What are the cyberthreats against elections?

US elections 2016

As we close in on the 2016 U.S. presidential elections, the issue of cybersecurity threats is becoming increasingly serious. The not-so-recent hack of the DNC computer network, alleged to be the work of the Russian government, is only a sample of what might be coming, and a reminder of how vulnerable the electoral system, one of the main tenets of U.S. democracy, can be.

There are many ways the elections can be literally tampered—or swayed in directions that will serve the interests of specific domestic or foreign parties—through cyberattacks or online vandalism, and what can ensue is the total loss of trust on the results of the elections and the underlying infrastructure that supports it.

There are so many ways that the elections can be hacked and influenced that we might not even have a solid grasp of the weapons we’re lying around for malicious actors to use. Here are some of the more common types of attacks to look out for.

Information leaks

As we learned in the DNC hack and the dumping of embarrassing Democratic Party emails by WikiLeaks, which happened to be perfectly timed with Hillary Clinton’s declaration of accepting her nomination, data breaches and timely leaks can be very damaging and result in chaotic repercussions. The 19,000 leaked emails, which struck controversy over how the party played favorites in the party’s inner rivalries, stoked a rift between the Sanders and Clinton wings, and resulted in the resignation of Debbie Wasserman Schultz, the DNC chairwoman.

And it is almost beyond doubt that more breaches will happen before we see the end of the elections. Much of the problem, as a Politico article states, has to do with “lax security against hackers, with few if any federal cops on the beat.”

Fact of the matter is, there’s no regulations over the cybersecurity of election campaigns, political operations, and how voter and donor information is stored and secured. Since these campaigns are inherently short-lived, security and cybersecurity spending are traditionally considered as low priority issues. However, much of the information stored in campaign databases are of financial and personal nature, which by all means classifies them as sensitive and personal. And yet they are stored with varying degrees of security and with little or no federal or local oversight.

While data breaches might not directly affect the numbers coming out of the ballots, they can have negative effects on donors and supporters, who will be less eager to take actions that might result in their personal information being compromised and stolen by unwanted parties. This can make it harder for campaigners to raise funds or to garner support for online petitions.

In the wake of the DNC hack, 32 experts from the Aspen Institute Homeland Security Group published a statement, in which they called the hack an attack on “the integrity of the American democracy,” and they called for more serious efforts at the government level to prevent such intrusions against the voting process, adding that “voting processes and results must receive security akin to that we expect for critical infrastructure” such as power grids and the financial industry.

Hacked voting machines and rigged results

Another problem has to do with potential vulnerabilities in voting machines, especially those that use wireless technology. Some states such as Virginia have decertified the devices. Researchers had previously found that anyone within half a mile of the WinVote machines could’ve modified every vote without being detected, and the hack didn’t require much expertise.

The first worry that comes to mind is that the machines can be tampered and the results altered. But while switching voting results is a possible attack, yet it’s not the only way that voting machines can be used to compromise the elections process.

Most of these devices are about a decade old and are running Microsoft Windows XP, which hasn’t been updated since 2014. Experts have demonstrated that the machines are susceptible to malware and denial of service attacks. Machines that work slowly or don’t work can create lots of problems, effectively preventing people from voting.

The possible hacks related to voting machines might be the reason that the voting system isn’t catching up with technological advances, and three quarters of the U.S. will vote on paper ballot this fall. There are more secure voting machines and reliable auditing systems out there, but a lack of money and political will is making their adoption slow. Only a handful of states have upgraded this year.

Despite all the vulnerabilities associated to voting machines, there’s scant precedence of electronic ballots being hacked. And despite the possibility of Russia being behind the DNC hack and other elections manipulations, experts believe it’s less likely that Kremlin will actually want to directly manipulate numbers.

However, having technology that makes the voting and counting process reliable is very crucial. Republican candidate Donald Trump suggested earlier that the election results can be rigged. If the voting infrastructure can’t maintain its own integrity and can’t guarantee that there was no tampering, possible post-elections allegations can trigger political and social strife.

Spam and disinformation campaigns

Other possible cyber-attacks can be lower level hacks, which do not directly affect candidates, campaigns or results, but can have a flooding effect if pulled off in time. Such attacks would include stealing candidates’ internal strategy documents, or messing with campaign schedules and deceiving voters about when polls are open.

Thanks to the internet, these types of attacks can be staged not only by local pranksters and vandalizers, but also by foreign hackers thousands of miles away. Imagine a compromised campaign Facebook account suddenly changing event locations and timings, misinforming thousands of participators and preventing them from attending the event. Or in another scenario, imagine a compromised campaign email account that starts sending profanity or badly-timed and deceiving content to mailing lists.

In his interview with Bloomberg, famous Latin American hacker Andrés Sepúlveda described how—among other tactics—he used spam and disinformation to sway election results in favor of his employers’ candidates of choice in a number of South American countries.

While the effects might seem minimal, they can have decisive effects in particular situations, such as swinging the results in jurisdictions where a close race is underway.

Threats looming ahead

Elections are an inherent and vital element to the survival and growth of any democratic society, so it should be among our utmost priorities to ensure and protect its integrity, and deal with the potential threats it faces. In the meantime, we should also work toward making sure that this valuable achievement of human history can keep pace with technological advances without becoming subject to compromise and threats. I personally think it’s a shame that we can’t put away paper ballots because we can’t ensure the security of electronic voting.

This is far from a full, detailed compilation of the dangers that the upcoming elections face, just my initial thoughts for a more detailed piece that I will write soon. I welcome readers to detail and debate other possible threats that we must be wary of from now till November. In a future article, I will also be tackling the solutions to possible threats being posed to the elections, so I’m looking forward to your thoughts and comments in this regard as well.


Leave a Reply to What it takes to secure the elections | TechCrunchCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.