Compromising vital infrastructure: how voting machines and elections are vulnerable

Compromising vital infrastructure: how voting machines and elections are vulnerable

In our first post in a series about vital infrastructure, we aim to explore how secure our voting machines—and our votes in general—are ahead of the upcoming midterm elections. Here, we ask ourselves: How can our infrastructure be compromised? What are the consequences, and how can we prevent attacks or limit the damage?

The outcome of elections has an enormous impact on the political and cultural landscape of any democratic society. It is that sort of influence which makes the organization of elections, voting machines, voting records, and everything else involved in it vital. In fact, the whole point of a democracy is to let the people decide who they want representing them. This is not a political stance but a moral one. Democrats, Republicans, Libertarians, those who are still undecided—everyone has the right to cast their vote how they see fit.

So, how do we guarantee that the people’s vote is the deciding factor in the elections?

From a methodical and logical standpoint, elections can be influenced in three different phases:

  • Before the elections
  • During the actual voting
  • Afterward, when the votes are counted and the results are determined

Before the elections

This hardly needs any explanation given the discussions we’ve seen around the 2016 presidential elections in the US or the Brexit referendum in the UK. The only boundary that needs to be set here is the one determining who is allowed to influence the opinion of the constituency and which information is acceptable to use. How do we keep foreign nations from influencing our voters when the worldwide web provides trolls, bots, and sponsored influencers with immediate communication, regardless of the distance?

And in a time where politics have become more about the politicians themselves instead of their campaign message, the effects of a smear campaign directed at aspects of a candidate’s personal history or even his appearance will have more effect then arguing about the effectivity of their plans.

From a cybersecurity standpoint, we can only hope that the regulations that have been implemented and the ones that are under construction by social media to fight fake news, remove fake accounts, and apply some sort of bot control will result in people being able to make a fair and well-informed choice. This future looks grim, however, when you think about how quickly technology is outpacing regulation. Imagine what influencer bots and trolls equipped with artificial intelligence and machine learning doing the rounds on social media could accomplish in the current climate.

There is not a lot the voters themselves can do to control the stream of information that comes at them. Of course, you can block everyone that doesn’t agree with you and live undisturbed in your echo chamber. But most people like to hear the pros and cons of a candidate before they form their own opinion.

For that, we ask that you vet your sources and turn to those that have been trusted and established. Television news has become deeply partisan and online political websites often skewer intense blue or red. However, local newspapers often offer comprehensive deconstruction of the candidates, propositions, and measures on the ballot—and many will endorse their favorite candidates in the weeks before an election, only after their policies have been held up to public scrutiny.

Voting machines

Hacking voting machines and websites is not always that hard, and that has been demonstrated many times in the past—including at the most recent Defcon. However, doing so to a degree that will impact the outcome of the election may be too difficult. Pulling off large-scale disruption that doesn’t stand out like a sore thumb would be tricky, but even doing so on a smaller scale can raise questions about the total outcome, which can put the party that benefits the most in a bad light. Also, the multitude of different types of voting machines that are in use will make it hard to force a significant change while going unnoticed.

voting machines hackathon

To remove as much doubt about election results as humanly possible, there is either a need for “hack-proof” voting machines or an alternative method of voting. Do we really want to go back to using paper and pencil like some smaller countries (e.g. The Netherlands) have done? An investigation conducted by the US federal government came to the conclusion that online voting is not yet feasible. The same committee offered paper ballots as the alternative.

“Until there is a major technological breakthrough in or fundamental change to the nature of the Internet, the best method for securing elections is a tried-and-true one: mailed paper ballots. Paper ballots are not tamper-proof, but they are not vulnerable to the same wholesale fraud or manipulation associated with internet voting.”

Even using blockchain technology cannot (yet) get the investigators’ unreserved approval. In their opinion, it fails to resolve the security issues inherent with online voting.

An interesting alternative that has been brought forward is to turn voting machines into printers that print out the vote you cast, which you would then be able to check for accuracy and deposit into a sealed container. The votes in the container can be counted after closing of the votes and the poll could even be compared against the vote count calculated by the machine itself as a way to double-check the result.

After the voting is done

Depending on the method used to total the counts of the polling stations into local, regional, and state results, some type of software is used along the way, even if it is only to calculate numbers. This seems to me the point we should be worried about the most when we are looking for potential hacks. In these systems lies the opportunity to change the total outcome in a significant way without being too conspicuous.

The machines and/or software could become victims of:

  • Penetration attacks or other hacks to change data or the outcome
  • Denial of Service attacks that render the machines useless
  • Malware infections, whether they’re targeted or not

And when looking at a program or platform that gathers results, you will have a hard time imagining that it’s not connected to the Internet in one way or another, otherwise people would have to manually enter the data. Feeding such a machine data by hand is just another way to introduce human errors that may outweigh the effects of manipulation.

Countermeasures

From the above, it should be clear that any countermeasures to reach a higher level of trustworthy election results will have to come from the body holding the election. A uniform procedure would also make it easier to get trustworthy results in a timely manner.

We could encourage candidates to contribute to fair results during the first stage of the elections by focusing on content, rather than trying to disqualify their opponents on a personal level. This would allow moderators of social media to establish a clear difference between the trolls and “official” sources. However, that seems more unlikely than an technical solution, given the current political climate.

Alternative methods for voting should be put to the test before being used to avoid “hanging chad incidents.”

Voting machines should be certified to be secure against tampering, and have software running that actively monitors for and reports any abnormal activity. In addition, they should remain air-gapped during the voting process. Even though air-gapped machines are not 100 percent safe, an attacker would require proximity to the machine to have an influence. And said influence has to be something the security software should be able to pick up.

After the vote, there are several methods that can be used to double-check the results:

  • Differences in the outcome between polling stations should be understandable. If they can’t be explained by natural causes, this should be reason for a manual recount.
  • Random samples should be taken and manually recounted to see if any structural problems can be discovered.
  • Some polling stations could be designated to use paper ballots and used as a benchmark to check other results against. If different methods produce different results, that should be reason for concern and further investigation.

By securing infrastructure such as voting apparatus, we can feel safe knowing that one of the most vital actions we take as a country is protected. Yes, we all need to vote. And we all need to make sure our vote counts.

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.