Has Rus­sia al­ready laid the ground­work for elec­tion tam­per­ing?

Newsweek - - Contents - BY DAVID H. FREEDMAN @dhfreed­man

The 2018 Midterms Hack

it’s not easy to get in to see di­ane El­lis-marseglia, one of three com­mis­sion­ers who run Bucks County, Penn­syl­va­nia. Se­cu­rity is tight at the Gov­ern­ment Ad­min­is­tra­tion Build­ing on 55 East Court Street in Doylestown, a three-story brick struc­ture with no win­dows, where she has an of­fice. It also hap­pens to be where of­fi­cials re­treat on elec­tion night to tally the votes recorded on the county’s 900 or so vot­ing ma­chines. Guards at the door X-ray bags and scan each vis­i­tor with a wand.

Un­for­tu­nately, Rus­sian hack­ers won’t need to come call­ing on Elec­tion Day. Cy­ber­ex­perts warn that they could use more so­phis­ti­cated means of chang­ing the out­comes of close races or sow­ing con­fu­sion in an ef­fort to throw the U.S. elec­tions into dis­re­pute. The 2018 midterms of­fer a com­pelling tar­get: a patch­work of 3,000 or so county gov­ern­ments that ad­min­is­ter elec­tions, of­ten on a shoe­string bud­get, many of them with out­dated elec­tronic vot­ing ma­chines vul­ner­a­ble to ma­nip­u­la­tion. With Democrats on track to take con­trol of the U.S. House of Rep­re­sen­ta­tives and per­haps even the Se­nate, the po­lit­i­cal stakes are high.

Rus­sian hack­ers were no­to­ri­ously ac­tive in the 2016 elec­tion. Al­though Pres­i­dent Don­ald Trump dis­putes it, ev­i­dence sug­gests that they were re­spon­si­ble for break­ing into the Demo­cratic Na­tional Com­mit­tee’s com­put­ers, ac­cord­ing to U.S. in­tel­li­gence re­ports. They ran a dis­in­for­ma­tion cam­paign on Face­book and Twit­ter. They also at­tacked voter reg­is­tra­tion data­bases in 21 states, elec­tion man­age­ment sys­tems in 39 states and at least one elec­tion soft­ware ven­dor—and that’s only what the gov­ern­ment’s in­tel­li­gence ser­vices know about.

Al­though there’s no ev­i­dence that th­ese at­tacks re­sulted in di­rect changes in vote tal­lies, cy­ber­se­cu­rity ex­perts fear that the Rus­sians may have al­ready made in­roads into the U.S. elec­tion sys­tem, in­clud­ing plant­ing mal­ware—ma­li­cious com­puter pro­grams—in the vot­ing ma­chines them­selves. States and coun­ties have re­acted so slowly to the threat that se­cure vot­ing ma­chines aren’t go­ing to be in place un­til 2020, giv­ing the Rus­sians an in­cen­tive to strike in 2018, while they can.

The re­sult could be a his­toric for­eign at­tack on the very me­chan­ics of U.S. democ­racy, says David Hick­ton, a for­mer U.S. at­tor­ney who fo­cuses on cy­ber­crime. “This is an as­sault on our sovereignty. Rus­sia’s hack­ing ar­chi­tec­ture is al­ready in place here. The only ques­tion now is, What are we go­ing to do about it?” Early in Oc­to­ber,

Hil­lary Clin­ton com­pared Rus­sia’s cy­ber­in­flu­ence on our elec­tions to the events of 9/11. “We have been at­tacked by a for­eign power,” she says, “and have done noth­ing.”

The U.S. cer­tainly hasn’t forced the Rus­sians to look hard for places to strike. The midterm elec­tions are rich in tar­gets. Bucks County is hardly unique in re­ly­ing on eas­ily hacked vot­ing ma­chines, whose re­sults could de­ter­mine con­trol of Congress or in­di­vid­ual states. About 30 per­cent of Amer­ica’s vot­ing ma­chines are as out­dated and nearly un­pro­tected as those in Bucks County, says Mar­ian Sch­nei­der, a for­mer Penn­syl­va­nia deputy sec­re­tary for elec­tions and ad­min­is­tra­tion and now pres­i­dent of Ver­i­fied Vot­ing, a na­tional elec­tion-in­tegrity ad­vo­cacy group. Bal­lot­pe­dia, a non­profit web­site that tracks elec­tions, lists nearly 400 con­gres­sional and top state of­fi­cial races this Novem­ber as com­pet­i­tive enough to be con­sid­ered bat­tle­ground con­tests.

