The federal government has revealed for the first time that it has officially informed several state officials that Russian state actors attempted to compromise their voting systems.
This summer, the Department of Homeland Security (DHS) disclosed to Congress that 21 states were suspected to have been targeted in 2016 but only told the local election officials last Friday.
The reason for the revelation? The DHS hopes that this would give them a head start and help them make security decisions for the 2018 midterm elections.
But are the U.S. elections really that vulnerable to hacking?
Let’s explore the ways how state actors, Russian or otherwise, can compromise our voting systems.
How easily can the US elections be hacked?
Last summer, hackers who attended the Defcon convention managed to compromise four different voting machines, one in less than half an hour. According to a Defcon organizer, hacking these machines was much easier than a home router or mobile device.
Believe it or not, the reason why voting machines are easy to crack is due to the outdated operating systems that still run them. Old unsupported operating systems like Windows 2000 (!) and Windows XP have known exploits and vulnerabilities that are no longer patched with security updates.
Due to these exploits, computer security experts presented various ways of how voting machines can be tampered with including firmware reprogramming, malicious code insertion and memory card swaps.
Even non-internet connected machines can be compromised locally since voting machines need to be programmed with a ballot for each election. All it takes is for someone to hack the software that records the votes and if this happens, virtually all voting machines will be compromised.
How about online voting?
If voting machines can be easily compromised locally, how about doing it online? Unfortunately, experts said that this is not even a viable option in the near future. With all the internet security risks and data breach threats out there, it’s not a solution that should be considered right now.
Instead of going increasingly high-tech, experts prefer the low-tech solution for now – physical backups. These can be as simple as paper ballots that are scanned by the machines with every vote. This paper trail can then be used to audit the results counted by the voting machines.
Thankfully, around 70 percent of the votes cast in 2016 had a form of paper balloting that can be checked. Unfortunately, only a few states audit their electronic counts and even worse, 10 states use direct-recording machines with no paper backups whatsoever.
The states Russia hacked
According to the DHS, the states affected by the Russian hacking attempts include:
It’s important to note that even though a state was targeted, it doesn’t mean that the voting data was successfully manipulated.
Although hackers did manage to attack and plant malware on voter registrations in Arizona and Illinois, election officials said that most attempts to compromise election systems were unsuccessful.
Did you know you can buy credit card numbers online for just a few bucks?
It’s shocking what you can buy on the Dark Web. Click here to see how much you need to spend for a hacker’s toolkit. Spoiler alert: It’s under $20!