As election day approaches in the United States, many people are concerned about cybersecurity in polling stations.
It’s almost the same. There are only a few weeks before election day and citizens want to be sure that their votes are registered. Concerns about the purity of the ballot papers are not new and go back to the beginnings of ancient democracy. You may remember the controversy of the 2000 elections and the issue of Chad’s suspension that appeared on the ballot box in Florida.
In the course of the next two decades, we increasingly switched to electronic voting systems as the technology evolved and spread. However, despite the fact that the mechanism of electoral procedures has changed, problems persist. There are many security threats in cyberspace, so what can we say that they cannot affect our voting machines?
There is certainly a lot at stake, and the consequences of a successful attack in November this year can be serious and catastrophic in the short and long term. As a result, the implementation of appropriate security measures in polling stations was a concern for the local, state, and federal authorities. Recently, the issue has received a lot of media attention, so that the public has the right to know how their voice is being treated and how it is being protected.
Since then, have we done enough to prepare adequately and correct previous weaknesses? How safe are the real voting machines from a technical point of view? And what are the chances of a large-scale attack?
Let’s go make hash.
Cybersecurity challenges for the 2016 elections
Finally, the 2016 elections caused many problems in the area of cybersecurity. In this case, the main hostile parties were groups linked to Russia as they attacked the campaigns of the candidates on both sides, checked the databases for the registration of state voters for weaknesses, and disseminated misinformation and propaganda on the social networks.
Over the past three and a half years, we have gradually learned more about what exactly happened, through special service notes, court documents, witness statements, and media investigation reports.
Illinois SQL Database Injection for voter registration
From all, this came good news and bad news. Bad news? Russian hackers gained access to the Illinois voter database and found themselves in a situation where they could theoretically modify or delete voter registration data. The good news is that there was no evidence that they actually did so and that none of the actual votes were changed or removed (either in the voting machine or during data traffic). As explained in 2018, Matt Dietrich, spokesman for the Illinois Electoral Commission,
Many voters were afraid that the Russians would collapse after my election and steal my vote. No votes have changed in Illinois because of what happened two years ago. No attempt has been made to change the votes on this basis.
However, they managed to steal personal information from over 500,000 voters in Illinois, which was not entirely successful. In mid-2009, the Senate Intelligence Committee finally concluded that all 50 states were victims of the elections.
As far as they could do that in Illinois, they used a common method in the field of data, SQL injection. This usually starts when hackers enter certain commands on the website using elements such as web forms or dynamic URLs. For example, instead of entering Mark in the first field of the form name, you would enter a shortcode. This input data enables an intruder to execute SQL commands in the DBMS in order to obtain or manipulate the data of interest. The report of the Illinois researchers indicates that CPU usage has risen to 100% without any explanation. Analysis of the server logs showed that the high load was the result of quick and repeated requests to the database on the request status page of the POVA (online voting request) website.
Voters in Illinois say they have since taken steps to address this type of vulnerability in databases and web applications. Other states have done the same, and in order to further accelerate the process, Congress passed a law to financial security for the 2018 elections of $380 million. The money is not free either and the states will spend most of it before the 2020 elections.
How states integrate today
SecurityScorecard recently published a report that examines the general cybersecurity situation and electoral infrastructure in each state. At first glance, the ratings could have been better. 75% were rated C or less, and 35% D or less. However, as this is a relative evaluation system, the context is important. For example, state C is three times more likely than state A. The D-value is five times higher. Look at the state you’re in there:
Image source : Report on the system of safety indicators State of the States for 2020.
Even more interesting are the average scores achieved in the various safety categories, as can be seen in the following diagram:
Image source : Report on the system of safety indicators State of the States for 2020.
The SecurityScorecard system has identified the most serious potential consequences of these low scores:
- Phishing attempts and the spread of malware via email and other means with the ultimate goal of infecting networks and spreading false information.
- Third-party attacks, as many states normally do.
- Voter registration databases can be influenced (as we have already seen).
Elections Cyber Security Best Practices
Although we have seen an increase in Congressional funding for election security since the last presidential election, these figures prove that additional and sustainable investment is needed. The report suggests some good practices that the Member States should, for example, adapt immediately:
- Creation of websites dedicated to elections in the official domains of the State. It’s better than new areas that may be poorly printed.
