Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Hacking an election is about influence and disruption, not voting machines

Steve Ragan | Oct. 6, 2016
Election systems have problems, sure, but voters are the larger, softer target

This is where the problem, and the reality of hacking an election, begins to unfold.

Target the systems running the vote:

"The biggest obstacle for hackers seeking to rig the vote count is the lack of standardization for electronic voting mechanisms across states, which may have very different systems," said Rook Security's Security Operations Leader, Mat Gangwer.

"The decentralization of a common voting standard contains the damage if attackers were to compromise a particular system. In order to be successful enough to influence a national election, hackers must carefully select where and what to attack. At a macro level, hackers only need to focus on the handful of battleground states that are likely to influence the winner."

Another key element would be the need to focus on areas that lack an auditable trail of paper ballots and large population centers that could conceivably “experience” a swing in votes large enough to matter at the state level. An election with high-expected voter turnout would also serve as cover.

A sad fact, referenced by the FBI, is that the election process is secured by obscurity. It's so "clunky and dispersed" that hacking the infrastructure directly makes the task of hacking an election nearly impossible.

Target the campaigns directly:

"It is no small feat to steal an election but, it is not beyond the realm of possibility," said Dave Lewis, security advocate for Akamai, and CSO Online blogger.

No matter what, he added, the effort would require a prolonged campaign to collect information on their target.

"The attackers would probe the defenses of the other party looking for any low-hanging fruit such as poorly secured systems. Once the homework has been done, they will attempt to comprise systems listed from their research," Lewis said.

"The goal here will be to collect as much information as they can gather from the other campaign such as campaign strategies, voter lists, emails. The point here is to be able to counter the moves of the opposite candidate on the political stage. Knowing the game plan in advance would not hurt for the attackers. As well, being able to leak internal communications can be used in an attempt to discredit the target candidate."

In addition to all of that, the attackers would also need to run a focused social media campaign to help sway public opinion.

"We have seen that sort of activity in the current US election as well as in the elections of other countries," Lewis added.

Polling data can also be a source of influence as a means to compromise an election.

"If I were a hacker, I wouldn't hack the voting systems. I'd wait until the data were aggregated from the polls and then hack that data. Leading up to the elections a lot of attention is on polls - if the data on the polls can be manipulated or lost, it would create chaos in the campaigns and reduce trust in the final election outcome," said Amol Kabe, vice president of product management at Netskope.


Previous Page  1  2  3  4  5  Next Page 

Sign up for CIO Asia eNewsletters.