Bucks County is typ­i­cal, in many ways, of the dis­tricts that hack­ers would likely tar­get. For one thing, it’s a swing dis­trict in a swing state. In 2016, Trump edged out Hil­lary Clin­ton in Penn­syl­va­nia by about 45,000 votes—less than 1 per­cent. Just last March, Demo­crat Conor Lamb beat Rick Sac­cone by fewer than 800 votes in a spe­cial elec­tion for a House seat in the state’s 18th Dis­trict, near Pitts­burgh. Races in dis­tricts next to Bucks County’s have been de­cided by as few as tens of votes, and more than once. Some lo­cal elec­tions in the county have ended in ties.

The midterms in Bucks County will be close. Bucks makes up most of Penn­syl­va­nia’s 1st Dis­trict, where Repub­li­can Brian Fitz­patrick faces off against Demo­crat Scott Wal­lace in a race for U.S. rep­re­sen­ta­tive. Be­cause dis­trict lines were re­cently re­drawn to com­ply with a court or­der, nei­ther candidate is an in­cum­bent. Polls sug­gest the con­test may well be set­tled by just hun­dreds of votes.

An­other rea­son Bucks may be a tar­get is its vot­ing tech­nol­ogy. The county re­lies on the Shoup­tronic 1242, an elec­tronic vot­ing ma­chine de­signed in 1984, be­fore hacker re­ferred to a ma­li­cious com­puter pro­gram­mer. A Shoup­tronic looks like an an­cient desk­top PC blown up to the size of a re­frig­er­a­tor, with push but­tons in­stead of a dis­play screen. When a ci­ti­zen goes be­hind the cur­tain and hits the “vote” but­ton, the Shoup­tronic stores the re­sult elec­tron­i­cally on what is es­sen­tially a 1980s-vin­tage video-game car­tridge. After the polls close, of­fi­cials go around to the 900 or so Shoup­tron­ics ma­chines set up in churches, schools and other polling places around the county, gather all the car­tridges and bring them to 55 East Court Street. There, be­hind the sturdy brick walls, they load the car­tridges, one by one, into a reader, which tal­lies the vote.

Mak­ing sure each vote gets counted is a big part of El­lis-marseglia’s job. She is aware of the threat from Rus­sian hack­ers, but she seems con­fi­dent that res­i­dents’ votes will be safe. “I do worry about the safety of the elec­tion over­all in the U.S.,” she says. “But not here. There’s no rea­son for con­cern with any of our ma­chines. Our ma­chines aren’t con­nected to the in­ter­net, so I don’t see the prob­lem.”

The county’s chief in­for­ma­tion of­fi­cer, Don Jacobs, a for­mer IT ex­ec­u­tive in the real es­tate in­dus­try, also stresses the lack of a di­rect on­line con­nec­tion to the vot­ing ma­chines. “The vote count is on a car­tridge that’s man­u­ally car­ried to a reader, and that reader isn’t con­nected to the in­ter­net ei­ther,” he says. “It’s a se­cure sys­tem.”

But cy­ber­se­cu­rity ex­perts say this con­fi­dence is mis­placed. “Are you kid­ding me?” says Hick­ton, who co-chairs the Blue Rib­bon Com­mis­sion on Penn­syl­va­nia’s Elec­tion Se­cu­rity and di­rects the Univer­sity of Pitts­burgh’s In­sti­tute for Cy­ber Law, Pol­icy, and Se­cu­rity. “You can’t bury your head in the sand and say th­ese ma­chines are safe be­cause you lock them in a closet be­fore the elec­tion. Any­one who says that lacks un­der­stand­ing of the cy­berthreats.”


Even though Bucks County’s Shoup­tron­ics aren’t wired, hack­ers have sev­eral ways of com­pro­mis­ing them. The most di­rect and ef­fec­tive way would be to re­place a com­puter chip in the ma­chine that holds in­struc­tions on what to do when vot­ers press the but­tons with one that holds in­struc­tions writ­ten by hack­ers. When this chip is work­ing prop­erly, it en­sures that a voter who presses the but­ton next to Mary Smith’s name ac­tu­ally reg­is­ters a vote for Mary Smith. A hacked chip could be pro­grammed to add that vote to the ri­val’s tally in­stead. Or, to avoid de­tec­tion, it might switch only one in five votes for Mary Smith to her ri­val.

