Breach podcast: Step 3, election hacking: Voting machines
The worst mistake you can make is not voting. The second-worst is ... accidentally voting for the wrong person. So read those voters pamphlets, and news stories about HOW you'll be voting, and be prepared!
Still, there are other ways your vote can be screwed with on election day. For more, listen to my podcast. Or keep reading.
Just click play above, or listen to the podcast on Stitcher
or on iTunes
(What is this? Go back to the beginning)
U.S. voting machines have been under scrutiny dating back at least to the hanging chads of Bush v. Gore in the 2000 presidential election. In 2002, Congress passed the Help America Vote Act, which gave states money and incentives to abandon old-fashioned voting machines and led to the purchase of electronic machines -- generally touch-screens (DREs) or optical scan / scantron machines (like multiple-choice tests). They've caused a lot of trouble. There have been years of demonstrations showing the machines are vulnerable to various attacks. Vendors often say these are only theoretical, that the machines themselves are not networked so they aren't really vulnerable. Many voting experts disagree.
"What people sometimes don't understand about voting machines is that they're really not as isolated from each other and from internet-attached systems as they may seem," said J. Alex Halderman, director at the Michigan Center for Computer Security in Society, and another long-time voting expert.
For starters, the machines must be loaded with candidates -- somehow.
"Before every election, virtually every electronic voting machine in the country has to be programmed, and it has to be programmed with the ballot design. That is the candidates, the races, and the rules for counting," he said. This is usually done with an election management system. "(Hackers) can potentially spread malicious software to every voting machine in the jurisdiction just by having that software essentially hitch a ride with the ballot programming that election officials copy to the machines in the field."
Harri Hursti was the researcher who first hacked voting machines nearly 15 years ago. His technique actually has a name: "The Hursti Hack."
"What I found was that the bootloader is looking from the memory card a certain file name. If it finds that name, it will reprogram itself with the contents of that file with no checks, balances whatsoever," he said. Some of the same machines he hacked 15 years ago are still being used in elections today. "Sometimes I get a little bit tired (of talking about it)…but it took 15 years before people started listening."
PARTIAL TRANSCRIPT
ALIA: Harri Hursti was the first to figure out how to get into two different kinds of voting machines. Remember, they named it after him, the “Hursti Hacks”. But he considers the DRE the most dangerous for our votes. HARRI: Because what I found was that the bootloader is looking from the memory card a certain file name. If it finds that name, it will reprogram itself with the contents of that file with no checks, balances whatsoever. ALIA: So this is crazy dangerous because even if someone officially reprograms or cleans or updates the DRE machine, it will look completely clean. But every time you turn the machine on, the bootloader is still there running Harri’s file. Again, this was fifteen years ago he figured this out. And these machines are still in use. Do you ever get sick of actually talking about this because this is essentially your life's work.
HARRI: I— I sometimes get a little bit tired, but then again it is — It took 15 years before people started listening. ALIA: Something else I wanted to know while we were in the presence of cybersecurity and hacker folks is, what would they make a machine do once they hacked it? Once they got their malware in it. Like what's the play? Maggie said she wouldn't actually flip anything. MAGGIE: Why instead of switching a, you know, um, a red state to a blue state or a blue state to the red state. Let's— let’s just say orange and yellow for now. I don't really care about politics in this respect. Why wouldn't I instead say, oh, this place is usually orange. I'm going to make it a little more orange this time. And this place is usually yellow, I'm going to make it a little less ye— Or it’s not usually yellow, I'm going to make it a little more yellow this time. So now the numbers say well, it was a very passionate election. A lot of people stepped out to vote who didn't usually. But I would probably not want to do it in such a way that people would think like, would trigger a recount. Right? I just want to do a little here, a little there in a battleground state.
ALIA: I always thought this would be a big overhaul of a hack, but Maggie made me realize it can be super targeted and specific
BOB: Not a million votes, but just a few hundred in carefully selected places could change an election and fly under the radar MAGGIE: Because like one of them falsehoods I've seen is them saying like, well it would be such a massive effort to swing a US election, and I go, that's, no, it's not simply not at all. The Electoral College, these two, that Ohio and Florida had been decided by a few thousand votes in some very well known counties and very well known down to the neighborhood areas. I would just maybe impact things there or impact things slightly away from them so that their’s are more or less important depending on how I want to do it. So, you know, um, this idea that we are, we're protected by our diversity of systems or that we're protected by our size is simply not true in the United States. ALIA: On to some better voting options. MATT: So the best thing that we've got, the best idea that anyone has uh, come up with, and that’s really regarded as the state of the art, is to use systems that don't depend on software. ALIA: That was professor Matt Blaze again, bringing us to our next kind of voting machine.
MATT: And an example of a system for that would be uh, paper ballots, um, optical scan, scantron paper ballots were we recover the actual piece of paper that the voter marked, and can you know — a human being can look at that and see what it was supposed to say. BOB: These are the second option: optical scan machines. Think of the forms with the little bubbles that you fill in. ALIA: Oh yeah, like the scantron test in college. BOB: The reason optical scan machines are preferred is that they have paper. Your scantron ballot is a built-in paper trail.
ALIA: Yeah. In D.C., producer, Jan and I were feeling really encouraged by the optical scan machines while talking to Matt. JAN: Um, can scantrons be hacked? MATT: Sure. Um, yeah, absolutely. Again, those— those machines are computers. BOB: Yeah, I know. I should have mentioned the “Hursti Hack” Harri did fifteen years ago was with an optical scan. Those machines have memory cards too. MATT: But uh, the advantage is that you still leave behind the piece of paper that the voter uh, marked. If you couple that with a system of audits where the, um, we take a random sample of precincts, we hand count the ballots, compare that result to what the uh, scanners um, found. We can get pretty good confidence that the software is working in any given election. ALIA: I thought we'd found the answer. Paper ballots that get optically scanned.
BOB: Well, I think that's precisely the point. If you think you found the solution via technology, you just don't know how it can be hacked yet. HARRI: All voting machines we have today and all welding machines we are going to have in near future probably during our lifetimes are vulnerable and hackable. So let's accept as a fact, and built around auditing procedures. BOB: The mantra you'll hear again and again in the tech community is “there is no such thing as an unhackable technology”. But there can be an auditable system.