- Put together an IT team whose main task is to secure the voters and polling stations.
- Establish a clear line of authority for updating these sites and use a two-person rule so that no one (or more specifically, no set of references) has the authority to make changes.
- Constantly ensure that all election-related assets are protected against cybersecurity and that strict procedures are in place for vendors.
Tampering with a tuning machine
We have seen that databases and election-related websites can be hacked, but what about the voting machines themselves? Punch card voting and optical scanners (for paper ballots) are still in use, but we are switching more and more to electronic director registration systems (DRS). These voice recordings are made via a touch screen or buttons, and the information is transferred directly to your computer, to be stored on your hard disk, a removable memory card, or even printed directly onto the paper. There are of course a few variants, but whatever the medium, they are presented in tabular form and stored in case of a verification or recalculation request.
DEFCON, one of the leading groups of ethical hackers, has in recent years organized its own voting village events to identify and correct vulnerabilities in the voting infrastructure for all types of equipment. They were able to jeopardize everything that was presented to them by carrying out actions such as changing the number of votes, changing the ballot papers shown to voters or changing the internal software for managing the machines.
Voting machineCyber security for the 2020 elections. White-capped hackers working on a voting machine at the DEFCON Voice Village event. The source of the image: The Washington Post
What specific vulnerabilities have enabled them to carry out these malicious actions? Among other things:
- Unlimited number of ports, including USB, RJ45 and CF
- Encryption key for plain text, stored in XML files
- No BIOS passwords, which can change the boot order and other system settings
- Unencrypted hard drives
- Unnecessary software like web browsers and bloatware (on some computers we even found Netflix).
- Standard accessories
If you have the right tools, sufficient access, and sufficient time, almost every machine can be compromised. This also applies to any type of electoral system. According to Avesta Hojati, head of research and development at DigiCert,
Although paper ballot papers are the only way to vote that does not really block, any election can be vulnerable to attack if governments do not guarantee the security of voter data, polling stations, and election communication.
But how serious and realistic are these risks in reality?
Practical Vulnerability assessment of voting machines
But before you worry too much, remember that these tests were carried out under laboratory conditions and did not mimic the conditions in the polling station. Additional votes can (and hopefully will) be cast before the machines are made public on election day.
It’s easy to fall in love with the hype surrounding the events, as happened a few years ago when it was reported that an 11-year-old girl was able to change her voice at a replication site in Florida. Such titles do not tell the whole story and do not contain details about the replica site and its configuration. As the National Association of State Secretaries stated in its statement
Replication of these systems would be extremely difficult because many countries use unique networks and databases with new and updated security protocols. While websites are undoubtedly vulnerable to hackers, websites covering election night are only used to publish unofficial preliminary results for the public and the media. The sites are not connected to counting machines and will never be able to change the actual election results.
However, there are certainly some weaknesses. However, such an attack is far from being an ideal method for hostile parties trying to influence the elections. The vast majority of units are not or only briefly connected to the Internet to submit ballot papers. It will therefore require a physical presence at the machine, making the attack extremely difficult to carry out. Therefore, although technically possible, it would be virtually impossible to carry out a coordinated attack on a sufficient number of machines to significantly influence the results. You’ll almost certainly be the first to be discovered. (Then they arrested him and gave him a one-way ticket to a nice cell somewhere in the federal prison).
The DEFCON Voices Village shares this view. Harry Hurst, one of the founders, said that
It’s not about proving that voting machines can be hacked. They can all be hacked, and in 30 years they can be hacked. It’s about understanding the risk.
This philosophy has led states to adopt risk mitigation measures that attempt to cover all bases in the event of a cyber attack. These include an audit trail with paper copies of ballot papers and counting of votes (although thirteen states still do not need a paper trail), a risk mitigation check (manual verification of the consistency of paper copies with electronic results), and appropriate security procedures for voting machines and software.
The human element, the greatest vulnerability?
Although electronic systems can have vulnerabilities, the most likely attack vector is humans. Human errors cannot easily be corrected or updated, and things like catching a spear can eventually become an easier and faster way for hackers to access voting systems.
