National: There’s No Way to Know How Compromised U.S. Elections Are | The Atlantic

It’s not really all that hard to hack American democracy. That fact should be driven home by a recent article from The Intercept detailing the contents of a highly classified NSA report that found evidence of a massive Russian cyberattack on voting software and against over 100 election officials. While the NSA concluded the attack was carried out by the most sophisticated of hackers—the Russian military—their entry methods were relatively vanilla. They gained access to the credentials and documents of a voting system vendor via a spear-phishing attack, and then used those credentials and documents to launch a second spear-phishing attack on local elections officials, which if successful could have compromised election officials’ systems and whatever voter data they possessed.

Recent reporting by Bloomberg has supplemented these reports, showing that such attempts by Russian hackers spread across 39 states. Some of the most extensive efforts came in Illinois, where hackers gained access to the whole state database and as many as 90,000 records including identifiers like partial Social Security numbers, driver’s license numbers, and names. The potential damage to the integrity of the actual vote was limited by the fact that the state database was merely a top-level aggregation of county-level databases and data entry, but Illinois was a disturbing proof-of-concept.

Russia’s intrusions were instructive. While it’s unclear just how many records they accessed or how deeply they’d compromised systems that could actually electoral outcomes, their probing illustrated how easily elections infrastructure is compromised—and also how officials might not have any idea just how compromised it already is. Using social engineering and phishing, they reached every level of the voting infrastructure, from the private vendors that create electronic ballots to state coordinators and local officials. And according to Bloomberg, the main reason intelligence officials know about that systematic attack was only because a contractor for the Illinois state board of elections noticed an unauthorized download of voter data.

So we found out about that attack, but might there be others? The splintered digital infrastructure across and within states; the use of multiple vendors; the overlapping interfaces between municipalities, counties, and states; and the reliance on of volunteers for data entry and verification in both registration and voting mean that there are literally thousands of entry points to compromise elections in each state.

Full Article: American Elections Are Easy to Hack – The Atlantic.

Comments are closed.