• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • Daily Security Bytes
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Should We Expect Direct Voter Fraud Via Election Hacking in 2018?

October 25, 2018 By The Editor

 

I Voted stickerAs we approach the 2018 midterm elections, you’re probably hearing a lot about how vulnerable the U.S. voting system is to malicious hackers. CBS even has a weekly series about the “cyberthreats and vulnerabilities of the 2018 midterm elections.” While election hacking is possible (and it’s good that more people are paying attention to that possibility), the truth is a little more nuanced. The risk of actual voter fraud in the 2018 election resulting from election hacking is extremely low. Here’s why.

While it’s true that election machines are hackable, the wide range of voting methods used across the USA means that the chance of an attack altering actual vote counts and affecting the outcome of an election is practically zero. Voting methods are not standardized across the U.S. For example, in the State of Washington where WatchGuard is headquartered, we can vote by mail. Many states use Direct Recording Electronic (DRE) systems that record votes directly into a computer’s memory (these are what we usually think of as “voting machines”), but many states still use paper ballots or keep paper records of votes as a fall-back method to verify the electronic vote counts. You can see a list of voting methods by state here. Also, many states have been developing more thorough methods of detecting and preventing hacking attempts since 2016. Committing voter fraud in 2018 would need to be a massive, coordinated effort spanning multiple states and affecting multiple methods of voting –  much more complicated than hacking a few networked voting booths.

In August of 2018, penetration testers found several software vulnerabilities in voting machines during an event at the hacking convention DEF CON. While it’s true that vulnerabilities exist in voting machines, the hackers at DEF CON had full physical access to the machines. This makes them much easier to hack, since the attackers can try to manipulate physical ports to gain access, or look through the insides of the machines to guess how they work. Having physical access to voting machines in the real world is much less likely. Voting machines are also not usually networked from precinct to precinct, so to actually change vote totals a team of hackers would need to surreptitiously open up dozens of voting machines across dozens of locations and muck around inside of them without anyone noticing – not a likely scenario. A hacker could potentially focus on key districts in key battleground states to reduce the number of machines that would need to be breached, but the logistics required for such a plan make it highly impractical.

It’s far more likely that hackers will affect the 2018 election by spreading propaganda online (like what Russia did in the 2016 presidential election), by stealing and leaking sensitive or politically damaging material, or by accessing and modifying voter registration records. In a bit of a catch-22, the only way to improve election security overall is to standardize the electronic voting systems used across the country. This makes a hack more likely since it gives attackers a single target to aim at, but picking a single voting systems will allow security experts to focus on making that system as secure as possible.

For more information on election hacking, look at our 2018 security prediction on that topic and some recent news about political phishing campaigns on Secplicity.

Share This:

Related

Filed Under: Editorial Articles, Featured

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • USA’s Answer to GDPR
  • Rolling PWN
  • Hacker Summer Camp 2022

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Hacker Summer Camp 2022
  • Private Sector Offensive Actors
  • USA’s Answer to GDPR
  • Rolling PWN
  • Over a Billion Records Leaked in Shanghai National Police Database Hack
View All

Search

Archives

Copyright © 2022 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use