Shocked? Hacking Voting Machines is ‘Easy’ According to Experts

I’m not shocked. The DEF CON cybersecurity conference brought in 30 voting machines for attendees to play with. How many were hacked?


“It took me only a few minutes to see how to hack it,” said security consultant Thomas Richards, glancing at a Premier Election Solutions machine currently in use in Georgia.

(Source: The Hill)

My response to this is: well, duh.

These security conferences held in Las Vegas typically feature a mix of “black hat” and “white hat” hackers, meeting semi-anonymously in a temporary truce in order to compare notes on the latest vulnerabilities in our electronically-enhanced world. This is one of those places where you’d be a fool to bring in a smartphone with WiFi enabled–it would be remotely hacked within minutes.

Electronic voting machines were designed with older technology, for a specific purpose. They display a ballot, record a vote, and tabulate. Slot machines are far more advanced than voting machines (and far more difficult to hack).

The machine that Richards learned how to hack used beneath-the-surface software, known as firmware, designed in 2007. But a number of well-known vulnerabilities in that firmware have developed over the past decade.

Any of these hackers would quickly be able to identify and exploit the vulnerabilities in individual voting machines. But the best protection these machines have is their lack of connectivity. Machines such as the ones Georgia uses print individual tapes and do not connect to a larger network.

That makes it harder for hackers to access the machines. But not impossible.

Taking care to properly “store machines, set them up, [and] always have someone keeping an eye on machines,” [CyberScout consultant Eric Hodge] said, can mitigate a wide array of security problems.

Merely following suggestions such as Hodge’s (he consults with Kentucky’s Board of Elections) might protect the machines for the short run, but in the long run a determined hacker (or state-sponsored effort) will eventually beat security (many election workers tend to be older, retired and not so technology-savvy).

Once a vulnerability is found and an exploit is crafted, it could be packaged into the memory cards given to voters, or introduced by specific “voters” to infect the machines. Hackers are very ingenious about these things. Even if only 5 or 10 percent of voting machines in key districts are infected, that can swing an entire election.

Imagine how easy it would be for hackers to defeat an Internet-based election system?

The answer is found in that old saw:  a good offense is the best defense. We can’t just dust off election machines a few times a year, use them and pack them away. We must be at least as vigilant as Las Vegas casinos are with their slot machines.

I’m not shocked in the least.

Is Electronic Voting Rigged?

Time to fess up. I’ve never been a big fan of electronic voting machines.

As a country, we do billions, maybe trillions, of dollars of commerce every day, most of it over electronic systems. If we can do that, why can’t we vote that same way? Because unlike the money system, there is no receipt or paper trail on these machines. I get no piece of paper telling me that my vote counted and that it was accurately recorded. When I go to the bank to make a deposit, I get a receipt. I can even pull it up online and check to make sure that the bank gave me credit for my deposit. Not so when it comes to electronic voting.

Were I interested in cheating my way to an election win, I’d rig the voting machines. Oh, who’d do that you say? Anyone interested in grabbing power is my answer. Capt. James T. Kirk beat the Kobayashi Maru test by changing the program. He didn’t cheat, instead he changed the program because he didn’t believe in a “no win” scenario. He always believed there was a way out. But while that might work at Star Fleet Academy, it’s not so good when applied to elections.

It has recently been revealed that George Soros, a uber-wealthy socialist and big supporter of Democrats, may own an interest in voting machines used in sixteen states. This allegation arose of the result of a Wikileaks email hack, which was quickly attacked by Dems as being the fault of the Ruskies. When sources reveal that Republicans have been up to the usual dirty tricks, or women come forward with 20 year old allegations, the Dems have no problem with believing the credibility of those accusations. But let emails, hacked from Clinton campaign chair John Podesta’s email come out, and somehow it’s not fair to even discuss those. The Dems say it’s like breaking into someone’s house and discovering their secrets, then revealing the same. But I digress.

So back to Soros. Maybe he owns or controls 50,000 voting machines, maybe he doesn’t. I just don’t like the system of no checks and balances. During the “hanging chad” farce that was Gore v. Bush in 2000, at least there was something to look at, to examine, to contest. Today, how could that be done? If, and that’s a big if, “if” the election came down to my vote and the machine says I voted for X but I insisted I voted for Y, how would an objective outsider ever know?

In Ireland, which you’ve probably heard I just visited, they still do paper ballots. They do a thing called a transferrable vote, that is, you vote for your first choice, then second choice, third choice and on down the line. One, it’s on a piece of paper. Two, it’s the end of runoffs. Three, while it may take a bit longer to tabulate, it’s accurate.

Yet we persist in electronic voting that is ripe for corruption, manipulation and fraud. Sometimes just because you can do something doesn’t mean you should. This, to me, is one of those times.