There’s been a lot of talk about whether or not hacking will have an impact on the upcoming US election. Between the DNC hack, the email scandal(s), and the accusations of Russian tampering with the election, it can seem like it’s inevitable.
But what are the chances of this happening?
Well, voting is very decentralized among many different jurisdictions in the US. So most cyber security experts agree that a scenario where people vote for one presidential candidate and then have those votes changed by hackers is quite unlikely (at least at the Federal level).
What’s more likely is that hackers will attempt to create confusion and undermine the integrity of the voting system.
F-Secure’s Cyber Security Services team took a quick look at networks run by Democrats, Republicans, and the USAGov program (a federal program run by the U.S. General Services Administration). By using standard reconnaissance techniques from publically available sources, they found that all three were running outdated or vulnerable software that could allow attackers to penetrate their networks.
“All organizations do this, so this analysis just confirms what we already know – many networks are vulnerable to even basic attack techniques,” said F-Secure Security Advisor Sean Sullivan. “But none of their problems will let someone change voting results.”
Sean, who recently pointed out how the Associated Press’ apparent vote count system makes a tempting target by exposing itself on the public internet, echoes other researchers in saying that creating confusion or undermining results is a more likely scenario than ‘vote tampering.’
But that doesn’t mean the findings are anything to shake a stick at.
“The stuff we’ve found can be used to, say, interfere with get out and vote type initiatives run by parties. That certainly qualifies as a form of interference. There’s also ways for hackers to try and discredit the results. Stuff like that is what should be expected, certainly more so than having someone change votes from one candidate to another,” said Sean.
In a Danish podcast published last week, F-Secure Chief Research Officer Mikko Hypponen discussed how hacking the election isn’t about hacking voting: it’s about hacking the hearts and minds of voters.
So will hacking become a normal part of elections? Will France be struggling with these same issues next spring, when its citizens head to the polls? What about Germany next fall?
If political organizations don’t start prioritizing their security, this won’t be the last time we talk about hacking elections.
[Image by Democracy Chronicles | Flickr]
When most people rent a hotel room, security is one of the factors they take…
April 25, 2018
F-Secure invites our fellows to share their expertise and insights. For more posts by Fennel, click…
April 18, 2018