I’m not particularly well versed enough to comment on that specific election.
I was speaking to voting machines in general. For reference, I work in I.T. and hold a current A+ and Security+ certification (https://www.comptia.org/). I don’t intend to show proof as I wish to remain anonymous.
From what I have been able to gather, these voting machines have severe security deficiencies. I’m more versed on older models from around 2006-ish. However these voting machines were taken to Defcon (a large cyber security convention), and what I was hearing about them was not particularly great (https://www.cnet.com/news/privacy/defcon-hackers-find-its-very-easy-to-break-voting-machines/). Hoping one of these years, I’ll be able to attend.
To speak about the older models, they lacked many anti tamper protections. There was one well known exploit were you could set the votes for a candidates negative before elections began. Ie, candidate A start with -3 votes, you vote for candidate A, they now have -2 votes. I believe I’ve heard of a candidate getting negative votes in the wild, however take that with a grain of salt because I’m going off memory and I was struggling to pull up any sources.
These voting machines also did not use any cryptographic methods to protect the vote count such as encryption or hashing (https://en.wikipedia.org/wiki/Hash_function). That means on the system that would count up all the votes between districts, it was possible to change the vote counts in a fraction of second using a tool like this (https://shop.hak5.org/products/usb-rubber-ducky) because the votes were stored in a plain text .csv file. Note that tools like the rubber ducky were not publicly available when these models were first put into use, but were known to be used by organizations such as the NSA and Russia. See (https://www.youtube.com/watch?v=e_f9p-_JWZw) for a walk through on how a tool like this could have been used.
Additionally, the closed source nature limits the publics ability to scrutinize these system. Originally it took a hacker breaking into an insecure ftp server that had accidentally been exposed to the public internet, to discover the source code and the lack of security protections involved. I also believe that many of the security verification process that was supposed to be run on these systems, was often skipped to cut down on costs. However I’m recalling from memory and the source is likely so buried, it would take me a week of studying to find.
In summery, our current voting system is poorly maintained and it would be easy for a state actor like Russia to fiddle with votes. Because of this, I take the results of any election with a grain of salt. I hope one day that our government would focus more on securing our elections, than spying on our citizens.
While you are correct that the cybersec practices on voting machines are embarrassingly bad, we don’t actually rely on them for the integrity of our elections in most districts. They are a convenience more than anything else, and at the first sign of any possible tampering, we can audit against paper ballots that get printed off the voting machines (which if you start altering those, it only takes one person to notice somethings off and the jig is up)
Even with their shit security, an attack would be exceedingly difficult to pull off. The machines are airgapped and audited, so you need physical access without supervision which by itself is a tall order. Then, consider that you will need to compromise dozens of machines at minimum to swing even the lowest turnout national election for the most obscure position. Finding enough people willing to risk a federal pound-me-in-the-ass prison felony charge that are smart enough to do the job and not get caught is going to be a challenge too, because if one person gets caught, then once again, the jig is up.
What is far more realistically dangerous is convincing people that the election was compromised when it wasn’t. This gets you way more bang for your buck because it’s so much easier to do, and is the primary reason I think that nobody really bothers trying to compromise the voting machines.
The main point I’m trying to make is that compromising voting machines is not the hard part of rigging an election. It would require a conspiracy so complicated, that I’m not convinced there’s any group on earth that could successfully pull it off. Set aside cybersec arguments for a moment:
Let’s assume the worst case for security, that there is one machine per state that you can easily compromise to alter election results. This alone is doing a lot of lifting for this example.
Now, you have to cross your fingers and hope that the election is close enough that you can fudge the overall result without raising suspicion
Prior to the election, you have to plan which states to compromise, and what districts you will target for altering votes. You can only really do this in swing states and swing districts. It is usually not clear until very close to the election which places will be optimal.
Because you are at the mercy of RNGesus as for where you can compromise, you have to compromise a lot of extra states ahead of time to eliminate risk that you didn’t get enough swingable ones to pull of your plan. This increases head count and creates more liability.
If you swing any given district too far, you can raise suspicion and trigger a recount. If one district raises the alarm, the rest will follow. If you only compromised central machines and not the voting machines and ballots themselves, you fail.
If you can’t find enough districts to subtly alter, you fail.
Let’s assume you prepared for point 4 and compromised voting machines themselves. This requires massively more people involved, and if only one person gets caught, you fail.
To extend 6. every person involved in your conspiracy is a liability. A single double agent gets in your ranks? Fail. Somebody flakes? Fail. Somebody grows a conscious or gets busted and rats you out? Fail.
While yes, theoretically you could overcome all those obstacles, you’d have to get miraculously lucky and you’d need to not get busted for quite a long time after the election. Why even bother when you can just pay a few bucks to the right people and get news channels to convince the voters to put your guy in charge without committing any voter fraud at all?
Now all that said, I absolutely support improved election security. If nothing else, it will make it much harder to spread FUD about election integrity.
I’m not saying an attack can’t be done, or that it won’t happen. Honestly, I’d be very surprised if it doesn’t and I fully agree with you on the additional security measures.
What I am saying is that it’s very unlikely we wouldn’t find out what’s going on before the results are set in stone at any scale larger than the tiniest local elections (which if you altered a bunch of local elections enough to exert influence, you run into the same issue of being easily detected). This would still be massively damaging to the election process, especially if the attack goes deep enough to require the election to be re-run, but not the end of our democracy.
I’m not particularly well versed enough to comment on that specific election.
