzel, general counsel for the Illinois board of elections, stated a state board of elections contractor detected unauthorized data last year. Hackers had evidently gained access to Illinois’s voter database containing names, birth dates, genders, driver’s license numbers, and partial Social Security numbers for fifteen million people, half of whom were active voters, resulting in over 90,000 records being compromised.
Former Homeland Security Secretary Jeh Johnson last August expressed a desire to declare state election systems national critical infrastructure, which would provide the federal government broader powers to intervene.
Republicans refused.
In June, former FBI Director James Comey warned Congress during his highly televised Senate Intelligence Committee hearing that Moscow is not through meddling with the American electorate:
“They’re coming after America. They will be back.”
There isn’t much time. Election day is only three months away.
And don’t forget the 2018 mid-term elections.
Featured image from YouTube video.
