You should be worried about the November election. Not so much that the candidates you support won’t win, but about the risk that the “winners” may not really be the winners, due to hackers tampering with the results.
Or, that even if the winners really are the winners, there will be enough doubt about it to create political chaos.
This is not tinfoil-hat conspiracy theory. The warnings are coming from some of the most credible security experts in the industry.
Richard Clarke, former senior cybersecurity policy adviser to presidents Bill Clinton and George W. Bush, wrote recently in a post for ABC News that not only are US election systems vulnerable to hacking, but that it would not be difficult to do so.
“The ways to hack the election are straightforward and are only slight variants of computer system attacks that we see every day in the private sector and on government networks in the US and elsewhere around the world,” he wrote, adding that, “in America’s often close elections, a little manipulation could go a long way.”
Dmitri Alperovitch, cofounder and CTO of CrowdStrike, said the risks of hostile hackers seeking to tamper with the US election is not only possible but likely.
Adversaries of all types – nation-states, hacktivists and even criminal hackers-for-hire could be taking steps right now to manipulate the election.
Dmitri Alperovitch, cofounder and CTO, CrowdStrike
"Adversaries of all types – nation-states, hacktivists and even criminal hackers-for-hire could be taking steps right now to manipulate the election," he said. "CrowdStrike is currently defending the networks of a number of organizations in the political sphere against these types of intrusions."
And Bruce Schneier, CTO of Resilient Systems and internationally known blogger, author and security guru, said in an interview on Boston’s WGBH radio last month that because the companies that make electronic voting machines aggressively guard their proprietary information, “we don’t actually know how secure these machines are. But the worry that they can be hacked is serious."
Princeton professor Andrew Appel and various students and colleagues have been demonstrating how serious for at least 15 years, especially since the spread of electronic voting machines took off in 2002, following the Bush v. Gore ballot disputes in Florida.
Let’s say Wednesday morning someone said, ‘I hacked the vote.’ We can’t prove it, we can’t disprove it. We don’t know.
Bruce Schneier, CTO, Resilient Systems
They have focused particularly on a design called Direct Recording Electronic (DRE), which Schneier describes as, “like an ATM,” and most of which create no paper trail.
Appel and one of his students demonstrated that they could hack into one of the more popular machines in minutes. Dan Wallach, who worked with Appel as a student and is now a computer science professor at Rice, recently told Politico, “these machines, they barely work in a friendly environment.”
Sign up for Computerworld eNewsletters.