As the midterm congressional primaries heat up amid fears of Russian hacking, roughly 1 in 5 Americans will cast ballots on machines that do not produce a paper record of their votes. That worries voting and cybersecurity experts, who say lack of a hard copy makes it difficult to double-check results for signs of manipulation. “In the current system, after the election, if people worry it has been hacked, the best officials can do is say, ‘Trust us,’” said Alex Halderman, a voting machine expert who is director of the University of Michigan’s Center for Computer Security and Society.
National: Russia’s still targeting U.S. elections, King warns, and experts say we’re not prepared | Portland Press Herald
For weeks, U.S. Sen. Angus King has been telling anyone who’ll listen that the biggest, most worrisome thing about Russian interference in the 2016 election isn’t getting enough attention and has nothing to do with President Trump. King has warned in congressional hearings, television appearances and interviews with reporters that Moscow tried and is still trying to compromise American voting systems – and that if nothing’s done it might very well change the results of an election. … While intelligence officials say there is no evidence that vote counts were changed last November, a leading expert on security threats to voting machines said this possibility cannot be excluded without a forensic audit of the results. Even voting and vote counting machines that are not connected to the internet can be and could have been compromised when they received software programming them to display or recognize this year’s ballots, said J. Alex Halderman, director of the University of Michigan Center for Computer Security and Society.
A computer science professor told the Senate Intelligence Committee Wednesday that voting machines that create an electronic record of the voters’ decisions are open to fraud and computer hacking, vulnerabilities that are big enough to potentially change the outcome of some elections. J. Alex Halderman, professor of computer science at Michigan University, said he and his team began studying “direct-recording electronic” (DRE) voting machines 10 years ago and found that “we could reprogram the machine to invisibly cause any candidate to win. We also created malicious software — vote-stealing code — that could spread from machine-to-machine like a computer virus, and silently change the election outcome.” … As a computer science professor, Halderman has not only run academic trials on hacking voting machines, he has also run real-time examples.
Hackers can breach air-gapped voting machines and vote tallying systems – those not connected to internet – in an attempt to alter ballots to sway the outcome of an election, the Senate Select Committee on Intelligence has learned. “Our election infrastructure is not as distant from the internet as it may seem,” Alex Halderman, a University of Michigan computer science professor, testified Wednesday before the Senate Select Committee on Intelligence The Senate panel, as well as its House counterpart, held simultaneous hearings focused on the impact of Russian hacking on America’s election process (see Election Systems’ Hacks Far Greater Than First Realized ). At both sessions, lawmakers heard witnesses agree that Russian hackers did not alter votes in the 2016 presidential election.
As new reports emerge about Russian-backed attempts to hack state and local election systems, U.S. officials are increasingly worried about how vulnerable American elections really are. While the officials say they see no evidence that any votes were tampered with, no one knows for sure. Voters were assured repeatedly last year that foreign hackers couldn’t manipulate votes because, with few exceptions, voting machines are not connected to the Internet. “So how do you hack something in cyberspace, when it’s not in cyberspace?” Louisiana Secretary of State Tom Schedler said shortly before the 2016 election. But even if most voting machines aren’t connected to the Internet, says cybersecurity expert Jeremy Epstein, “they are connected to something that’s connected to something that’s connected to the Internet.” … While it’s unclear if any of the recipients took the bait in the email attack, University of Michigan computer scientist Alex Halderman says it’s just the kind of phishing campaign someone would launch if they wanted to manipulate votes.
The leaked NSA document published by The Intercept on Monday revealed a report that Russian military actors attacked one of the most especially vulnerable aspects of the American voting system: online voting registration databases. The classified document was leaked to the press by a 25-year-old intelligence contractor who has been arrested by the Department of Justice. The five-page report, which the AP has yet to authenticate, details a cyberattack that began in August 2016. The document does not reveal whether or not the Russian attempts at were successful, nor does it address if it could have affected voting outcomes in the presidential election. It does, however, validate the concerns of cybersecurity experts who have long considered the possibility of this type of attack as a potential threat to our voting process’ security.
A leaked intelligence document outlining alleged attempts by Russian military intelligence to hack into U.S. election systems is the latest evidence suggesting a broad and sophisticated foreign attack on the integrity of the nation’s elections. And it underscores the contention of security experts and computer scientists that the highly decentralized, often ramshackle U.S. election system remains profoundly vulnerable to trickery or sabotage. The document, purportedly produced by the U.S. National Security Agency, does not indicate whether actual vote-tampering occurred. But it adds significant new detail to previous U.S. intelligence assessments that alleged Russia-backed hackers had compromised elements of America’s electoral machinery. It also suggests that attackers may also have been laying groundwork for future subversive activity. The operation described in the document could have given attackers “a foothold into the IT systems of elections offices around the country that they could use to infect machines and launch a vote-stealing attack,” said J. Alex Halderman, a University of Michigan computer scientist. “We don’t have evidence that that happened,” he said, “but that’s a very real possibility.”
… J. Alex Halderman, a computer science professor at the University of Michigan, and Ph.D. student Matt Bernhard have assembled a number of reasons that they say render US voting machines susceptible to outside interference that could affect the accuracy of their tallies. In 2002, after the chaotic presidential election two years before, Congress passed the Help America Vote Act. The legislation provided funding for several private electronic voting machine manufacturers, including Diebold. Voting machines today fall predominantly into two categories. Optical scanners can be small, like the ones used at local polls or huge, or like the ones used at central voting centers to read absentee ballots. Direct Recording Electronic machines are touch screen devices that may or may not have a printer attached that makes a hard copy of the votes cast so they can be verified. According to Verified Voting, more than 20% of the DREs in use in the United States lack printers, making it impossible to detect fraudulent activity. “These machines are just so poorly engineered, the only real way to secure them is to destroy them and start over,” says the University of Michigan’s Matt Bernhard. In fact, their operating systems are often based on obsolete platforms such as Windows 98 or Vista.
National: Professor Who Urged an Election Recount Thinks Trump Won, but Voting Integrity Still Concerns Him | The Chronicle of Higher Education
In the days after November’s election, a news report described a professor of computer science and engineering at the University of Michigan at Ann Arbor, J. Alex Halderman, as having a made a provocative discovery. The report suggested he had found “persuasive evidence” of voting anomalies in three key swing states, each barely won by Donald J. Trump, that gave him the margin of his surprise victory, and asked whether computer hacking could have been responsible. Claims that Hillary Clinton’s vote totals were suspiciously lower in counties that relied on computerized voting machines helped fuel recount demands by Jill Stein, the Green Party’s presidential nominee, that later were joined by Mrs. Clinton’s campaign.
This article appeared originally in the March 2017 issue of Scientific American.
The FBI, NSA and CIA all agree that the Russian government tried to influence the 2016 presidential election by hacking candidates and political parties and leaking the documents they gathered. That’s disturbing. But they could have done even worse. It is entirely possible for an adversary to hack American computerized voting systems directly and select the next commander in chief.
A dedicated group of technically sophisticated individuals could steal an election by hacking voting machines in key counties in just a few states. Indeed, University of Michigan computer science professor J. Alex Halderman says that he and his students could have changed the result of the November election. Halderman et al. have hacked a lot of voting machines, and there are videos to prove it. I believe him.
Halderman isn’t going to steal an election, but a foreign nation might be tempted to do so. It needn’t be a superpower like Russia or China. Even a medium-size country would have the resources to accomplish this, with techniques that could include hacking directly into voting systems over the Internet; bribing employees of election offices and voting-machine vendors; or just buying the companies that make the voting machines outright. It is likely that such an attack would not be detected, given our current election security practices.