How hard is it to Hack the US Election?

Can America’s democracy be hacked? Many security researchers have looked into the voting system and have found countless loopholes. However, many questions have been left unanswered. With the looming 2020 election, it’s more important than ever to see if the US election can be hacked.

How easy is it to hack into voting machines?

Different states use different voting machines. This means the whole system can’t be hacked at once, but it also means hackers can find the states with the weakest cybersecurity and strike there. If they succeed, they could sway election results to one side or the other. But what do these “weak links” look like?

To understand this, we first need to know the type of machines used for the voting. There are two – optical voting machines and direct recording electronic (DRE) machines. The former uses paper ballots that you fill in and the machine scans and tabulates. The paper ballot is kept in case the vote needs to be verified or an audit needs to be conducted. DRE machines record your vote electronically. Some provide a paper trail, some don’t.

Now, though counting the votes might be annoying, 22 states have chosen to use paper ballots only for security reasons. Their machines may be hackable, but they have paper ballots to compare their results with. The remaining states use either both Optical and DRE machines or only DRE machines.

Most of these machines are more than 10 years old. They were designed at a time when no one considered the need for internet connectivity, firewalls, or cybersecurity. They are so outdated that their software providers, including Microsoft, stopped issuing software updates a long time ago. It’s no surprise that they present many vulnerabilities.

Using a mixture of Optical and DRE machines leaves more than half of the country vulnerable. To make matters worse, there are 5 states (Delaware, Georgia, Louisiana, New Jersey, South Carolina) that use DRE machines only.

So what can hackers do with the voting machines?

• Physically tamper with the device’s hardware. This hack is probably the least likely to happen as it may be difficult to access the device without anyone noticing. It would also be hard to infect enough machines to sway an election. However, this is far from impossible. Voting machines have been thoroughly studied and exploited at hacking events such as DEFCON.

• Design multiple-use election cards for DRE machines. Normally, one election card equals one vote. However, hackers can create fake ones that could be used an infinite amount of times (as long as the election observers don’t notice anything). This hack is possible and isn’t too difficult to implement. The hardest part would be to mobilize enough people and resources toactually have any major impact.

• Remotely access the machines. This may not be feasible as most machines are not connected to the internet for security reasons. However, some are. And it doesn’t help if the voting machine maker left remote-access software on it. These machines can easily be exploited by inserting malicious code to alter the results.

• Connect to the same Wi-Fi network and access the machines. Public Wi-Fi isn’t safe – that applies to the election too. Most voting machines have no firewalls or security measures in place. It would be enough for a hacker to sit in the same room, connect to the same network, and run a targeted attack to take over the device.

“Hacking voting machines is possible, but that would require a lot of resources and might not be practical. To have a national effect, hackers have to think big. That means using various techniques to infect the voting process before voters even reach the booth,” says expert.

How to target the voting process

This is what hackers might try to do to achieve a sufficient scale to sway an election. The scary thing is that none of the hacks below are out of the ordinary or impossible to achieve.

• Use baiting to install malicious ballot program. Voting machines need to be set up for the election with a special ballot program. Most of the machines that are not connected to the internet will need an external device like a memory stick with a pre-loaded program. A hacker could easily use baiting techniques or replace legitimate devices with the hacker’s infected device.

• Infect an election official’s device and tamper with election programs. Many election officials’ details are easily accessible on the internet. The hacker could use a phishing technique to infect an official’s device, gain remote access, and change election program code. This would have an even bigger effect than baiting as this ballot program could now be installed all over the county or a state.

• Create fake election management systems that are already infected or are set up to vote for the hacker’s preferred candidate. It’s not uncommon for states/counties to hire small companies to provide them with election management systems. They might think they are buying a legitimate service, but how do they know that the service or software providers aren’t hackers or haven’t been breached themselves?

• Hack into voter registration systems and send phishing emails to voters. A hacker could also send false emails informing voters about long queues, a change in their voting center, or that their voting center is closed.

Can they hack your brain?

The Cambridge Analytica scandal that some say influenced the 2016 election showed us the powerful new tools being used to shape public opinion without accountability. Even without concrete evidence on how many votes may have been swayed, it still planted a seed of doubt – “Is my vote worth a thing?”

Americans are proud of their freedom of choice, so they rely heavily on media to gather information and form their opinions. Hackers or organizations can turn that against them by hacking social media with fake ads, fake profiles and disinformation. They could also flood other media channels with fake news.

Such attacks are particularly dangerous as they can be governmental or state sponsored. This means a foreign government could try to interfere with the US election. They would also have sufficient funds to reach bigger audiences and perform more intricate attacks that require more resources.

Can the 2020 election be hacked?

Many of the hacks above could be prevented by employing simple cybersecurity measures, replacing old voting machines with newer and more secure ones, using paper ballots, or conducting security audits. However, most of these changes cannot be made without extra funding or new legislation, which does not seem to be forthcoming in the US. This leaves the 2020 election vulnerable to interference and hacking.

••••

About the Author: Emily Green is a content writer who loves to investigate the latest internet privacy and security news. She thrives on looking for solutions to problems and sharing her knowledge with NordVPN readers and customers.

••••

The above article (How hard is it to Hack the US Election?) was originally created and published by NordVPN and is republished here by contribution with attribution to the author Emily Green and nordvpn.com .

••••