Numerous security researchers have analyzed the voting system and found several loopholes that make it easy to hack a voting machine to change election outcomes. So, what type of devices, networks, or systems can hackers exploit?
This article addresses the importance of understanding what hackers can do with the voting systems so that attacks can be stopped or disrupted right in their tracks.
What can hackers do with the voting systems?
There are two types of voting systems used in the U.S:
- Optical voting machines
- Direct recording electronic (DRE) machines
Optical voting machines use paper ballots while the DRE machines record votes electronically. Some of these voting machines offer a paper trail while others do not.
The problem with DRE machines is that they’re over a decade old and were designed when cyberattacks were not so common. They have outdated software and their providers rarely issue updates, which poses security vulnerabilities risk.
Here are ways hackers can exploit voting machines:
Physically tamper with the computer’s hardware
This attack is unlikely to happen since it can be difficult to tamper with the device physically without anyone noticing it. Additionally, it can be challenging to infect several computers to interfere with the outcome of an election.
However, voting machines have been exploited at hacking events like DEFCON and can be bought easily on online marketplaces such as eBay. This gives cybercriminals enough time to study these outdated voting machines.
Create multiple election cards for DRE machines
Generally, one election card is designed for one voter. However, attackers can design fake ones that can be used repeatedly if the election observers do not discover anything.
While it is easy to implement this hack, the most difficult part is to mobilize enough resources and people to have a major impact.
Access the machines remotely
This is not possible because most voting systems are not connected to the internet due to security reasons. However, some are internet accessible as they have remote-access software on them, making them vulnerable to attackers.
These systems can be exploited easily by inserting malicious code to change the final results.
Connect to the same WiFi network
Public WiFi isn’t safe and this applies to the election too. This should not be overlooked because most voting systems do not have firewalls or other security measures to prevent unauthorized remote access.
This can make hackers sit in the same room and connect to the public WiFi to run targeted attacks to take over all the devices.
How to target the voting process
Hacking voting machines is easy, but it requires a lot of resources to have a national effect. Hackers achieve this by using different methods to tamper with the voting process before voters reach the voting booth.
Here’s what cyber attackers do to get a sufficient scale to alter an election:
- Use baiting to install harmful ballot programs – Voting machines should be set up for an election using a special ballot program. If the machines are not connected to the internet they will require external devices like memory sticks with pre-loaded programs.
Unfortunately, this makes it easy for hackers to replace legitimate devices with their infected devices or use baiting techniques.
- Infect election officials devices to change election programs – Since the details of most election officials are easily accessible online, hackers can use phishing techniques to infect the officials devices, gain remote access and tamper with the election program code without any of the officials noticing.
This can have a bigger impact than baiting because the ballot program can be installed in the entire state or country and remain unnoticed.
- Design fake election management systems – Cyber criminals ensure the systems are already set up or infected to vote for their preferred candidate. Although states hire small companies to deliver for them election management systems, they need to be careful.
They need to ensure they’re purchasing legitimate services and that the software or service providers haven’t been breached or are the hackers themselves.
- Hack into voter registration systems – Hackers do this with the goal of sending phishing emails to voters. They may also send false emails notifying voters about long queues and a change in their voting center or the center being closed. This may discourage people not to show up to vote.
- Lack of federal laws that allow sharing of data if an election is hacked – Moreover, a federal policy shields the identity of cyber criminals. This means that state and local governments are not required to share the details of a hacked election with other states, offices, or voters.
When other states are not provided with such crucial information, they may not put in place the necessary measures due to sitting in the dark and might be targeted in the same way.
Can the next election be hacked?
Most of the above hacks can be prevented by conducting security audits, replacing old voting systems with up-to-date ones, putting in place cybersecurity measures, and using paper ballots. Since most of these changes require legislation or funding, the next election can be interfered with.
However, implementing a strong elections cybersecurity strategy that promotes the use of security controls such as Palo Alto Network Firewalls combined with physical and administrative defense measures can minimize election hacks.