Last weekend at the DEF CON conference—the annual get together for hackers, spooks, and computer enthusiasts—hackers showed how easily voting machines could be hacked, proving once more how vulnerable they are to cyber attacks. But conference organizers did not restrict the electoral hacking demonstration to voting machines. A virtual voter registration data base was also attacked, and defended, which experts say is just as worrisome. “If you look at all of the reports about foreign actors, malicious actors attacking US election infrastructure in the last election, they were not attacking the election machines,” Harri Hursti, an expert in hacking voting machines, and one of the co-organizers of the voting machine hacking exercises, tells Mother Jones. “They were attacking the back-end network, the underlying infrastructure. This was the simulation that showed how vulnerable [it is] and how hard it is to defend.”
State voter registration databases contain information about every registered voter in the state, as required by federal law. The information varies by state, but typically includes a voter’s name, date of birth, party registration, address, and, perhaps, social security number. Modifying or deleting parts of that data could, in theory, prevent someone from casting a ballot or, at the very least, delay voter check-in on site. Delays can exacerbate already long lines in some places, which may cause some people not to vote at all.
In the months since the US government formally accused hackers working with, or for, the Russian government of meddling in the 2016 US presidential election, there have also been allegations that hackers probed state election registration databases across the country. In June, Bloomberg Politics reported that state election databases in 39 states were “hit” by Russian hackers—although the exact meaning of the word “hit” is unclear in this context. State election officials in Illinois found evidence that hackers had “tried to delete or alter voter data,” and data on roughly 90,000 voters was downloaded by the attackers.
A subsequent Time story reported that the probing of state election systems was so severe in 2016 that the Obama administration had drawn up a 15-page contingency plan in case hackers tried to interfere with election infrastructure on election day by doing things such as messing with voter registration records to gum up poll stations or shutting down the machines themselves.