Or it could sim­ply fail to reg­is­ter a vote for ei­ther candidate. This tech­nique is called “un­der­vot­ing,” be­cause it im­plies that the voter chose to not

It’s pos­si­ble the Rus­sians per­fected their at­tacks on elec­tronic vot­ing ma­chines in the 2016 elec­tions with­out tip­ping their hand.

vote for ei­ther candidate, which vot­ers some­times do. To fur­ther avoid pre- and post-elec­tion tests, the hacked chip could be pro­grammed to be­have per­fectly cor­rectly for an hour or so on elec­tion morn­ing, when pre­elec­tion test­ing is typ­i­cally done, and also to stop mis­be­hav­ing just be­fore vot­ing ends, so post-elec­tion test­ing won’t turn any­thing up.

Swap­ping a chip would re­quire phys­i­cal ac­cess to the ma­chines, ei­ther some­time be­fore Novem­ber 6 or on Elec­tion Day it­self. An­drew Ap­pel, a Prince­ton com­puter science pro­fes­sor and lead­ing ex­pert on elec­tion cy­ber­se­cu­rity, once pub­licly demon­strated how. Armed with a screw­driver, some lock-pick­ing tools and a few fake seals, he opened a panel on the ma­chine and swapped out the chips. It took him seven min­utes. Rus­sian agents could con­ceiv­ably bribe any of hun­dreds of lo­cal elec­tion of­fi­cials, em­ploy­ees or con­trac­tors who have ac­cess to vot­ing ma­chines at some point to per­form this task.

The Shoup­tron­ics can also be at­tacked on­line—no phys­i­cal ac­cess needed. Such a hack would tar­get the soft­ware that la­bels the vot­ing but­tons. Vot­ers make their se­lec­tions on the ma­chine by press­ing rec­tan­gles on a poster-sized printed bal­lot mounted over the ma­chine’s front panel. Push­ing on the rec­tan­gle in turn ac­ti­vates phys­i­cal but­tons on the ma­chine it­self, which reg­is­ter the vote. For each elec­tion, of­fi­cials pro­gram the ma­chine to match the ap­pro­pri­ate rec­tan­gles on the poster to the but­tons on the ma­chine. If there’s a mis­match, the vote won’t be counted prop­erly.

The pro­gram that maps the but­tons to the printed poster is a com­puter file that’s en­tered into the ma­chine just be­fore the elec­tion via an­other one of those 1980s video game–style car­tridges. That file is cre­ated on the com­puter of a county of­fi­cial or em­ployee, or that of a con­trac­tor. That com­puter is al­most cer­tainly con­nected to the in­ter­net, and it would al­most cer­tainly be hack­able. And therein lies the vul­ner­a­bil­ity.

Get­ting into the but­ton-pro­gram­ming file would re­quire lift­ing the pass­word of al­most any em­ployee in the or­ga­ni­za­tion, of­ten just by try­ing the eas­ily guessed pass­words that many peo­ple still use. Hack­ers can also send a phony but con­vinc­ing-look­ing “phish­ing” email that tricks re­cip­i­ents into giv­ing up their pass­words. That’s just what hap­pened in Bucks County in Septem­ber last year: A county em­ployee was re­port­edly fooled into click­ing on an in­fected at­tach­ment by a phish­ing email that ap­peared to come from a Penn­syl­va­nia state agency. The em­ployee’s com­puter then, on its own, sent the ma­li­cious email and at­tach­ment to an es­ti­mated 700 county of­fi­cials and em­ploy­ees. The county claimed the prob­lem was con­tained, but there’s no way to be sure what in­for­ma­tion or soft­ware may have been com­pro­mised.

Al­ter­na­tively, a hacker could get to the com­puter of any­one in­volved in set­ting up or print­ing the bal­lot

P. 10

VOTE COUNTS Clock­wise from top: polling booths in Penn­syl­va­nia; stick­ers for vot­ers; Trump, who has dis­puted re­ports of Rus­sian hack­ing, at a cam­paign rally in Penn­syl­va­nia.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.