I was speaking to voting machines in general. For reference, I work in I.T. and hold a current A+ and Security+ certification (https://www.comptia.org/). I don’t intend to show proof as I wish to remain anonymous.
From what I have been able to gather, these voting machines have severe security deficiencies. I’m more versed on older models from around 2006-ish. However these voting machines were taken to Defcon (a large cyber security convention), and what I was hearing about them was not particularly great (https://www.cnet.com/news/privacy/defcon-hackers-find-its-very-easy-to-break-voting-machines/). Hoping one of these years, I’ll be able to attend.
To speak about the older models, they lacked many anti tamper protections. There was one well known exploit were you could set the votes for a candidates negative before elections began. Ie, candidate A start with -3 votes, you vote for candidate A, they now have -2 votes. I believe I’ve heard of a candidate getting negative votes in the wild, however take that with a grain of salt because I’m going off memory and I was struggling to pull up any sources.
These voting machines also did not use any cryptographic methods to protect the vote count such as encryption or hashing (https://en.wikipedia.org/wiki/Hash_function). That means on the system that would count up all the votes between districts, it was possible to change the vote counts in a fraction of second using a tool like this (https://shop.hak5.org/products/usb-rubber-ducky) because the votes were stored in a plain text .csv file. Note that tools like the rubber ducky were not publicly available when these models were first put into use, but were known to be used by organizations such as the NSA and Russia. See (https://www.youtube.com/watch?v=e_f9p-_JWZw) for a walk through on how a tool like this could have been used.
Additionally, the closed source nature limits the publics ability to scrutinize these system. Originally it took a hacker breaking into an insecure ftp server that had accidentally been exposed to the public internet, to discover the source code and the lack of security protections involved. I also believe that many of the security verification process that was supposed to be run on these systems, was often skipped to cut down on costs. However I’m recalling from memory and the source is likely so buried, it would take me a week of studying to find.
In summery, our current voting system is poorly maintained and it would be easy for a state actor like Russia to fiddle with votes. Because of this, I take the results of any election with a grain of salt. I hope one day that our government would focus more on securing our elections, than spying on our citizens.
Thank you for explaining. If I understand you correctly, you make a similar point as John Oliver does here.
just finished watching it. That video is spot on (and the information is a little more current).
While you are correct that the cybersec practices on voting machines are embarrassingly bad, we don’t actually rely on them for the integrity of our elections in most districts. They are a convenience more than anything else, and at the first sign of any possible tampering, we can audit against paper ballots that get printed off the voting machines (which if you start altering those, it only takes one person to notice somethings off and the jig is up)
Even with their shit security, an attack would be exceedingly difficult to pull off. The machines are airgapped and audited, so you need physical access without supervision which by itself is a tall order. Then, consider that you will need to compromise dozens of machines at minimum to swing even the lowest turnout national election for the most obscure position. Finding enough people willing to risk a federal pound-me-in-the-ass prison felony charge that are smart enough to do the job and not get caught is going to be a challenge too, because if one person gets caught, then once again, the jig is up.
What is far more realistically dangerous is convincing people that the election was compromised when it wasn’t. This gets you way more bang for your buck because it’s so much easier to do, and is the primary reason I think that nobody really bothers trying to compromise the voting machines.
deleted by creator
The main point I’m trying to make is that compromising voting machines is not the hard part of rigging an election. It would require a conspiracy so complicated, that I’m not convinced there’s any group on earth that could successfully pull it off. Set aside cybersec arguments for a moment:
Let’s assume the worst case for security, that there is one machine per state that you can easily compromise to alter election results. This alone is doing a lot of lifting for this example.
Now, you have to cross your fingers and hope that the election is close enough that you can fudge the overall result without raising suspicion
Prior to the election, you have to plan which states to compromise, and what districts you will target for altering votes. You can only really do this in swing states and swing districts. It is usually not clear until very close to the election which places will be optimal.
Because you are at the mercy of RNGesus as for where you can compromise, you have to compromise a lot of extra states ahead of time to eliminate risk that you didn’t get enough swingable ones to pull of your plan. This increases head count and creates more liability.
If you swing any given district too far, you can raise suspicion and trigger a recount. If one district raises the alarm, the rest will follow. If you only compromised central machines and not the voting machines and ballots themselves, you fail.
If you can’t find enough districts to subtly alter, you fail.
Let’s assume you prepared for point 4 and compromised voting machines themselves. This requires massively more people involved, and if only one person gets caught, you fail.
To extend 6. every person involved in your conspiracy is a liability. A single double agent gets in your ranks? Fail. Somebody flakes? Fail. Somebody grows a conscious or gets busted and rats you out? Fail.
While yes, theoretically you could overcome all those obstacles, you’d have to get miraculously lucky and you’d need to not get busted for quite a long time after the election. Why even bother when you can just pay a few bucks to the right people and get news channels to convince the voters to put your guy in charge without committing any voter fraud at all?
Now all that said, I absolutely support improved election security. If nothing else, it will make it much harder to spread FUD about election integrity.
deleted by creator
I’m not saying an attack can’t be done, or that it won’t happen. Honestly, I’d be very surprised if it doesn’t and I fully agree with you on the additional security measures.
What I am saying is that it’s very unlikely we wouldn’t find out what’s going on before the results are set in stone at any scale larger than the tiniest local elections (which if you altered a bunch of local elections enough to exert influence, you run into the same issue of being easily detected). This would still be massively damaging to the election process, especially if the attack goes deep enough to require the election to be re-run, but not the end of our democracy.