LAS VEGAS — Election officials and voting machine manufacturers insist that the rites of American democracy are safe from hackers. But people like Carten Schurman need just a few minutes to raise doubts about that claim.
Schurman, a professor of computer science at the University of Copenhagen in Denmark, used a laptop’s Wi-Fi connection Friday to gain access to the type of voting machine that Fairfax County, Virginia, used until just two years ago. Nearby, other would-be hackers took turns trying to poke into a simulated election computer network resembling the one used by Cook County, Illinois.
Elsewhere, a gaggle of hackers went to work on a model still used in parts of seven states, as well as all of the state of Nevada. Though the device was supposedly wiped before it was sold by the government at auction, the hackers were able to uncover the results the machine tallied in 2002.
They were among the hundreds of cybersecurity experts who descended on “Voting Village,” one of the most talked-about features of the annual DEF CON hacker conference. In a cramped conference room, they took turns over three days cracking into 10 examples of voting machines and voter registration systems — a reminder, they say, of the risks awaiting upcoming U.S. elections.
“I could have done this in 2004,” said Schurman, who could gain administrative-level access to the voting machine, giving him the power to see all the votes cast on the device and to manipulate or delete vote totals. “Or 2008, or 2012.”
In the wild, he estimated, it would take him about a minute to break in.
Anne-Marie Hwang, an intern at the digital security firm Synac, demonstrated that by bringing a generic plastic key to mimic the ones given to poll workers and plugging in a keyboard, she could simply hit control-alt-delete and enter the voting machine’s generic password to gain administrative access.
The lesson: “The bad guys can get in,” said Jake Braun, a panel moderator at the conference who advised the Department of Homeland Security on cybersecurity during the Obama administration.
And that means election officials must acknowledge that no security is foolproof. Instead, Braun said, they need to adopt the private sector model of working to better detect and minimize the effect of successful cyberattacks rather than trying to become impenetrable.
“‘Unhackable’ is absurd on its face,” Braun said. “If the Russians and Chinese and whoever else can get into NSA and Lockheed Martin and JP Morgan, they absolutely can get into Kalamazoo County or the state of Ohio or the [voting machine] vendor.”
Already, the country has seen Moscow-backed hackers attack the 2016 U.S. election in what intelligence officials said was a widespread digital meddling campaign orchestrated by Russian President Vladimir Putin. According to U.S. officials, the Kremlin’s digital spies targeted at least 21 state voter registration systems and successfully infiltrated at least two, Arizona and Illinois. On Election Day, the White House staff was so worried about Russian hackers tampering with the actual voting process that it drew up a 15-page contingency plan that included potentially deploying the military and National Guard.
But Nov. 8 came and went with no indication that any votes were altered, a point U.S. officials stress regularly. Voting security experts caution, though, that the country doesn’t have the mechanisms in place to make such a definitive conclusion.
“One thing that’s been very unfortunate in the way a lot of election officials have talked about the breaches is saying the phrase we have no evidence that X, Y, or Z happened,” Braun added. “However, the real answer is they have no idea what happened, or [way] of knowing. I’m not suggesting votes were switched or voters were deleted from voter files, but the point is the security is so lax and so bad that they have no way of going back and doing the forensics and saying one way or the other.”
Federal and state officials argue that it would be extremely unlikely for hackers to manipulate vote tallies. Voting machines are not connected to the internet and many states collect voter registration information at the county level, providing a backup to confirm the veracity of the statewide database. Basically, the system is decentralized and lacks key internet links, they say.
Before the 2016 election, former FBI Director James Comey assuaged fears by telling Congress that the system was so “clunky” — comprised of a mishmash of different kinds of machines and networks, with each state’s results managed by a consortium of state and county officials — that its overall integrity was fairly safe.
Election security advocates aren’t as confident. Barbara Simons, Board Chair of Verified Voting, a nonprofit that since 2003 has studied U.S. elections equipment, said that the vulnerabilities on display in Las Vegas only served to reiterate a need for the country to adopt a nationwide system of verifiable paper ballots and mandatory, statistically significant audits.
While numerous states have starting moving in this direction, Simons worries it’s not enough.
“Nobody’s done a really thorough examination,” Simons said. “Even where there are paper ballots, most ballots haven’t been checked to see if there was any hacking or intrusion, so even if security people didn’t see any outside hacking occurring on Election Day, things could have been attacked earlier.”
Verified Voting, Simons said, plans to partner with Braun and several other groups that have not yet been named to aggressively campaign for increasing DHS grants that would pay for states to make specific upgrades to their election security systems.
“It’s actually pretty cheap to do it,” Braun said, putting the price tag at $500-600 million.
A significantly more secure election, while relatively difficult to implement, doesn’t need to be complicated, Simons said.
“We know how to protect ourselves against Russian hacking,” she said. “Paper ballots and post-election ballot audits before the results are certified. That’s what we need across the country. It’s a straightforward solution.”