When Chris Grayson pointed his Web browser in the direction of Georgia’s elections system earlier this year, what he found there shocked him. The Santa Monica cybersecurity researcher effortlessly downloaded the confidential voter file of every registered Georgian. He hit upon unprotected folders with passwords, apparently for accessing voting machines. He found the off-the-shelf software patches used to keep the system secure, several of which Grayson said could be easily infected by a savvy 15-year-old hacker. “It was like, holy smokes, this is all on the Internet with no authentication?” Grayson said in an interview. “There were so many things wrong with this.” … Among the most alarmed have been pedigreed computer security scholars, who warn that a well-timed hack of a vendor that serves multiple states could be enough to cause chaos even in systems that were thought to be walled off from one another. And they say security lapses like those in Georgia reveal the ease with which hackers can slip in.
… More than 40 states use voting systems that are over a decade old, dating back to the modernization push following the 2000 presidential election debacle, when disputes over ballots cast in Florida with ambiguous markings left a split Supreme Court determining the outcome of the race. The vulnerabilities of the dated equipment are chilling, according to J. Alex Halderman, director of the Center for Computer Security and Society at the University of Michigan.
“As a technical matter, it is certainly possible votes could be changed and an election outcome in a close election could be flipped,” he said, explaining that even voting equipment disconnected from the Internet can be corrupted by compromised software that is ultimately distributed to elections officials online. “The technical ability is there and we wouldn’t be able to catch it. The state of technical defense is very primitive in our election system now.”
… Not everyone in Washington is as alarmed. The group many computer security experts say is best equipped to develop national protocols and help elections officials find and address their vulnerabilities, the bipartisan Elections Assistance Commission, is targeted for elimination by the White House and Republicans in Congress. That confounds Dan Wallach, a computer security scholar at Rice University who recently testified in Congress about election system vulnerabilities and who says a strong EAC is vital to national security, particularly as vulnerabilities in voter registration systems emerge.