A report released Tuesday by the Institute For Critical Infrastructure Technology claims to confirm the alarmist rhetoric being touted by the Trump campaign: Elections can be rigged and as the report puts it: “Yes, hacking elections is easy.”
While that might seem alarmist, it’s well-timed, given news Monday that the FBI is investigating cyberattacks on registration systems in Arizona and Illinois are currently under investigation by the FBI. While the Arizona attack was unsuccessful in stealing data, the one in Illinois resulted in the system being down for ten days while data for some 200,000 voters was stolen.
“An 18-year-old high school student could compromise a crucial county election in a pivotal swing state with equipment purchased for less than $100, potentially altering the distribution of the states electoral votes and thereby influencing the results of the Presidential election,” the report, which was commissioned by Hewlett-Packard Enterprise, reads.
Hewlett-Packard sells cybersecurity services but is not involved with voting machine technology.
“We initially just expected to find vulnerabilities in a few regions or machines, but what we found is that the entire process was vulnerable,” James Scott, co-author of the paper and senior fellow at ICIT, tells Inverse. “All you have to do is focus on the swing states and you’re in.”
He said that iPhones have more security measures than most voting machines.
“For the past decade security through obscurity was the mantra,” Scott says, explaining that no one thought hackers would bother figuring out how the black box-based machines worked.
However, modern hacking involves a lot more than just cracking black boxes. Local voting machines are often stored in low-security storage and can easily be manipulated using as little as a razor blade, acetone, and a USB drive, Scott says.
As the report points out, the hacking of voting machines isn’t the only threat to the outcome of an election. In July, Russian hackers gained access to both Democratic National Committee emails and the Clinton campaign’s servers.
With the increased threat of cyber attacks on national security, more and more experts are speaking out about the repercussions of the government’s outdated systems. While Trump’s campaign may have insisted his call for Russian hackers to leak information from the Clinton campaign was merely “sarcastic,” Scott says the notion of foreign hackers meddling with the election isn’t far-fetched.
As for old-fashioned paper ballots, Scott rebukes the idea that they could be a more secure alternative. “Before digital exploits, there were paper ballots that ended up in dumpsters,” he tells Inverse. “They were the precursor to the vulnerability that we find ourselves in now.”
In a briefing with the press, Ken Menzel, General Counsel for the board, said that most of the states voting machines were not connected to the internet which reduces risk for hacking.
Scott tells Inverse that the vast majority of “exploits are technical and physical which means that they don’t need an internet connection to manipulated.”
With the general election 69 days away, Scott says the best hope is better training of poll volunteers in cyber security, though ultimately the entire system needs to be overhauled.
“What we’re hoping is that this becomes a talking point that people that election boards and facilities will take seriously.”
The ICIT will release the second part of the report, which outlines specific scenarios for systems currently in use, on September 5.