Forget the sensational headlines about whether American adversaries online will sway the U.S. election with a major cyberattack. There’s only one thing you need to know when it comes to the issue of whether the presidential election will be hacked: It’s easier to manipulate someone’s mind than a machine.
The news has been rife with suggestions that Russian hackers are trying to influence the US electoral process. First hackers broke into private email accounts of Democratic National Committee members, and then there were reports that cyber intruders broke into voting systems used in Illinois and Arizona ahead of the election. And a few weeks ago, the Obama administration formally accused the Kremlin of interfering with the electoral process (as if it hasn’t already been painful enough).
{mosads}The good news is that because voting constituencies are broken into thousands of jurisdictions, rather than a single centralized system, there’s almost no way hackers can mount a meaningful digital assault on Election Day. And most states (45 to be exact) keep a paper record of their votes so, if anything fishy goes on, officials can sit down later and audit how many votes actually came in for each candidate. Oh, and this won’t be good news for many Republicans, but the election is shaping up to be a landslide victory for Hillary Clinton, which means that even if hackers do launch a small cyberattack against unprepared polling places, they’re not likely to matter much anyway.
Still, the very prospect of a digital attack can create havoc at a more important location: inside a voter’s mind. One way inside there might be by illegally accessing online databases of registered voters.
Today, 32 states allow citizens to register to vote online, and other states enable people to check their registration status with their computer. And it looks like the hackers who accessed Illinois voter files used one of these pages as their toe-hold into the records database. Congress meant well when it unintentionally created this problem in 2002 with the Help America Vote Act, which requires every state to maintain an “interactive computerized” list of all registered voters.
Not all are online, but the ones that are connected to the web are at risk. It’s only a matter of time before someone, either a curious researcher or Russian cyberspy, takes a look around in those databases just because they’re there. And that information, if used for the wrong purposes, actually can be used to move polling numbers by influencing the way people think.
Any loss of confidence in the results of an election could be enough to keep people home. Say, for instance, hackers delete voter names from digital registration databases. When those voters show up at the polls, they’ll be turned away simply because there’s no record to verify they can be there to participate in their civic duty. Or pretend someone impersonating an election official shows up at a university campus or in a lower income community with the stated intention of signing people up to vote. Then, at the end of the day, the “official” simply throws all those forms into the garbage after fooling people into thinking they registered.
Something similar actually happened this year in Virginia, when a group of saboteurs apparently tried to dissuade people from voting by mailing documents suggesting they weren’t properly registered. Luckily, the boneheads apparently targeted deceased voters and others who were smart enough to report the mail to the authorities.
Let’s hope the rest of us remain sharp on Election Day, too.
Shevirah Founder and CTO Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author. Her work in the field of smartphone exploitation has been featured internationally in print and on television. She is the author of “Penetration Testing: A Hands-On Introduction to Hacking”. She has provided technical training such as exploit development and penetration testing at conferences such as Blackhat USA, Brucon, and CanSecWest.
The views expressed by authors are their own and not the views of The Hill.