US election: Experts keep watch over ‘hack states’ – BBC News
“Unless the election is extraordinarily close, it is unlikely that an attack will result in the wrong candidate getting elected,” suggest Matt Bernhard and Professor J Alex Halderman, security experts from the University of Michigan.
But they say the risk the election process could be disrupted by hackers should be taken extremely seriously.
In the run-up to the big day, the US Department of Homeland Security (DHS) has been carrying out “cyber hygiene” tests on voting systems across the country. Officials are confident in the technology, but there are weaknesses that have security professionals standing by on election day ready to step in if irregularities are spotted.
The task facing any hacker isn’t insignificant. In the US, voting is done via electronic booths, the vast majority of which are not connected to the internet.
Furthermore, different states, and areas within those states, use different systems – a logistical headache but something of a security godsend, as a fractured system is much harder to attack en masse.
But any would-be election hacker wouldn’t need to target the whole country, or even an entire state. Instead, finding methods to implant minute differences, in areas which promise to be a close-run battle, could both affect the national picture and be difficult to detect.
And so just as candidates target swing states that could go either way, so too could hackers be looking at “hack states” to target.
“Two out of the last four presidential elections were so close that a change of a few counties in one state would have changed the result of the national presidential election,” said Andrew Appel, professor of computer science at Princeton University, in an interview with BBC News.
“It’s not necessary to cheat in 9,000 different jurisdictions. If the election is close in just one state, changing several tens of thousands of votes might be enough.”
Prof Appel is part of a team of cybersecurity experts that will be working together on Tuesday to advise election officials on cybersecurity-related matters – helping to identify genuine attacks from, say, just your bog-standard computer glitch, of which there may be plenty.
“There may be questions about some piece of machinery that is showing some symptom,” he explained.
“Does that look like a hack or is that normal? That kind of question.”
Any security audit, whether it’s to protect a company or a property, focuses on the points of weakness. And in this election, the points of weakness are the electronic voting booths.
The greatest concern of the group, which is mostly a mixture of academics and security professionals, is that the security in place on voting machines in some crucial areas just isn’t up to scratch.
For starters, 10 states use touchscreen-only voting machines, an immediate concern.
“You touch the screen and indicate the candidate you want,” explained Prof Appel.
“There’s no paper involved, and at the end of the day it indicates how many votes the candidate got. There would be no way to tell if it was done fraudulently.”