Editor’s Note: Corey Nachreiner, CTO at WatchGuard Technologies, is a regular GeekWire contributor.
Over the past several years, hacking and information security have emerged from the shadows to sit center stage among society’s most prominent topics today. We see information security (infosec) portrayed in pop culture, across headlines just about every day, and now even as a major point of discussion in the impending presidential election.
Infosec is now a serious policy concern in the political arena, and hacking is talked about as a potential means for orchestrating the outcomes of this year’s election. This has left the American public with a lot of questions: How can we be sure that the election results weren’t, in fact, tampered with? Will Russia be deciding who moves into the White House? Just exactly how secure are our electronic voting machines?
So, with Nov. 8 just around the corner, I’d like to address what’s truly technically possible when it comes to election hacking. But before I do, I think it’s important to examine a few events that led up to all of the hype about hacking the 2016 presidential election.
The Democratic National Committee hack
Back in July, tens of thousands of the Democratic National Committee’s (DNC) emails and attachments were stolen and released to the public. The ensuing controversy outed conversations between key DNC staff and leadership and ultimately resulted in the resignation of DNC chair Debbie Wasserman Shultz. As with most breaches, the exact source of the DNC email leaks is hard to pinpoint. Although many believed it to be the work of Russian intelligence groups, hacker Guccifer 2.0 publicly took credit. One reason it’s difficult to attribute advanced attacks is because sophisticated threat actors like nation-states can plant “false flags” to throw investigators off the true culprit. Some security experts believe that Guccifer 2.0 could be a false flag designed to confuse the public to the true actor behind the DNC attack.
Regardless of the true source, many people considered this incident to be election hacking, but it wasn’t. The leaks included internal campaign emails, off-the-record conversations with media personnel, financial and donor information, so making them public certainly had political implications. But, at the end of the day, the DNC hack had nothing to do with hacking the voting systems themselves. Information warfare, sure. But election hacking? Not even close.
Nonetheless, the leaks ultimately resulted in new fear, uncertainty and doubt (FUD) cast on the election process as a whole.
State election database systems hacks
In June, a leaked FBI FLASH alert revealed that Arizona and Illinois’ election board websites had been hacked by unknown attackers and that voters’ information had been stolen. The alert mentioned that an unknown actor scanned the Board of Election websites for vulnerabilities and cited an incident of data exfiltration. This resulted in a panic that Russia was accessing American voters’ information in hopes of tampering with the election.
The thing is, the type of personal information housed in these databases – phone numbers, addresses, etc. – is already “public record” in many states. Individual states are able to give that same information to the DNC or RNC anyway, so why were people so concerned? It’s less about the privacy of personal information, and more about the fact that the attackers could gain access to this type of system in the first place.
The FLASH alert includes specific details on how this attack happened, the tools that were used and some of the IPs involved. The evidence included in the alert showed that these breaches were accomplished using a SQL Injection attack. Any modern website you visit has a backend database that stores your credentials, personal information, etc. If the people who code these websites don’t implement secure coding practices (which essentially limit the inputs an attacker can force on your site), attackers can gain access to any information stored in those databases.
Again, the fact that voter information was potentially stolen is concerning on a personal level for many, but does it mean that the attackers gained privilege enough to influence the outcome of the election itself? No. Furthermore, in one of the cases the hackers used attack techniques that fit more with cyber criminals than nation-state hackers. The fact that the hack involved SQL injection means that the attackers could’ve deleted the entire voter database. But even so, deleting a voter registration database would only disrupt the election if that particular online database was the state’s only record. If that was indeed the case, voters would have to re-register in order for the state to allow them to vote. This would probably be a major inconvenience, but not an election result game-changer.
All that said, the attackers behind the Arizona and Illinois voter registration database hacks did not delete the databases and didn’t access systems that would allow them to alter the results of the election.
A reality check on election hacking
As these election-related infosec events have unfolded over the past several months, people are asking, “Can the American voting system itself be hacked in a way that influences the outcome of this election?”
The short answer: It’s highly unlikely.
To be fair, security researchers have found vulnerabilities in electronic voting machines that could allow them to influence the results on that specific machine if they can get their hands on it. However, these types of proof-of-concept attacks would be extremely difficult to leverage at a large scale. Even if a group of a few hundred machines was actually compromised, paper versions of each electronic ballot often exist for the sole purpose of providing a safeguard that can be crosschecked with the digital results to identify fraud. Additionally, there is no standardized method of voting in the United States. Each state uses a different method, and there are even inconsistencies in the way votes are taken between counties within the same state.
And, while voting machines may be electronic, the vast majority of them are not actually connected to the internet. This means that an attacker wouldn’t be able to target or compromise enough machines at once to influence the election results — at least not without synchronized in-person attacks across key counties in multiple battleground states.
To summarize, the technical and logistical obstacles to election hacking are likely too great for would-be attackers to overcome. I truly believe that the only way that the attempt of – or simply the notion of — “election hacking” could have any real impact would be if the public honestly starts to believe that the whole system is rigged. Although it’s far-fetched to think anyone could hack enough voting machines to influence the outcome of this election, if attackers are able to instill enough doubt, through stunts and misinformation, they may be able to achieve some level of disruption.
The silver lining here is that all of the election-related attacks and perceived threats have sparked a much-needed dialogue about the security of our election systems. As the U.S. begins to consider taking voting online in the years to come, security by design will play an enormous role in whether or not that endeavor with be successful and secure.
