There's No Way to Know How Compromised U.S. Elections Are

It’s not really all that hard to hack American democracy.

That fact should be driven home by a recent article from The Intercept detailing the contents of a highly classified NSA report that found evidence of a massive Russian cyberattack on voting software and against over 100 election officials. While the NSA concluded the attack was carried out by the most sophisticated of hackers—the Russian military—their entry methods were relatively vanilla. They gained access to the credentials and documents of a voting system vendor via a spear-phishing attack, and then used those credentials and documents to launch a second spear-phishing attack on local elections officials, which if successful could have compromised election officials’ systems and whatever voter data they possessed.

Recent reporting by Bloomberg has supplemented these reports, showing that such attempts by Russian hackers spread across 39 states. Some of the most extensive efforts came in Illinois, where hackers gained access to the whole state database and as many as 90,000 records including identifiers like partial Social Security numbers, driver’s license numbers, and names. The potential damage to the integrity of the actual vote was limited by the fact that the state database was merely a top-level aggregation of county-level databases and data entry, but Illinois was a disturbing proof-of-concept.

Russia’s intrusions were instructive. While it’s unclear just how many records they accessed or how deeply they’d compromised systems that could actually electoral outcomes, their probing illustrated how easily elections infrastructure is compromised—and also how officials might not have any idea just how compromised it already is. Using social engineering and phishing, they reached every level of the voting infrastructure, from the private vendors that create electronic ballots to state coordinators and local officials. And according to Bloomberg, the main reason intelligence officials know about that systematic attack was only because a contractor for the Illinois state board of elections noticed an unauthorized download of voter data.

So we found out about that attack, but might there be others? The splintered digital infrastructure across and within states; the use of multiple vendors; the overlapping interfaces between municipalities, counties, and states; and the reliance on of volunteers for data entry and verification in both registration and voting mean that there are literally thousands of entry points to compromise elections in each state.

Another case study is the state of Georgia, where organizations have filed lawsuits against the state over the security of its elections in advance of the special election in the 6th Congressional District. A June 14 Politico investigation revealed just how insecure the entire system is, and how much more insecure it was in the past. Last August, cybersecurity researcher Logan Lamb probed the Kennesaw State University’s Center for Election Systems—which programs voting machines for the entire state—and found a structure that basically begged to be hacked.

It had no password protection, and was available on a public site without encryption and lacking even basic security updates. Lamb found millions of registration records, credentials for the central elections server, files for the electronic ballot equipment, and database information for the Global Election Management Systems (GEMS) used by many states for preparing ballots and counting votes. In other words, with rather basic tools that fall well outside the realm of sophisticated “hacking,” as it is known, Lamb would have had a wide-open entry point to disrupting Georgia elections last fall, had he been a malicious actor.

Employees at the Kennesaw State Center for Election Systems have shored up the more obvious security flaws since Lamb notified them—setting off a statewide panic about a compromised vote in the process—but pressing structural issues exist, and are currently under review in court. Outside analyses have found the center’s private network to be carelessly maintained by non-technical staff, and have found some evidence that voting systems currently in place might have been accessible on the public internet. Since some elections equipment still uses older versions of Windows software that are completely vulnerable to modern malware, even a single mixup in public and private networks—and there appear to have been many possible mixups—could have thoroughly compromised every ballot in the state at any time since the national move to more comprehensive electronic voting in 2002.

Between human error, human vulnerability to schemes like phishing, gaping flaws in security infrastructure like Georgia’s, and the well-documented security exploits and errors in the software of electronic voting systems themselves, it seems unlikely that there haven’t been intrusions in local, state, or national elections before, or that valuable voter data hasn’t already ended up in unsavory hands. In a world where even relatively secure systems face hacks and hacking schemes are becoming bolder and more complex, it almost beggars belief to think that the staggering weakness of electronic voting in the country hasn’t already been exploited.

To what extent and to what end those exploits could be used to actually affect the outcome of national elections are still open questions. Many experts still believe that it’s unlikely for such efforts to meaningfully affect presidential elections, and the chances of actual votes being changed are still very low. The decentralized and incoherent nature of American voting systems actually plays out in favor of security, because of the enormous effort it would require to hack enough individual systems to change national outcomes. And there’s not yet any evidence that Russian hackers, or those of other origins, have altered even a single vote; that itself may be instructive.

But well-targeted local and state campaigns can move some needles politically. Gumming up the works on Election Day, causing errors leading to long lines and lower turnout, forcing volunteers to use backup systems, and casting doubt on individual registrations are other possible uses of hacking. There is already plenty of evidence that these problems do affect turnout and perhaps electoral outcomes. Additionally, the sheer likelihood of identity theft at the ballot could—and should—give voters pause on Election Day. And if those kinds of attacks are—or were—executed successfully, they’d be by design  very difficult to trace.

While the public eye is still turned towards intrusions by Russians or other state actors in American elections, the parties most likely to benefit from hacking are still American political actors, many of which control or have direct interfaces with voting systems. Morally dubious Election Day practices—like voter intimidation and ballot challenges—are already regularly employed in the pursuit of partisan advantage, often to the point of illegality. Wreaking havoc with electronic voting systems could simply be a new addition to a long tradition of less-than-democratic means of electioneering. Indeed, it might already have been.