It’s been almost a year since Election Day 2016, but the campaign news hasn’t stopped. Oct. 30 brought the first indictments in special counsel Robert Mueller’s investigation into possible collusion between the Russian government and the Trump campaign. On Tuesday and Wednesday, representatives from Facebook, Google, and Twitter faced congressional grilling over widespread Russian influence on their platforms. Also on Wednesday, the Wall Street Journal reported that the Department of Justice is considering charging Russian government officials for crimes related to the Democratic National Committee hack. Amid the flurry, it’s easy to blur these conversations—especially because they all seem to feature Russia. But the election-hacking conversation desperately needs to be untangled. Whatever other revelations may come, it helps to remember that election hacking is really about three separate threats: hacking voters, hacking votes, and causing disruption or chaos. … The second threat is of manipulated votes—essentially, that voting machines will be hacked. The Department of Homeland Security found no evidence that malicious actors successfully compromised any vote-tallying machines in 2016. However, a leaked NSA document from this summer shows that Russian hackers targeted and compromised a Florida-based voting-equipment vendor and then used the stolen credentials to target local election officials. Thankfully, the compromised vendor, VR Systems, doesn’t run any vote-tabulation equipment. However, its digital access and proximity to local election officials—who work with those who do program voting machines—is worrying.
For years, security researchers have been demonstrating that voting machines are vulnerable to attack. In 2015, it was revealed that the password to one type of machine used in Virginia was “admin.” After hackers successfully compromised machines and other voting equipment at this summer’s DEFCON security conference, Virginia announced it would decertify its paperless electronic machines ahead of Tuesday’s election. But electronic voting machines that have no paper trail are still exclusively used in five states. These are the most concerning, because there is no way to confirm the accuracy of the electronic tally after the fact.
The good news is that two straightforward steps would go a long way toward mitigating the vote-manipulation threat: establishing a paper trail for every vote cast and implementing statistically rigorous audits after every election that would compare the machine tally with the paper record. These two steps would make it extraordinarily difficult for any hacker to tamper with voting machines undetected.
Full Article: The three kinds of election-hacking threats..