Before the hacker touched a single key on the electronic voting booth, he already had three or four ideas in mind for how he could manipulate the results. “Just based on the fact that many of these voting machines have been around for years, just based on that I could tell you old vulnerabilities that exist in the system,” Tim Monroe told BuzzFeed News. Monroe, 26, is an independent cybersecurity consultant based in Boston, who says that calling himself a hacker sounds a lot better than his actual title. “Elections are full of opportunities for hackers, and those opportunities just keep getting better as more systems go online. I look at this machine and think, ‘here’s a thing to play with and take apart.’” Monroe wasn’t looking at a machine in a polling station somewhere in the United States, but one set up at Black Hat, an annual conference for the world’s foremost cybersecurity companies to show off their research and remind each other just how vulnerable all online systems are. This year, as an alleged Russian hack infiltrating the emails of top Democratic Party officials dominated news coverage in the weeks ahead of the conference, the question of hackers meddling in the upcoming US election was a constant source of speculation.
In that spirit, one of the participating companies, Symantec, set up a fully-functioning voting station and encouraged attendees to have at it. As if this election season hadn’t already thrown enough curveballs, the cybersecurity experts want the public to know just how vulnerable electronic voting systems are to hackers.
“People got a taste of it last month, with the Wikileaks emails and all those people saying Russia was trying to mess with our elections,” said Monroe. “But if people knew how easy it was, how really easy, to mess with elections they would be really scared.”
Intercepting electronic ballots, either during or after an election, or more wide-scale meddling in the national voting system has long been a concern. In the 2016 elections, there will be more than 9,000 jurisdictions that collect and tally votes electronically throughout the U.S., and each jurisdiction has its own standards and best practices guidelines for how those electronic systems should be secured.