Stealing and leaking emails from the Democratic National Committee could be just the start. Hacking the presidential election itself could be next, a bipartisan group of former intelligence and security officials recently warned. Whomever was behind the DNC hack also could target voting machines and the systems for tabulating votes, which are dangerously insecure. “Election officials at every level of government should take this lesson to heart: our electoral process could be a target for reckless foreign governments and terrorist groups,” wrote 31 members of the Aspen Institute Homeland Security Group, which includes a former director of the Central Intelligence Agency and a former secretary of Homeland Security. That echoes warnings computer security experts have been sounding for more than a decade: that the system for casting and counting votes in this country is also ripe for mischief. … Thirty-one states and the District of Columbia allow military personnel and overseas voters to return their ballots electronically, according to Verified Voting, a non-profit group that advocates transparency and security in U.S. elections. “The election official on the receiving end has no way to know if the voted ballot she received matches the one the voter originally sent,” the group warns. Some ballots are sent through online portals, which exposes the voting system to the internet. And that’s one of the most dangerous things elections officials can do, because it provides a remote point of access for hackers into the election system.
“Anything that doesn’t absolutely have to be connected to the internet, don’t connect it,” Pamela Smith, Verified Voting’s president, told The Daily Beast. U.S. officials have also given that same advice to the owners and operators of critical infrastructure, such as electrical power grids. Smith and her colleagues recently told U.S. officials crafting computer security guidelines that elections systems should also be treated as vital national assets, and protected as such. “Without encryption, emailed ballots can be easily modified or manipulated en massewhile in transit from the voter to the local election officials,” David Jefferson, a voting security expert and computer scientist at Lawrence Livermore National Laboratory, warned in a blog post in 2011.
The threat is still real. Jefferson called it “trivial” for someone with a modicum of technical skills to filter out ballots from a particular county or state and “to automate a process to either discard ballots that contain votes she does not like, or replace them with forged ballots that she likes better, all the while keeping the voter’s signed waiver and envelope attachments intact. Such malicious activity would only result in a transmission delay on the order of one second or so.”
Most states that allow voters to return ballots via the internet limit the practice to overseas voters. But in close elections, those votes could make a difference. Alaska is also unique in that it allows anyone in the state to send in their ballots online. “Marking and sending votes over the internet is my biggest concern,” Smith said. “They could be infected or tampered with. Or something could just go wrong and you couldn’t do a good recount.” That’s especially concerning in states that allow voters to electronically return their ballots but don’t have paper backups to record how that person actually voted.
Full Article: How Hackers Could Destroy Election Day – The Daily Beast.