The recent cyber theft of millions of personnel records from the federal government was sophisticated and potentially crippling, but hackers with just rudimentary skills could easily do even more damage by targeting voting machines, according to security experts. Voter fraud is nearly as old as elections themselves, and different states and precincts use different voting systems and machines. But in many cases, even the electronic ballots could be manipulated remotely, according to a new report by the Commonwealth Security and Risk Management for the Virginia Information Technologies Agency. That report found that the AVS WINVote machines Virginia has used since 2002 have such flimsy security that an amateur hacker could change votes from outside a polling location.
“This means anyone could have broken into the machines from the parking lot,” said Cris Thomas, a strategist with the Columbia, Md.-based Tenable Network Security, one of the nation’s leading cyber and enterprise security firms. “Our entire democracy depends on systems with minimal, easily bypassed security.”
… The problems fall into two areas, Thomas said. Manufacturers are not sufficiently testing systems before selling them to municipalities, often using off-the-shelf hardware and software with minimal security; and local government certification agencies seldom have the time, resources or knowledge to properly test machines for vulnerabilities and often just accept the manufacturer’s claims for security.
The National Institute of Standards and Technology and the Election Assistance Commission has a program to help municipalities certify election machines, but, Thomas noted, participation in the program is voluntary.