Election security groups are sounding the alarm about emailed ballots ahead of the November midterm elections, warning in a new report that PDF and JPEG ballot attachments sent to election officials could be exploited by hackers. The organizations, including watchdog group Common Cause, issued a report Wednesday that found election workers who receive emailed ballots are at risk of clicking on unsafe attachments, sent from unknown sources, that could contain malware. “In jurisdictions that receive ballots by PDF or JPEG attachment, election workers must routinely click on documents from unknown sources to process emailed or faxed ballots, exposing the computer receiving the ballots — and any other devices on the same network — to a host of cyberattacks that could be launched from a false ballot laden with malicious software,” the report says. “An infected false ballot would enter the server like any other ballot, but once opened, it would download malware that could give attackers backdoor access to the elections office’s network.”
The Association for Computing Machinery’s Technology Policy Committee, the National Election Defense Coalition and the R Street Institute were among the report’s co-authors.
Experts from both the private and public sector have warned about the vulnerabilities of online voting for years, but the report comes at a time of heightened alarm about election interference from hostile nation-states or cyber criminals.
Trump administration officials have said that Russia targeted election-related systems in 21 states leading up to the 2016 presidential election. They have also maintained that hackers did not target systems involved in vote-tallying, and that there is no evidence any vote tallies were changed.
At least 100,000 people voted online in 2016, according to data collected by the U.S. Election Assistance Commission.