On November 6, Americans will head to the polls to vote in the congressional midterm election. In the months before the contest, hordes of foreign hackers will head to their keyboards in a bid to influence its outcome. Their efforts will include trying to get inside the digital infrastructure that supports the electoral process. There’s a worrying precedent here. Last year, the Department of Homeland Security notified 21 states that Russian actors had targeted their election systems in the months leading up to the 2016 US presidential election. DHS officials said the Russians were mainly scanning computers and networks for security holes rather than taking advantage of any flaws that were discovered. Still, that’s no cause for complacency. Intelligence officials are already warning that Russia is intent on meddling in this year’s election too, and hackers from other countries hostile to the US could join in. This week, both DHS and the Federal Bureau of Investigation said Russia is laying the groundwork for broad cyberattacks against critical US infrastructure. Last year, the DHS designated voting technology as part of that vital framework.
… There are two broad types of electronic voting machines in use today. Optical-scan ballot readers scan and record paper ballots filled in by voters, while direct-recording electronic, or DRE, machines display ballot choices on a screen and record voters’ choices electronically. (Some DRE machines can also generate a paper record.)
Plenty of machines run on antiquated operating systems that have known security flaws and whose creators have stopped issuing updates. This makes them particularly vulnerable to attack. Last year, hobbyist hackers attending the Defcon conference in Las Vegas were able to compromise a number of different devices and summarized the experience in a report. More recently, Alex Halderman, a professor at the University of Michigan, staged a mock election with student voters to show easy it is to hack the machines.