Disturbing scenarios
Tampering with registration rolls would not be difficult
Russian hackers could have taken several paths to influence the election
Russian military hackers who infiltrated the U.S. election system, according to a leaked National Security Agency report, would have had several potential avenues to influence elections, experts said.
These could have included sowing confusion and distrust among the public about the outcome of the 2016 presidential race, disrupting voting by tampering with voter rolls or planting Trojan software programs in election networks to be used at a future date.
Whether or not this happened isn’t outlined in the NSA report.
The Intercept reported Monday that Russian military intelligence executed a cyberattack on VR Systems, a Florida-based U.S. supplier of voting software, and used its account to send deceptive emails to more than 100 local election officials in the days leading up to the election last November.
The fact that broader outcomes aren’t listed doesn’t mean nothing happened, as NSA rules about information security and compartmentalization would mean they would almost certainly have been included in separate and still secret reports, said Joseph Kiniry, CEO at Free & Fair, an election security firm in Portland, Ore.
The report says the Russians, specifically the Russian General Staff Main Intelligence Directorate, tried to attack the machinery of the election itself.
Affecting voter registration rolls would not be difficult, experts said. Though election systems are usually county- or even municipality-based in the USA, under federal law, each state must create a list of potential voters. Disruptions to those lists could have been used to launch large scale purging of voter rolls.
Most polling places keep a limited number of provisional ballots on hand, and that could have re- sulted in a meaningful number of voters being unable to cast their ballots, said Harri Hursti, a cofounder of Nordic Innovation Labs, which provides cyber audits of election systems. In 2005, he showed it was possible to hack into a Diebold voting machine and change vote tallies, a technique known as “the Hursti Hack.”
No specific evidence of such attacks has emerged.
North Carolina did report malfunctions of laptops used to verify voter registration in key jurisdictions, resulting in long lines and waits as polling places ran out of provisional ballots. The state elections board extended voting hours up to an hour at eight precincts in Durham County.
The state was one of the most tightly contested between the two presidential candidates in the weeks leading up to the election.
According to the NSA report, the Duram County voter registration lists were run by VR Systems.
The attack described in the NSA report could easily have been used to install Trojan programs into election system computers. These are programs that appear innocuous and lie in wait until called upon to act by whoever planted them.
“If it were me, I’d wait until we got close to a big election, and I could determine which jurisdictions mattered. Then I would infect machines in those areas and manipulate the vote tallies, taking into account local election laws and what triggers a recount — and making sure the outcomes were realistic in their potential swings,” Kiniry said.
None of the techniques required for this type of hacking would be especially hard for a reasonably sophisticated nation state, said Alex Halderman, an expert on electronic voting and voting system security at the University of Michigan.
North Carolina reported malfunctions of laptops used to verify voter registration.