Just last year, a vice-presidency survey showed that 35 systems from one of the largest voting machine manufacturers were unintentionally connected to the Internet. These special machines only need to be connected for a few minutes, immediately before the election, to make the test broadcast and immediately afterward to submit valid ballot papers. For the remaining time, they must be soaked in the air. Yet a total of ten states have made a mistake and left them online for months or even years.
Robert Graham, CEO of Errata Security, asked the following question
These are all safe technologies that work well when properly installed. We just don’t think they’re right. And the fact that [voters] say they are not on the internet, and yet they are, shows us that we have every reason not to trust them.
In theory, additional security measures could be added at different stages of the election process in case of human error, but again there is a thin line between security and accessibility. DigiCert’s Hojati expands the idea by saying…
In any democracy, electoral methods must prevent fraud, ensure confidentiality, and be cost-effective. The problem is that increased security during elections tends to reduce user-friendliness. For example, requiring multi-factor authentication requires additional steps to access accounts. And if we try to simplify the level of security as much as possible, improving voting security now means extra steps and investments in the election process.
Election officials still face the challenge of moving forward.
However, there are currently several vectors of attack on voting machines that cybercriminals could theoretically use, but is this the best option for someone who wants to influence the elections?
Real danger – misinformation and social attacks
The FBI and the Cyber Security and Infrastructure Security Agency (CISA) have recently issued public service announcements to alert voters to the threat of large-scale disinformation campaigns. Such an attack is not intended to change the voting itself, but to awaken undecided voters and question the legitimacy of the elections in order to sow political discord. According to the FBI, the aim is to manipulate public opinion, discredit the electoral process, and undermine confidence in the democratic institutions of the United States. As you can see below, this is not the first time misinformation has been used in a previous attempt to manipulate the stock market:
Image source: MarketWatch
Artificial social media campaigns are easier to run and potentially more economical than car hacking campaigns. Argumentative statements can spread like wildfire on social media platforms, whether or not they have a basis in reality. They can provoke reactions of insecurity among voters in unstable states and even lead to cross-party hostility and violence. And social networks allow cybercriminals to reach thousands or even millions of people at once, as opposed to physically hacking individual voting machines, where the number of visitors is an order of magnitude lower.
The risk is also lower. Cybersecurity experts can use forensic analysis to identify the source of machine attacks on polling stations. Breaking into most voting machines requires your physical presence, which puts you at risk of being arrested by local law enforcement. On the other hand, it is much more difficult to influence social networks and governments have minimal control over the content published on the platforms. In this case, the ultimate responsibility lies with the voters, who must make an informed and fact-based decision. It may be impossible to completely stop the threat of misinformation, but searching for news from multiple proven sources can minimize distortions and improve waste filtering.
The facts against the fears in the 2020 elections
It is clear that our voting machines have weaknesses, like in almost every other system on earth. But fortunately, it would have been quite difficult to carry out a massive election intervention that would have had a significant impact on the election results. This is due to the variability of systems and processes in the country and the physical presence required for the attack.
There are major risks associated with individuals, such as simple human error and phishing attacks, but also large-scale misinformation campaigns in social networks, which can influence public opinion and lead to political unrest. In recent years, more attention has been paid to the safety of elections throughout the country, and we hope that this will continue to be the case. Safety is a journey, not the choice of destination – this should be the first priority in the near future. At the same time, the public should keep an eye on good safety practices and get their news from known and reliable sources. They can then avoid manipulation through disinformation and propaganda campaigns because that is a more real threat to the electorate.
Ultimately, however, none of these risks should prevent you from fulfilling your civic duty and voting. As Digicert’s Hodjati explains,
There is no ideal solution: Every method of reconciliation has its own weaknesses. Regardless of the voting method used in your region, you should always participate in the vote. Non-participation is a guarantee that your voice will not be counted.
In that sense, we see ourselves in the election of the 3rd. November!
*** This is the syndicated Security Bloggers Network blog from Hashed Out by The SSL Store™, written by Mark Vojtko. The original message can be found at the following address: https://www.thesslstore.com/blog/how-safe-is-your-vote/.
vote safe California campaign, early voting California, track my ballot? :: California,vote save America,ballot drop box near me