How the U.S. election could have been hacked

A computer scientist says the only way to know if the U.S. election was targeted by a cyber attack is to check the paper trail.

Paper ballots and voting equipment should be examined in critical states where the vote between candidates Donald Trump and Hillary Clinton was close such as Wisconsin, Michigan, and Pennsylvania, writes J. Alex Halderman, a professor of computer science at the University of Michigan, in a post to Medium. Only a few days remain to ask for a recount or the opportunity to examine the evidence could be lost.

“America’s voting machines have serious cyber security problems,” he writes. “It’s been documented beyond a doubt over the last decade in numerous peer-reviewed papers and state-sponsored studies by me and by other computer security experts.”

Despite not being connected to the Internet, a vulnerability in the machines is created when poll workers copy a ballot design from a desktop computer to removable media to the machine. This could be exploited to install malware by infecting the desktop computer with the payload. “If my Ph.D. students and I were criminals, I’m sure we could pull it off,” Halderman writes.

How the machines might behave when infected with malware is demonstrated in this lab video:

In the 2006 video, Princeton University shows show a Diebold machine could report altered vote tallies if it’s injected with malicious software and that it would be hard to detect after the fact. It features a Diebold machine infected with malware that passes logic tests, including accuracy tests conducted with test votes. When the “real election” phase starts with the machine, it records four votes for one candidate (George Washington in this test) and one vote for Bendedict Arnold. Yet when the results are printed out, the results show Benedict Arnold is the winner, three votes to two. The same result is recorded on the memory card.

“Our software was able to steal votes without being detected,” the narrating researcher says. “The software deletes itself from the machine when the election is over… no evidence remains the machine was hijacked, no evidence remains that the vote was stolen.”

For these reasons and more, Halderman advocates for paper ballots as the best available technology for casting votes. “Paper creates a record of the vote that can’t be later modified by any bugs, misconfiguration, or malicious software that might have infected the machines,” he writes.

Yes, it looks like voting for the President is one area where a paperless society might be a bad idea.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Brian Jackson
Brian Jacksonhttp://www.itbusiness.ca/
Former editorial director of IT World Canada. Current research director at Info-Tech

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now