Just weeks ahead of the crucial US midterm elections, security experts are warning that America’s voting systems are still vulnerable to being hacked.
Attackers could manipulate the outcome of November’s votes which will establish the support that President Trump has in Congress for the rest of his term, according to those warnings.
A 50-page report produced by the organisers of the DEF CON hacker convention has been published alongside a complaint that Congress is not doing enough to protect voting systems.
That criticism follows a bipartisan bill known as the Secure Elections Act, which intends to promote cyber security around elections, failed to be made law by Congress in time to affect the midterms.
Among the multiple vulnerable machines and systems to be used in the midterms is one that is “currently used in 23 states [and] is vulnerable to be remotely hacked via a network attack”.
The report said this was “because the device in question is a high-speed unit designed to process a high volume of ballots for an entire county, hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election “.
There are many different ways that attackers could attempt to influence an election, some of which would be easier to detect than others.
Some hybrid attacks could suppress voter registrations by attacking the registration websites, while others could seek to promote a preferred candidate by attacking their rivals.
In July, the US charged a dozen russian Intelligience operatives with hacking into the computer networks of the Democratic National Committee (DNC) as well as Hillary Clinton’s presidential campaign as part of the Kremlin’s influence campaign during the 2016 US presidential election.
There are also more direct, if also easier to detect, attacks which could manipulate the counts from the machines themselves.
Even if such attacks were detected, they could significantly undermine trust in the electoral process – something which the US stated was a key motive in Russia’s interference attempts during the country’s 2016 election.
According to a declassified US Intelligence Community Assessment, the Kremlin “unsuccessfully” attempted to promote the election of Donald Trump; unsuccessfully because the intelligence community did not find evidence that the Kremlin’s efforts changed the result.
The ongoing scandal regarding the interference and questions regarding whether it was effective continue to form part of the investigation being undertaken by special counsel Robert Mueller.
Curiously under the UK interpretation of International law to cyber activities, because Russia’s election interference was unsuccessful it does not meet the threshold for a forceful response. The US has not set out its legal approach to cyber conflicts, however.
The researchers add: “Another machine used in 18 states was able to be hacked in only two minutes, while it takes the average voter six minutes to vote. This indicates one could realistically hack a voting machine in the polling place on Election Day within the time it takes to vote.”
According to the declassified assessment: “Russia’s goals were to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency.”
However, it also recorded that the Department for Homeland Security did not assess that Russian hackers “targeted or compromised” types of systems involved in vote tallying.
In August, Microsoft claimed it had disrupted a Russian attempt to interfere with the midterm elections.