From the compromise of voting machines to the recent hacking of the Democratic National Committee emails, you have surely heard concerns about the possible rigging of this already bizarre US election. Even Secretary Hillary Clinton’s unauthorized email server may have been compromised.
For six elections, I was a Chief Election Judge in Anne Arundel County, Maryland. What I saw gave me pause, and when I raised my concerns, I was told that the systems were completely safe and protected. The system was allegedly too isolated and technical to compromise. I hear my friends at DefCon snickering now. This is what we were told about the telephone systems back in the ’60s and ’70s. Who’s laughing now?
I’m not sure which kind of background check is performed on election judges, but I’m sure most hackers and cyber warriors would pass it. The electronic machines used in Maryland have since been scrapped, because the machines were allegedly switching Republican votes to Democrat in some precincts. Election officials called it a “calibration error.” This reportedly happened in Ohio, Nevada, Kansas, North Carolina, Missouri, Colorado, and Illinois. Election fraud in Chicago? Who would believe? Was this a systemic error? Sabotage? Fraud? Was anyone held accountable? Would they tell us if they knew?
Multiple ways of changing votes are possible:
- Changes can be made to the voting machine software itself. How many Easter Eggs have been found in reputable commercial software throughout the years that no one knew about even after rigorous testing?
- Our Maryland voting machine placed the voting data on PCMCIA cards in the machine. The Republican and Democratic Chief Judges would pull the cards together and hand-deliver to election headquarters. A conspiracy of only one or two could change an entire precinct by altering or replacing the cards.
- Cards were then loaded into a central machine for counting. Software in the central machine could be compromised, or an insider threat could possibly modify counts.
There is also the influencing of elections by traditional hacking of websites, social media, and email systems. This could be done by Hacktivists, nation states, kids, or even a campaign staffer.
Exposing back room, dirty politics and posting false stories on social media has had a great influence on this election. It appears that nation states and others are already trying to influence our 2016 election in this manner.
The bad news is that elections are controlled not by the Feds, but by state and local governments. In my experience, unfortunately, state and local governments lack the necessary resources and expertise to evaluate and operate sophisticated cyber systems. Every jurisdiction is different, with different expertise, resources, and rules.
Even if election officials discovered a significant compromise to their system, do you think they would tell us? Think about the ramifications and what is at stake. A new election could be called, and jobs and money could be lost – not to mention the potential loss of confidence in our democratic system.
But don’t worry. It’s much too complicated for anyone to compromise or influence our voting systems.
Jim Christy is VP of Investigations and Digital Forensics at Cymmetria.