U.S. Will Try to Thwart Russian Election Hackers, But It’s Virtually Impossible
Stop Russian Election Hackers?!! FBI Report Shows How Even High Schoolers Could Do It With Downloaded Programs
The announcement by U.S. intelligence and law enforcement agencies they will be investigating the possibility of cyber-attacks on elections this November shows that the threat is a very serious one, but the systems are so vulnerable even to unsophisticated attacks that preventing the hacking of the presidential election may be impossible, warns public interest law professor John Banzhaf.
Photo by US Embassy Canada
There is a “perfect storm” – an unusual combination of at least 4 factors drastically heightening risk – heading towards our coming elections, perhaps even the presidential election, says Banzhaf.
First, one of the scariest revelations of the FBI report on the recent hacking of election systems in two states shows that the hackers did not require much sophistication or secret hacker knowhow.
On the contrary, notes Banzhaf, the intruders used COTS (common off the shelf) hacking tools widely available and easily obtained by anyone searching the Internet for “SQL Injection” (the type of intrusions used) including Acunetix, SQLMap, and DirBuster – all common hacking tools or programs easily available to virtually anyone from VPS hosting accounts in the Netherlands, Russia, and Bulgaria.
Thus, our vulnerability is not limited to a group of master hackers or foreign countries with vast resources, he notes. The FBI report shows how and why we could be hacked by teens from many countries.
The second element of the perfect storm into which our presidential election may be heading is that we use the Electoral College rather than have a direct election for the president.
Banzhaf started hacking in the late 1950s, and his technique for determining the chance that any particular voter or small group of voters could change the outcome of a presidential election – now called “The Banzhaf Index” – has been widely adopted and utilized.
That’s important, he explains, because, under our Electoral College system, any rigging/fraud/hacking which resulted in a change in even a very small number of votes, and perhaps even only a small number of votes in one individual state, could change the outcome of the presidential election, something very unlikely to occur were there to be a direct presidential election.
Election Hackers – close vote would make issue worse
He reminds us of how the 2000 presidential election was decided by fewer than 1000 votes out of almost 6 million cast in Florida. That election, with its hanging chads and long delays, focused public attention on the many problems of using punch card ballots.
A third element of the perfect storm facing the presidential election, and well as many state and local ones, is the increased use of electronic voting machines (especially where they leave no paper trail).
While some electronic voting machines do generate paper records so that some type of audit trail is available if hacking is suspected, too many do not. This can create what Wired’s Brian Barrett terms a “technological train wreck” because, if some one tampered with the machine’s software, there would be no way to prove it by comparing real votes with machine tallies.
Election Hackers – Big states cannot track the data
Reportedly Delaware, Georgia, Louisiana, New Jersey, and South Carolina use voting machines which leave no paper trail. The same is apparently true in some parts of Arkansas, Florida, Indiana, Kansas, Kentucky, Mississippi, Pennsylvania, Tennessee, Texas, and Virginia.
A third factor making the perfect storm an even greater threat is that more and more of the computers and data processing devices used in the election process are connected to the Internet.
The recent hacking of the Pentagon, the alleged hacking of the Democratic Party by the Russians, and the hacking of many large corporations such as Sony by North Korea, shows that even the most sophisticated data processing systems – with strong firewalls and up-to-date intrusion detection software maintained by experts – can be hacked if any portion is connected to the Internet.
After all, if the Pentagon, Sony, the White House, the Iranian nuclear centrifuge control system (which was reportedly not even connected to the Internet), SWIFT (the international banking exchange system), the State Department, Aramco oil company, and many other large and seemingly impregnable computer systems can be hacked, what guarantee is there that the more primitive systems in Chicago or any other large city or county aren’t at least as vulnerable.
Election Hackers – Bigger targets infiltrated
If these mighty fortresses of system security can be breached, it seems clear that many state and local systems – which do not have highly trained experts watching over them, insuring that all their software is up to date, constantly checking for malware and intrusions, etc. – are at least as vulnerable.
Actually, say some experts, even computer systems which are not connected to the Internet may be vulnerable to hacking. One way is through the use of voting cards – cards which look and act somewhat like credit cards which permit citizens to vote on voting machines into which the cards are inserted.
Simple alterations of the data recorded on such cards can permit a single voter to cast hundreds of votes on one visit to the voting machine. Depending on the software’s sophistication, the proper card in the hands of a hacker might even permit him to alter the software, change the vote totals directly, etc.
Election Hackers- internet problems
A fourth on-line vulnerability is that some states permit residents to cast their votes from home over the Internet. Thus, in addition to sending in fraudulent votes from a hacker’s computer, scammers might be able to trick voters into sending in their votes for a different candidate, or to providing scammers with the necessary information to send in a phony vote – just as scammers now get their victims to provide credit card numbers and other vital information, or even to have their computers serve as “slave” computers.
It was said in the Godfather movie that “The lawyer with a briefcase can steal more money than the man with the gun.” Today what’s even more scary is that a teenage hacker with easily available malware may be able to steal more votes than any corrupt mayor or governor.
So, to the extent that we worry (or are at least concerned) when experts warn that hackers – including those working for a foreign government – could hack into and even take over our electric distribution system, banking and stock trading computers, flight control operations, etc., we should take the threat of a hacked 2016 presidential election at least as seriously.
CNN reluctantly reports that “we’ve officially entered the era of the hackable [presidential] election.” Mother Jones reports that “the concern that somebody might try to hack voting machines no longer seems outlandish.” Politico says a computer expert remarked that if some of the more susceptible voting machines hadn’t yet been hacked, “it was only because no one tried.” Money magazine says we’ve officially entered the era of the hackable election. Wired claims that the move toward electric voting machines turned out to be a “technological train wreck.” And ABC TV News featured a piece entitled “Yes, It’s Possible to Hack the Election.”
Election Hackers – How to prepare
Ironically, some of the biggest risks could be eliminated by taking a few simple steps, says Banzhaf. Using only election machines which leave an audit trail, disconnecting election machines and related computers from the Internet, eliminating voting from home over the Internet, insisting that all voting systems be maintained with up-do-date firewalls and malware detection programs manned by experts, etc. would be important steps which could make a big difference, he says.
Banzhaf notes that Russians or other foreign powers, malicious hackers, and others don’t have to actually alter the outcome of the presidential elections to do incalculable harm. Simply casting doubt on the validity of the results, especially if the losing nominee and/or his supporters join in voicing suspicion concerning the outcome, could undermine the faith of millions in the entire election process, he says.
If some results appears suspicious, or only a few voting machine display clearly exaggerated results, or if the word “hacked” or a picture of Guy Fawkes appears on the screens of a few computers used to compile votes, disappointed voters could become very upset, and then riot or worse to express what appears to be justified outrage.
A few bytes of prevention may be more important than megabytes of attempted cure, says former hacker, well-known mathematician, and public interest law professor john Banzhaf.