Recent hacks of the Democratic National Committee, the Democratic Congressional Campaign Committee and election databases have increased fears that cybercriminals will try to interfere with the upcoming U.S. presidential election.
Concerns leading up to election day on November 8 could have a real impact on voter turnout, according to a study from cybersecurity firm Carbon Black. More than one in five registered U.S. voters may stay home on election day because of fears about cybersecurity and vote tampering, the study — an online survey of 700 registered voters aged 18-54 — found.
“If someone with a keyboard and mouse can literally create this doubt in the process itself, that’s a tremendous amount of power over a country like ours,” said Carbon Black chief security strategist Ben Johnson.
Go to the polls and use a paper vote whenever possible, said Johnson.
“The paper trail is important,” he said. “The voting machines are known to have vulnerabilities, or there’s risk that they could be manipulated.”
There has been no indication that technology in previous elections has been tampered with, but 56 percent of those surveyed said they are concerned that this year’s election will be affected by hacking or a cyber attack. Most (58 percent) believe the greatest vulnerability lies in electronic voting machines and more than a third (36 percent) believe their voting information is insecure.
Respondents believe a U.S. insider threat poses the most risk (28 percent), followed by Russian hackers (17 percent) and then the candidates themselves (15 percent), the survey found.
It may seem a little surprising that voters rank hack attacks from inside the U.S. above nation state attacks, but this reflects both the polarized nature of this year’s election and the reality of where the greatest threat is likely to come from. Americans have the most riding on the election results, and more access to voting machines, said Johnson.
The state with the most vulnerability to hackers and doubts around the election outcome is Pennsylvania, said Johnson. It uses mostly electronic voting machines, many of which do not have a paper trail, and it is also a swing state.
“If I was a 400-pound hacker sitting on a bed, I would target Pennsylvania,” he said.
Though both candidates have said they will accept the election results, if evidence of a hack attack emerges, experts believe all bets are off.
“Between Trump and what happened at the DNC — both sides — whichever one loses is going to be crying foul,” said James Scott, a senior fellow at the Institute for Critical Infrastructure Technology.
The specter of a long drawn-out fight over election results in one of the most controversial contests to date hovers over the nation.
The electronic voting machine considered most vulnerable to attack in the 2016 election is known as a “direct-recording machine,” many of which run outdated operating systems such as Windows XP, which Microsoft has not patched since April 2014, according to Carbon Black. One silver lining is that some states that use these voting machines tether them to a voter-verified paper audit trail, an additional security layer, letting voters verify their ballots.
It is too late for a complete overhaul of the electronic voting system this time around, so the most important thing is to raise awareness of the risks so we can attempt to mitigate them, said Johnson. Going forward, cybersecurity experts say a broader discussion is needed — at the federal level — to decide how to build machines designed for casting and tallying votes without any of the flaws that exist in the current machines.