Every time there’s an election, the topic of hacking one comes to the surface. During a presidential election, that conversation gets louder. Yet, even the elections held every two years see some sort of vote hacking coverage. But can you really hack an election? Maybe, but that depends on your goals. The topic of election hacking is different this year, and that’s because someone is actually hacking political targets. Adding fuel to the fire, on Aug. 12, 2016, during an event in Pennsylvania, Donald Trump warned the crowd that if he loses the battleground state, it’s because the vote was rigged. “The only way we can lose, in my opinion—and I really mean this, Pennsylvania—is if cheating goes on,” Trump said. This was no random remark either, Pennsylvania voting has been called in to question before. Such was the case when Republican supporters claimed Mitt Romney lost the state in 2008 due to fraud. When it comes to hacking elections, most people imagine voting machines compromised in such a way that a vote for candidate ‘A’ actually counts as a vote for candidate ‘B’ – or the votes just disappear.
However, security experts who have tackled the topic of election hacking often come to a single conclusion, while the machines that process votes are riddled with vulnerabilities – 278 disclosed historically, none with a CVE ID assignment – they’re not the problem. The real attack surface is the way voters are processed. In a recent Privacy XChange Forum survey including 2,004 people, nearly 40 percent of those questioned said they were concerned about the amount of personal data in the possession of political parties and campaigns.
… About 14 percent of electoral votes are in swing states where some percentage of voting machines are DRE without a paper backup – specifically Florida, Virginia, and Pennsylvania. But even in those cases, some districts use paper ballots and DRE with paper backups. Only one state, Louisiana, uses DRE with no paper backup at all.
“This means that irregularities in vote counts, either by compromising the voting machine or election management software (the “back-end” to voting machines) would be recognized in spot-checks or manual verification counts, which many states still perform,” Sweet said.
Earlier this year, CSO Online’s Salted Hash, working alongside researcher Chris Vickery, broke the news that 191 million voter records were exposed due to database configuration issues.