Americans will remember the 2016 U.S. Presidential Election as one of the most controversial in our history. Yet, debate extended beyond the fitness of the candidates. The threat of cyberattacks vexed the government and citizens alike. However, threats that haunted the public differed from those that could have influenced the election. Domestic manipulation threatened vulnerable voting systems more than foreign cyberattacks. Did prevention and deterrence prevail? Will this success continue?
Pre-Election Anxiety
In September, the Department of Homeland Security (DHS) reported that hackers targeted the voter registration systems of more than 20 states. Offering no information on the origin, the National Association of Secretaries of State disclosed that data collection appeared to be the motive in at least two of the incidents. The DHS made this announcement amid increased public anxiety regarding hackers potentially altering election results.
DHS Secretary Jeh Johnson encouraged state election officials to increase the security of polling systems, specifically advising against connecting voting machines to the Internet. He also urged state officials to request additional security resources, including on-site vulnerability assessments and assistance with improving cyber security within their voter registration systems.
By November 4, all 50 states requested DHS aid.
Registry Compromise
While local and state governments sought responses to potential threats, private cybersecurity organizations also worked to prevent voter registration database hacks. According to Dave Monnier, a cyber intelligence expert from Team Cymru, “There was already a widely known historical trail of vulnerabilities that could compromise our current voting systems.” “In 2008, compromises were verified against both the Obama and McCain campaigns. The reality is, this isn’t anything new, and it has been a rapidly evolving threat, not only against our voting system, but the candidates as well.”
While many citizens worried foreign interests were seeking to influence the election, the first cases of substantiated hacking attempts solely involved registration systems, which are separate from vote casting or counting. Those breaches posed no direct risk to election results.
“The perception of a large majority of the population is that the presidential election could be compromised due to cyberattacks performed by nation state actors,” explained Monnier. “This is improbable. The electronic voting system is designed to be a stand-alone system, not connected to any internet connection.” Armed with this knowledge, election officials can steer prevention tactics toward risks that are more likely to occur, such as compromising voter registries.
Voter Targeting
In 2008, cyberattackers successfully exfiltrated campaign donor records, travel schedules, movement activity, and various monetary details linked to the Obama and McCain campaigns. Candidate targeting has likely advanced since that time. “In many cases, this is the easy backdoor cyber method to having a greater impact on an election, rather than attacking the voting system itself,” said Monnier.
Once hackers breach systems and obtain confidential details, limited options for recourse exist. The DHS and FBI worked with the 2016 campaigns to prevent these attacks and educate the candidates. In many cases, cyber-attackers direct efforts towards lower priority individuals on campaigns, such as aides with access to confidential information. Accessing registry databases provides attackers with extensive personal profile data in a single breach.
Software Obfuscation
To verify that a human being actually cast each vote, today’s voting systems were designed on a closed platform. Vote reporting often relies on an antiquated custodial process that may employ physically collecting and transporting log data stored on unencrypted USB flash drives. No official standards govern how states select monitors and handlers. At nearly every stage, from casting to counting, insecurity could persist. “What if that person were directly targeted months before an election? What if that assigned individual made an unexpected stop or executed an expedited modification of the USB data?” asks Monnier.
In December 2004, Clint Curtis, a computer programmer, stunned members of the U.S. House Judiciary Committee when he testified about a prototype program designed to flip an election vote.
“It would flip the vote from 51 percent-49 percent to whoever you wanted it to go, and whichever race you wanted it to win,” clarified Curtis. He also explained that the program was undetectable unless the source code itself was examined. While Curtis specified that he had no knowledge of any specific intention for the program’s misuse, he later demonstrated a possible scenario at a National Election Reform Conference, supporting the need for a more effective voting system – one that produces a tracking trail or chain of custody.
System Vulnerability
Most active electronic voting machines rely on software owned by Election Systems & Software (ES&S), which acquired Diebold in 2009. Prior to this transition, experts revealed that, not only were content and audit logs easily manipulated, Diebold staff was well aware of the problem. Ironically, leaked internal emails acknowledged that a malicious actor could affect results by changing the contents of a memory card by remotely establishing a connection or simply bypassing a password prompt.
In May 2004, California Secretary of State Kevin Shelley banned over 14,000 Diebold electronic voting machines over four counties, even including machines already used in previous elections. Opponents of Diebold’s systems complained that the replacement machines were actually less secure, increasing the possibility of hacking. Following further recommendations from election officials, Shelley banned all Diebold voting machines, with the exception of those with a paper trail or similar verifiable tracking of votes.
Domestic Fraud
Analysis of recent elections anomalies suggests that the most probable election threats are far less sophisticated than malicious cyberattacks. For example, following the 2004 Presidential election, Congressman John Conyers (D-MI) presided over House Judiciary Committee hearings on alleged voting machine abuse and manipulation. Conyers’ Report found that electronic vote manipulation, in addition to arbitrary and illegal behavior by elected and appointed election officials, disenfranchised tens of thousands of voters, changing Ohio’s results.
During the 2008 Democratic Primary, 80 of the 6,106 voting districts, including Harlem, reported zero votes for Barack Obama. Election officials denied any fraudulent activity and instead blamed the inconsistencies on human error caused by election night pressures.
More recently, in 2012, Mitt Romney’s defeat of Rick Santorum defied statistical possibility. Results indicated Romney consistently earned vote shares directly correlated with precinct population. As precinct size increased, so did Romney’s vote percentage, defying natural behavioral patterns. No other candidate saw such a trend.
Post-Election Vigilance
Though relieved to awaken in a world absent dire cyber headlines, vigilance must persist. Justified praise goes to civilian and military training and preparedness for preventing major election cyber-attacks. Nevertheless, the possibilities of successful minor, undetected, or unreported, cyber-attacks remain, including in local and Senate elections to which far less attention is paid. Additionally, statistical anomalies could emerge as results are analyzed.
Banks often use microchips in credit and debit cards for added security. However, voting systems largely depend on less secure and sometimes antiquated processes. Monnier notes that “instead of issuing a simple piece of paper stating you voted, we should prioritize the voting process with proximity to how we prioritize our banking system. Every vote is a critical transaction that impacts all of us.”
Despite the success of public and private sector personnel and protocols, Americans should continue their vigilance. Election vulnerabilities with inadequate safeguards remain.
The President-elect has vowed to restore cyber safety to our electoral system and beyond. The Innovation Intelligence Institute welcomes this early focus and will soon present recommendations here on The Cipher Brief for even deeper nationwide partnerships to achieve this enhanced security – for both our communities and our country.