Last month, when Congress authorized three hundred and eighty million dollars to help states protect their voting systems from hacking, it was a public acknowledgement that, seven months out from the midterm elections, those systems remain vulnerable to attack. America’s voting systems are hackable in all kinds of ways. As a case in point, in 2016, the Election Assistance Commission, the bipartisan federal agency that certifies the integrity of voting machines, and that will now be tasked with administering Congress’s three hundred and eighty million dollars, was itself hacked. The stolen data—log-in credentials of E.A.C. staff members—were discovered, by chance, by employees of the cybersecurity firm Recorded Future, whose computers one night happened upon an informal auction of the stolen passwords. “This guy—we randomly called him Rasputin—was in a high-profile forum in the darkest of the darkest of the darkest corner of the dark Web, where hackers and reverse engineers, ninety-nine per cent of them Russian, hang out,” Christopher Ahlberg, the C.E.O. of Recorded Future, told me. “There was someone from another country in the forum who implied he had a government background, and he wanted to get his hands on this stuff. That’s when we decided we would just buy it. So we did, and took it to the government”—the U.S. government—“and the sale ended up being thwarted.” (Ahlberg wouldn’t identify which government agency his company had turned the data over to. The E.A.C., in a statement, referred questions about “the investigation or information shared with the government by Recorded Future” to the F.B.I. The F.B.I., through a Justice Department spokesperson, declined to comment.)
Another case to consider: the Department of Homeland Security recently discovered a number of rogue cell-phone simulators—technical tools that are commonly called “Stingrays”—in Washington, D.C., and has been unable to identify who was operating them. Stingrays are typically used in this country by police or intelligence agencies to surveil suspects and intercept their communications, but D.H.S. officials suspect that the ones they found may have been part of a foreign government’s spying arsenal. As a pair of Princeton computer scientists, Andrew Appel and Kyle Jamieson, have pointed out, cell-phone simulators, which mimic legitimate cell towers, happen also to be handy and inexpensive vote-hacking devices. On the Freedom to Tinker blog, Appel and Jamieson have posted easy-to-follow diagrams showing how the transmission of voting information from polling places could be intercepted by a Stingray and surreptitiously altered before being sent on to its intended destination, a central tabulating computer.
The voting machine that Appel and Jamieson picked to illustrate this hypothetical “man-in-the-middle” attack was the DS200, a popular optical-scan voting machine that reads marked paper ballots, made by a company called Election Systems & Software. The DS200 machine is not connected to the Internet, a feature that offers a great deal of protection from hacking—but not absolute protection. As the Princeton professors demonstrate, trusting this “air gap” when there are other points of entry into the system—such as, in the DS200’s case, a modem that sends data over phone lines—is both naïve and dangerous. When I contacted Election Systems & Software for a comment on the machine’s susceptibility to hacking, I was sent an explanatory leaflet called “Modeming as It Relates to Unofficial Results Transmission.” That document catalogues a number of security features that, on their face, would appear to prevent interception. “Only unofficial results are ever transmitted via modem,” the document says, and, even then, all transmissions are encrypted. The company says these safeguards make the Stingray-aided hacking of their machines “highly unlikely.” But, as Appel told me, there is nothing stopping poll workers from sending official results via modem, and encryption only works if the software of the sender and that of the receiver are implemented perfectly. That, he said, rattling off the many ways an encrypted system could be penetrated, rarely happens. And, despite the security features of the DS200, the danger posed by sending voting data over phone lines has convinced several states—including New York, Maryland, Virginia, and Alabama—to prohibit the use of modems for the transmission of election results.
Full Article: America Continues to Ignore the Risks of Election Hacking.