Technology

Russian Hackers Targeted 21 States, But Warnings Ridiculed

Election Officials Claimed It Was Impossible, Despite Published Explanations

More than a dozen U.S. intelligence agencies have previously confirmed that Moscow interfered in the 2016 election, but in congressional testimony today the government admitted that Russian hackers targeted election systems in at least 21 states during law year’s campaign.

Data processing
blickpixel / Pixabay

What was not clear is why so many state officials publicly tried to ridicule warnings of just such hacking attacks published long before the election, complains public interest law professor John Banzhaf, who was one of those who issued clear, detailed, and specific warnings, only to have election officials try to assure the public that such hacking was impossible.

As early as August 2016, Banzhaf published articles with ominous titles like “WARNING – This Presidential Election Could Be Hacked, Perhaps by a Foreign Power” [8/23/16] and “Hacker with Off-the-Shelf Malware Can Steal More Votes Than Any Corrupt Politician.” [8/30/16].

Indeed, at about the same time he explained how easy it was, and how even bright high school students – using simple malware programs readily available to anyone searching on the Internet – could hack an election. He even named some of the programs. For example he wrote:

“One of the scariest revelations is that both election system intrusions [about which he wrote]- one to extract data, and the other to possibly plant malware – did not require much sophistication or secret hacker knowhow. On the contrary, the intruders used COTS (common off the shelf) hacking tools widely available and easily obtained by anyone searching the Internet for ‘SQL Injection’ (the type of intrusions used) including Acunetix, SQLMap, and DirBuster – all common hacking tools from VPS hosting accounts in the Netherlands, Russia, and Bulgaria.”

Later articles such as the following made the threat crystal clear: “We Are Heading into a ‘Perfect Storm’ of Election Fraud” [9/28/16], “How Hackers Can Sabotage 2016 Election Without Changing Any Ballots” [10/4/2016], and “Yes, the Election Can Be Rigged” [10/18/2016].

Among the many problems and vulnerabilities Banzhaf cited were “the increased use of electronic voting machines”; that cards used in some systems to permit citizens to cast the votes can be easily corrupted to insert false data, systems which permit citizens to cast votes over the Internet are particularly vulnerable, and that “more and more of the computers and data processing devices used in the election process are connected to the Internet.” As to the latter danger, he warned:

“The recent hacking of the Pentagon, the alleged hacking of the Democratic Party by the Russians, and the hacking of many large corporations such as Sony by North Korea, shows that even the most sophisticated data processing systems – with strong firewalls and intrusion detection software – can be hacked if any portion is connected to the Internet. After all, if the Pentagon, Sony, the White House, . . . SWIFT (the international banking exchange system), the State Department, Aramco oil company, and many other large and seemingly impregnable computer systems can be hacked, what guarantee is there that the systems in Chicago or any other large city or county aren’t at least as vulnerable.”

Banzhaf, admittedly, is no ordinary legal writer. He explains that he began hacking in the 1950s when he was at MIT, is responsible in part for the common use of “FOO” by programmers, wrote his own programs so he could register copyrights on them to prove that they could be legally protected, and helped persuade Congress to amend U.S. copyright law to incorporate computers and data processing.