2016-10-04

Could the U.S. election be hacked? It's not so unlikely

Could the U.S. election be hacked? It's not so unlikely

http://www.cbc.ca/news/world/pringle-election-hacking-1.3713911

By: Ramona Pringle
Date: 2016-08-10

Recent attempts at campaign-directed cyber-attacks have raised red flags about just how vulnerable the upcoming U.S. election is to hackers.

With the FBI currently investigating alleged Russian efforts to undermine the Democratic Party through hacking attempts, how concerned should elections officials – and voters — be about the security of electronic voting procedures?

What is to keep the U.S. election process free of hackers when even large corporations can't keep their data secure?

Vulnerabilities long before voting begins

One of the most obvious ways for a hacker to tamper with the election is to interfere with the way people actually cast their votes. The most vulnerable aspect of the voting process is the individual ballot, and the collection and tallying of those votes.

But in a digital world, far more is susceptible to tampering than the ballot itself. With digital tools integrated throughout the electoral process, from online voter registration, to information about when, where, and how to vote, to services for inquiries and complaints, potential weak spots show up long before anyone casts the first vote.

Gabriella Coleman, Wolfe Chair in Scientific and Technological Literacy at McGill University and author of the book Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous, warned even poorly executed hacks can be successful. "There is a common hacker acronym FUD, which stands for fear, uncertainty, doubt. The idea is, if you seed enough doubt, it doesn't matter if the system has been hacked or not, because people won't trust the system."

Convenience versus concerns

Recent security breaches and attempted hacks have brought the ongoing debate over the security of electronic voting systems back to the forefront of public discourse, as U.S. officials weigh whether to designate elections as national critical infrastructure, a decision that would open up federal assistance to election officers around the country, according to Homeland Security Secretary Jeh Johnson.

In electronic systems, the potential for hacking is compounded, with opportunities for tampering from the manufacturing of the voting machines, to their ongoing maintenance, to the collection and counting of the actual votes.

Electronic voting in the U.K.

An electronic kiosk was used for voting in the U.K. as early as 2012. But does online voting make the election system more vulnerable to hacking. (Adrian Dennis/AFP/Getty)

"The vulnerabilities in these machines are astounding, well-established, and very frightening," Coleman said.

Just like a power grid, street light system, or the countless other networks that our cities run on, the distributed nature of the process presents increased opportunities for security breaches and interception.

Technology to influence voting

With the rise of new technologies there is potential for individuals, governments, terrorist groups or hackers to  use internet-based tools strategically to leak sensitive documents, collect private information and influence voter opinion and sentiment.

A recent Bloomberg exposé featured a South American political hacker who engaged for a decade in what he calls "psychological operations." In the article he explains how he created software to manage and direct an army of fake Twitter accounts. He could change the names, profile pictures, and biographies of thousands of fake accounts to suit his particular needs at the time, using those virtual crowds to sway trends and public opinion.  

"When I realized that people believe what the internet says more than reality, I discovered that I had the power to make people believe almost anything," says the profiled hacker. Andrés Sepúlveda.

So how likely is it, really?

It's easy to think that the electoral process is "too big to fail," but just look at recent examples of large entities that have been hacked. Ashley Madison was hacked, despite their promises that user accounts were secure. They were even selling an added layer of security, showing we can't always trust what is promised.

What we learned from the leaked Panama Papers, months later, is that even the biggest companies with the most at stake in keeping valuable personal information private, aren't necessarily looking after cyber security.

Hacks are often the result of vulnerabilities that can be exploited, and often, those vulnerabilities are a result of outdated software.

What next?

Bruce McConnell, former deputy undersecretary for cybersecurity for the Department of Homeland Security, recently recommended that the agency issue a security alert warning election officials of potential vulnerabilities in their voting systems and machines, advising them of the importance of a paper trail, and calling on the manufacturers of voting machines to publish the results of independent audits and tests.

U.S. elections are locally run, with thousands of different systems and varying degrees of security. But in this case, the bad news is also the good news. As Coleman explains, "In a closed election, a technical hack can make all the difference, hacking in would hack the whole system. In the U.S. voting is very decentralized, which means a hack to the system wouldn't hack the whole system, so it would be hard to massively undermine it. That said, because it has been a close race, one state might be enough."



The article is reproduced in accordance with Section 107 of title 17 of the Copyright Law of the United States relating to fair-use and is for the purposes of criticism, comment, news reporting, teaching, scholarship, and research.

No comments: