The battleground state of Pennsylvania might as well have a target on its back as Election Day nears, the cybersecurity company Carbon Black warned in a new report released Thursday. “If I was a 400-pound hacker, I would target Pennsylvania,” Carbon Black chief security strategist Ben Johnson told CBS News, a reference to Donald Trump’s comment in Monday’s debate that the hacker behind the Democratic National Committee email leak could be someone “sitting on their bed that weighs 400 pounds.” U.S. intelligence officials actually believe Russia was behind that breach and a number of recent intrusions into state voter databases. Across the state, most Pennsylvania counties use particularly high-risk electronic voting machines that leave behind zero paper trails, which could be useful to audit the integrity of votes cast. In addition, many of these machines — called “direct-recording electronic” machines — are running on severely outdated operating systems like Windows XP, which has not been patched by Microsoft since 2014, Carbon Black said in its report. In general, these complex machines are a headache compared to so-called fixed-function devices that perform just one task and are thus harder to hack.
Politically, Pennsylvania has extraordinary value with 20 electoral votes and polls showing a narrowing race between Hillary Clinton and Donald Trump.
According to Carbon Black, Pennsylvania is an easier target than other battleground states like Ohio and Florida. Ohio conducts post-election audits and has a manual recount provision that kicks in for tight races. Florida also has required audits.
The general lack of a paper trail throughout Pennsylvania is a recipe for disaster, Johnson said. Before he co-founded Carbon Black, Johnson was a National Security Agency (NSA) engineer and defense contractor during the Iraq and Afghanistan wars. “If you buy something in the store with a credit card, you get a receipt. But if you cast your vote for president of the United States, you get nothing,” Johnson said.