The possibility: Could Hackers Change Our Election Results?

The possibility: Could Hackers Change Our Election Results?
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

“Malicious hackers motivated by a desire to undermine the public’s confidence in the nation’s voting process could exploit both new and old vulnerabilities to carry out cyberattacks on electronic voting systems and databases containing voter information, security experts say. States have generally failed to correct the vulnerabilities in their e-voting systems that security experts identified nearly a decade ago. These vulnerabilities include weak encryption and poor authentication, as well as common security flaws such as buffer overflows and SQL injections. Security researchers warn that hackers could break into e-voting databases such as those being used by Washington state and Maryland to change the addresses of certain voters in order to disenfranchise them. If that happens and it is evident that the validity of an election has been compromised, it could undermine the public’s confidence in the voting process, says RSA Conference program committee chairman Hugh Thompson. However, Viewfinity CEO Leonid Shtilman says it would be difficult for hackers to change the results of elections by attacking voter databases and electronic voting systems, since information stored in databases is synced in several different locations and can be compared for missing or altered data.”

Dark Reading: “In Washington’s case, the state’s co-director of elections, Shane Hamlin, told the New York Times in an investigative piece on the security of its voter database that the government’s IT staff would be reviewing transaction logs for unusual activity. But depending on when improprieties were found, particularly after the fact, it could have extreme civic consequences. One of the biggest dangers of voting-related cybercrime is its undermining of voter confidence, says Dr. Hugh Thompson, program committee chairman for RSA Conference and a participant in the 2006 HBO documentary Hacking Democracy.

“Interestingly, the wrong person winning is not the worst thing that can happen,” he says. “The real worst case is a hacker proving that the vote was compromised and ultimately undermining the entire voting process.”

He warns to just look at the hanging chad controversies of the 2000 election as a barometer of how an e-voting issue could impact the economy and citizen confidence in government engagement.

“It would impact the stock market and erode confidence in the entire system, which is a real motivator for organizations that want to attack critical infrastructure,” he says.

A long-time researcher into the vulnerability of electronic voting systems, Thompson is one of many who warn that the potential for hacks extend well beyond voter databases. He warns that many of the same vulnerabilities that existed back in 2006 still stand today, while hacking itself has greatly evolved.

Internet Voting: Will Democracy or Hackers Win?

“For the first time, technology is allowing groups of disgruntled people to become empowered. These groups are organized, collected, and collaborative, with a means to get their message and point across through attack tools, like DDoS, that were not possible in 2008,” he says.

A check on the OSVDB shows listings for 218 vulnerabilities in various election voting systems, warns Space Rogue, threat intelligence manager for SpiderLabs at Trustwave, who says the flaws involve everything from weak encryption to poor authentication or even voter information leakage. It is critical to remember that these machines aren’t that much different than other computer systems that require proper hardening.”

Source: Dark Reading via ACM Technews / Videos added by Cap Falcon
Photo CreditsYou can steal my signs…but you cannot steal my vote! By chrisfreeland2002 Chris Freeland /FlickR