Voting systems are under attack
Digital threats to our election system didn’t begin with Russia, and they certainly won’t end with Russia either. Over the next few years, local governments across the US can expect to be targeted by a diverse range of malicious actors, from state-sponsored hacking teams to criminals, hacktivists and opportunists, who could use a wide range of tactics in an attempt to disrupt or influence an election process, or even to extort local governments.
The greatest risk to election integrity is the insecurity of electronic voting systems. As of November 2016, the Pew Research Center estimated that just over a quarter of American voters relied on direct-recording electronic (DRE) voting machines. DREs are often riddled with flaws, ranging from outdated operating systems to inadequate encryption, little to no protection against physical tampering and an inability to investigate breaches.
For this reason, local governments must proceed carefully when utilizing electronic voting systems.
Here is what they need to know:
Why are DREs insecure?
DREs are rudimentary devices in many cases, with inadequate security controls. There are numerous devices on the market, so each case is unique, but in general they often run on older Windows systems (like Windows XP, which Microsoft stopped supporting in 2014), contain USB ports which aren’t adequately protected from tampering, and lack sufficient logging to identify malicious activity on the device. They may also contain weak encryption, default passwords from the manufacturer that can’t be changed and so on.
While it is often claimed that DREs are “air-gapped,” or disconnected from the internet, this is not always true, as in the case of the AVS WinVote Touchscreen DREs which used an insecure WEP wireless connection and were decertified by Virginia in 2015. It has also been reported that remote access software was found to be installed on certain voting machines, which eradicates any air-gap defense and exposes the device to considerable risk.
How hackers can target a DRE
Hackers will essentially be looking to do three things when attacking a voting machine: gain remote access (with administrative controls) to the device; intercept data to and from the DRE from local or central servers; and/or gain a foothold on the device through a malicious implant.
How they will accomplish these goals really depends upon the specific machine and it’s setup by the local government. However, a few tactics that may be used include: stealing the remote access credentials from election employees or contractors; pushing malware directly to the DREs if they are connected to a main network and, if not, doing so indirectly by infecting thumb drives, laptops and other devices that may be used to service them; compromising the software update process by hacking the vendor; man-in-the-middle attacks on the WiFi connection, if any exists; or through the use of a ‘malicious insider’ who has direct access to the machines.
The central databases that tally and manage the DRE results are also exposed and vulnerable – and these would also make an attractive target for attackers, with an even greater impact than hacking a single voting machine.
An inconvenient truth
America’s election process is highly decentralized, relying as it does upon a patchwork of different locally selected and managed voting system technologies, processes and standards. Although this patchwork system does make it harder for a single adversary to coordinate a nation-wide election interference campaign, it also means that individual voting jurisdictions are weak and easy to compromise.
Local governments cannot be expected to compete with a well-resourced adversary such as a nation-state. Even smaller criminal groups can pose serious challenges to election systems with conventional attacks using ransomware and distributed denial-of-service (DDoS).
Nation-state level threats require a nation-state level response. For this reason, we need stronger federal oversight that establishes strict standards for voting machines, accredits systems in each state and aggressively monitors for any potential threats.
Under the current system, DREs without a solid security program around them to protect against attacks can become highly vulnerable quickly. Local governments need the appropriate funding and expertise to secure these systems. At a minimum, a paper record backup should be included with any electronic voting system.
David Kennedy is CEO of TrustedSec, a white hat hacking firm for government, critical infrastructure and Fortune 100s.