The Federal Bureau of Investigation’s disclosure earlier this month that foreign hackers had infiltrated voter registration systems in Illinois and Arizona came as no surprise to some cybersecurity experts.
“Given where cybercrime has gone, it’s not too surprising to think about how information risks might manifest themselves during the election season to cause some level of either potential disruption, change in voting, or even just political fodder to add the hype cycle,” says Malcolm Harkins, global chief information security officer at network security firm Cylance.
Growing concern that hackers sponsored by Russia or other countries may be attempting to disrupt the presidential election is certainly not far-fetched, given the recent data breach at the Democratic National Committee headquarters. In fact, hacking an election is shockingly easy, according to a report by the Institute for Critical Infrastructure Technology, a cybersecurity think tank.
In most cases, electronic voting systems “are nothing but bare-bone, decade old computer systems that lack even rudimentary endpoint security,” according to the report. Security vulnerabilities are discussed every four years, but little attention is given to the problem. “It’s time for a complete overhaul in the electoral process’ cyber, technical and physical security,” the report concludes.
Earlier this month the FBI reported its most recent findings to election officials across the country and urged them to take new steps to enhance the security of their computer systems.
Illinois Board of Elections officials report that information from almost 200,000 voters were hacked beginning June 23. The breach was discovered two weeks later. No files were erased or modified, nor were voting history information or digital signature images captured, officials said. Hackers did, however, have access to voters’ drivers’ license numbers and the last four digits of Social Security numbers. In Arizona, the attack affected fewer voter files, and officials said last week that no data was removed in the attack.
While voter databases are separate from voting systems, cybersecurity pros say the voter database hack speaks to a larger vulnerability. "A hack of state election systems raises the stakes in this battle and is a dangerous sign that traditional defenses aren't cutting it,” says Paul Hooper, CEO of Gigamon. “These systems must be impenetrable to hackers so that we have complete trust come this fall.”
Election systems remain vulnerable, in part, because the system depends on federal, state, and local authorities, who each possess their own systems, software, hardware, and security protocols.
Finding the vulnerabilities
The FBI reported that hackers identified an SQL injection vulnerability and used SQLmap to target the Illinois voter registration website and gain access to data. Seven suspicious IP addresses were used by the hackers, and election boards were urged to check for similar activity to their logs.
“In these cases, they were attacked through old Web application vulnerabilities,” says Alex Heid, chief research officer at Security Scorecard. “Web apps that were written in the early to mid-2000s and are still online and often still have the vulnerabilities that were carried over from that era. States that have an online portal for any type of registration will want to make sure their web apps are up to current [security] standards.”
Ray Rothrock, CEO of RedSeal, suggests that those vulnerable assets should be taken offline. “Nobody says that the computer in Town Hall needs to be on an internet,” he says. Just as outdated IRS systems have already been compromised, “You can’t keep patching old systems for security, you actually have to architect something and think about it strategically,” Rothrock says.
The government has offered to help states protect its voter databases and election systems by dispersing, on request, federal cyber security experts could scan for vulnerabilities in voting systems and provide other resources to help protect them.
“I don’t think that will necessarily help things, Heid says. “If the government is doing an assessment on themselves – there’s always the risk of a small group of individuals in the program, even with legitimate intentions, to cause issues.”
The lesser of two evils: confidentiality or integrity/availability
Harkins believes that election security risks go far beyond the recent voter database attacks and end-point security solutions.
“The confidentiality of your vote is important, but it’s not going to change the election. Integrity and availability risk [however] could alter the outcome of an election,” Harkins says, and not by manipulating votes, but by influencing the ability to vote. For instance, in municipalities with voter databases and no paper backup, cyber thieves possibly could cryptolock files and hold voting rights for Bitcoin ransom, he says.
There are simpler ways to disrupt voting at the height of election day, Harkins adds. Cutting power to a school where electronic voting is taking place, and without paper backup, could halt voting for hours, and many voters would turn away.
There is also the threat of tampering with electronic voting machines themselves. Georgia, Delaware, Louisiana, South Carolina and New Jersey use electronic voting machines that leave no way to audit results after the fact, according to the ICIT report. Swing states, such as Pennsylvania and Virginia, do not rely on machines that generate a paper trail. According to Verified Voting, which advocates for transparency of voting machines, 47 of Pennsylvania’s 67 counties rely on digital voting machines without a verifiable paper auditing trail.
“You would have to harden those systems from intrusions or attacks that would affect the availability of the system, then you would have to look at the redundancy of those systems,” Harkins says.
The integrity of votes must also be examined. Does the name a voter chooses on the ballot match the paper print-out? Does it match the electronic version stored in the voting machine? Even the voting controversies in the Florida election recount of 2000 had rules, processes and oversight of paper voting, Harkins says. Remember the hanging chads? “What’s the logical equivalent of that” for digital voting?”
Optics vs. reality
The optics of the voter database breaches may be worse than the hacks themselves, says Dimitri Sirota, CEO of BigID. “Today, a foreign agent can't completely alter elections because of how the vote count is fragmented across states and polls,” he says. However, “they can certainly subvert confidence in the election.” In fact, the discoveries may be a deliberate attempt to get discovered, he adds.
Illinois has perhaps the simplest solution for diverting future election hacking. The state’s voting machines aren’t connected to the internet, said Ken Menzel, general counsel for the elections board, in a television interview. “By keeping that system off the internet, you go a long way to protect it from internet hackers.”